From ce5f7f6c07aa40137c83b7ceda7e36fc3dd1b2bc Mon Sep 17 00:00:00 2001
From: Andreas Kling <awesomekling@gmail.com>
Date: Wed, 25 Dec 2019 11:44:32 +0100
Subject: Kernel: Use the CPU's NX bit to enforce PROT_EXEC on memory mappings

Now that we have PAE support, we can ask the CPU to crash processes for
trying to execute non-executable memory. This is pretty cool! :^)
---
 Kernel/VM/MemoryManager.cpp | 7 +++++++
 Kernel/VM/Region.cpp        | 2 ++
 2 files changed, 9 insertions(+)

(limited to 'Kernel/VM')

diff --git a/Kernel/VM/MemoryManager.cpp b/Kernel/VM/MemoryManager.cpp
index a3e792d6cb..42c33ae181 100644
--- a/Kernel/VM/MemoryManager.cpp
+++ b/Kernel/VM/MemoryManager.cpp
@@ -167,6 +167,13 @@ void MemoryManager::initialize_paging()
         "orl $0x20, %eax\n"
         "mov %eax, %cr4\n");
 
+    // Turn on IA32_EFER.NXE
+    asm volatile(
+        "movl $0xc0000080, %ecx\n"
+        "rdmsr\n"
+        "orl $0x800, %eax\n"
+        "wrmsr\n");
+
     asm volatile("movl %%eax, %%cr3" ::"a"(kernel_page_directory().cr3()));
     asm volatile(
         "movl %%cr0, %%eax\n"
diff --git a/Kernel/VM/Region.cpp b/Kernel/VM/Region.cpp
index 225095f743..5db615661f 100644
--- a/Kernel/VM/Region.cpp
+++ b/Kernel/VM/Region.cpp
@@ -216,6 +216,7 @@ void Region::remap_page(size_t index)
         pte.set_writable(false);
     else
         pte.set_writable(is_writable());
+    pte.set_execute_disabled(!is_executable());
     pte.set_user_allowed(is_user_accessible());
     m_page_directory->flush(page_vaddr);
 #ifdef MM_DEBUG
@@ -264,6 +265,7 @@ void Region::map(PageDirectory& page_directory)
                 pte.set_writable(false);
             else
                 pte.set_writable(is_writable());
+            pte.set_execute_disabled(!is_executable());
         } else {
             pte.set_physical_page_base(0);
             pte.set_present(false);
-- 
cgit v1.2.3