Skip to content

Commit

Permalink
Merge pull request #409 from rust-osdev/no-execute
Browse files Browse the repository at this point in the history
Set `NO_EXECUTE` flag for all writable memory regions
  • Loading branch information
phil-opp authored Feb 2, 2024
2 parents e15e779 + e27698f commit 2e9fe88
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 7 deletions.
4 changes: 3 additions & 1 deletion bios/stage-4/src/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,9 @@ pub extern "C" fn _start(info: &mut BiosInfo) -> ! {
bootloader_page_table
.identity_map(
frame,
PageTableFlags::PRESENT | PageTableFlags::WRITABLE,
PageTableFlags::PRESENT
| PageTableFlags::WRITABLE
| PageTableFlags::NO_EXECUTE,
&mut frame_allocator,
)
.unwrap()
Expand Down
15 changes: 9 additions & 6 deletions common/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -225,7 +225,7 @@ where
let frame = frame_allocator
.allocate_frame()
.expect("frame allocation failed when mapping a kernel stack");
let flags = PageTableFlags::PRESENT | PageTableFlags::WRITABLE;
let flags = PageTableFlags::PRESENT | PageTableFlags::WRITABLE | PageTableFlags::NO_EXECUTE;
match unsafe { kernel_page_table.map_to(page, frame, flags, frame_allocator) } {
Ok(tlb) => tlb.flush(),
Err(err) => panic!("failed to map page {:?}: {:?}", page, err),
Expand Down Expand Up @@ -278,7 +278,8 @@ where
PhysFrame::range_inclusive(framebuffer_start_frame, framebuffer_end_frame).enumerate()
{
let page = start_page + u64::from_usize(i);
let flags = PageTableFlags::PRESENT | PageTableFlags::WRITABLE;
let flags =
PageTableFlags::PRESENT | PageTableFlags::WRITABLE | PageTableFlags::NO_EXECUTE;
match unsafe { kernel_page_table.map_to(page, frame, flags, frame_allocator) } {
Ok(tlb) => tlb.flush(),
Err(err) => panic!(
Expand Down Expand Up @@ -306,7 +307,7 @@ where
let ramdisk_page_count = (system_info.ramdisk_len - 1) / Size4KiB::SIZE;
let ramdisk_physical_end_page = ramdisk_physical_start_page + ramdisk_page_count;

let flags = PageTableFlags::PRESENT | PageTableFlags::WRITABLE;
let flags = PageTableFlags::PRESENT | PageTableFlags::WRITABLE | PageTableFlags::NO_EXECUTE;
for (i, frame) in
PhysFrame::range_inclusive(ramdisk_physical_start_page, ramdisk_physical_end_page)
.enumerate()
Expand Down Expand Up @@ -339,7 +340,8 @@ where

for frame in PhysFrame::range_inclusive(start_frame, end_frame) {
let page = Page::containing_address(offset + frame.start_address().as_u64());
let flags = PageTableFlags::PRESENT | PageTableFlags::WRITABLE;
let flags =
PageTableFlags::PRESENT | PageTableFlags::WRITABLE | PageTableFlags::NO_EXECUTE;
match unsafe { kernel_page_table.map_to(page, frame, flags, frame_allocator) } {
Ok(tlb) => tlb.ignore(),
Err(err) => panic!(
Expand Down Expand Up @@ -380,7 +382,7 @@ where
u16::from(index)
);
}
let flags = PageTableFlags::PRESENT | PageTableFlags::WRITABLE;
let flags = PageTableFlags::PRESENT | PageTableFlags::WRITABLE | PageTableFlags::NO_EXECUTE;
entry.set_frame(page_tables.kernel_level_4_frame, flags);

Some(index)
Expand Down Expand Up @@ -481,7 +483,8 @@ where
let start_page = Page::containing_address(boot_info_addr);
let end_page = Page::containing_address(memory_map_regions_end - 1u64);
for page in Page::range_inclusive(start_page, end_page) {
let flags = PageTableFlags::PRESENT | PageTableFlags::WRITABLE;
let flags =
PageTableFlags::PRESENT | PageTableFlags::WRITABLE | PageTableFlags::NO_EXECUTE;
let frame = frame_allocator
.allocate_frame()
.expect("frame allocation for boot info failed");
Expand Down

0 comments on commit 2e9fe88

Please sign in to comment.