Commit 3342e032 authored by Nifou's avatar Nifou

Add the NO_EXECUTE flag on the stack and on the heap for a better security

parent 46916ce3
......@@ -121,6 +121,8 @@ fn remap_kernel(frame: PhysFrame) -> RecursivePageTable<'static> {
unsafe { RecursivePageTable::new_unchecked(table.table(), PageTableIndex::new(511)) };
// Map the kernel
// TODO: Use the multiboot2 elf_section_tags function to map the kernel segments with the right
// flags
for (i, page) in Page::<Size4KiB>::range_inclusive(
Page::containing_address(VirtAddr::new(KERNEL_START_VIRT)),
Page::containing_address(VirtAddr::new(KERNEL_START_VIRT + KERNEL_SIZE)),
......@@ -158,7 +160,7 @@ fn remap_kernel(frame: PhysFrame) -> RecursivePageTable<'static> {
.map_to(
page,
frame,
Flags::PRESENT | Flags::WRITABLE,
Flags::PRESENT | Flags::WRITABLE | Flags::NO_EXECUTE,
&mut *FRAME_ALLOCATOR.r#try().unwrap().lock(),
)
.unwrap()
......@@ -171,7 +173,7 @@ fn remap_kernel(frame: PhysFrame) -> RecursivePageTable<'static> {
mapper
.identity_map(
table.frame(),
Flags::PRESENT | Flags::WRITABLE,
Flags::PRESENT | Flags::WRITABLE | Flags::NO_EXECUTE,
&mut *FRAME_ALLOCATOR.r#try().unwrap().lock(),
)
.unwrap()
......
......@@ -106,7 +106,7 @@ impl ProcessMemory {
.map_to(
page,
frame,
Flags::PRESENT | Flags::WRITABLE,
Flags::PRESENT | Flags::WRITABLE | Flags::NO_EXECUTE,
&mut *memory::FRAME_ALLOCATOR.r#try().unwrap().lock(),
)
.unwrap()
......
......@@ -101,7 +101,7 @@ impl Process {
let mappings = memory::map(
addr,
addr + STACK_SIZE as u64,
Flags::PRESENT | Flags::WRITABLE,
Flags::PRESENT | Flags::WRITABLE | Flags::NO_EXECUTE,
);
let rsp = self.info.push_at(addr as usize + STACK_SIZE);
......@@ -109,7 +109,7 @@ impl Process {
let mut area = MemoryArea::new(
mappings.first().unwrap().1.start_address().as_u64(),
mappings.last().unwrap().1.start_address().as_u64() + PAGE_SIZE as u64,
Flags::PRESENT | Flags::WRITABLE,
Flags::PRESENT | Flags::WRITABLE | Flags::NO_EXECUTE,
);
area.mappings(mappings.clone());
self.memory.map(area);
......@@ -129,7 +129,7 @@ impl Process {
let area = MemoryArea::new(
addr,
addr + DATA_SEGMENT_SIZE as u64,
Flags::PRESENT | Flags::WRITABLE,
Flags::PRESENT | Flags::WRITABLE | Flags::NO_EXECUTE,
);
self.memory.map(area);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment