From 3d80ccecc6372aa2841c2291ccd0f70665761b03 Mon Sep 17 00:00:00 2001 From: Pavel <68122101+red-prig@users.noreply.github.com> Date: Thu, 23 May 2024 16:37:48 +0300 Subject: [PATCH] + --- sys/jit/kern_jit.pas | 14 +++-- sys/kern/kern_authinfo.pas | 2 +- sys/kern/kern_dmem.pas | 2 +- sys/kern/kern_rangelock.pas | 14 ++--- sys/md/md_exception.pas | 2 +- sys/md/vm_pmap.pas | 104 ++++++++++++++++++++++++++------- sys/vfs/kern_descrip.pas | 27 +++++++++ sys/vfs/vfs_cache.pas | 3 + sys/vfs/vfs_mount.pas | 10 ++-- sys/vfs/vfs_syscalls.pas | 111 ++++++++++++++++++++++++++++++++++++ sys/vm/vm_mmap.pas | 4 ++ sys/vm/vm_nt_map.pas | 9 ++- 12 files changed, 260 insertions(+), 42 deletions(-) diff --git a/sys/jit/kern_jit.pas b/sys/jit/kern_jit.pas index 11a1c421..d409750f 100644 --- a/sys/jit/kern_jit.pas +++ b/sys/jit/kern_jit.pas @@ -1345,22 +1345,26 @@ begin end; procedure pick(var ctx:t_jit_context2;preload:Pointer); [public, alias:'kern_jit_pick']; +label + _exit; var map:vm_map_t; + lock:Pointer; node:p_jit_entry_point; begin map:=p_proc.p_vmspace; - vm_map_lock(map); + //vm_map_lock(map); + lock:=pmap_wlock(map^.pmap,ctx.text_start,ctx.text___end); if (preload<>nil) then begin + //recheck node:=preload_entry(preload); if (node<>nil) then begin node^.dec_ref; - vm_map_unlock(map); - Exit; + goto _exit; end; end; @@ -1372,7 +1376,9 @@ begin pick_locked(ctx); end; - vm_map_unlock(map); + _exit: + pmap_unlock(map^.pmap,lock); + //vm_map_unlock(map); end; procedure pick_locked_internal(var ctx:t_jit_context2); diff --git a/sys/kern/kern_authinfo.pas b/sys/kern/kern_authinfo.pas index 9ed68f7a..0991531f 100644 --- a/sys/kern/kern_authinfo.pas +++ b/sys/kern/kern_authinfo.pas @@ -391,7 +391,7 @@ begin data:=Default(t_authinfo); - //if (priv_check(td,$2ae)=0) then + //if (priv_check(td,686)=0) then //begin // data:=g_authinfo; //end else diff --git a/sys/kern/kern_dmem.pas b/sys/kern/kern_dmem.pas index 940adca2..c5a2f42e 100644 --- a/sys/kern/kern_dmem.pas +++ b/sys/kern/kern_dmem.pas @@ -166,7 +166,7 @@ begin if (d_pool_id<>-1) then begin - //Result:=priv_check(td,0x2ad); + //Result:=priv_check(td,685); //(param < 3) Exit(EPERM); end; diff --git a/sys/kern/kern_rangelock.pas b/sys/kern/kern_rangelock.pas index 5335e207..f54ca093 100644 --- a/sys/kern/kern_rangelock.pas +++ b/sys/kern/kern_rangelock.pas @@ -33,13 +33,13 @@ type rl_currdep:p_rl_q_entry; end; -procedure rangelock_init(lock:p_rangelock); -procedure rangelock_destroy(lock:p_rangelock); -procedure rangelock_unlock(lock:p_rangelock;cookie:Pointer;ilk:p_mtx); +procedure rangelock_init (lock:p_rangelock); +procedure rangelock_destroy (lock:p_rangelock); +procedure rangelock_unlock (lock:p_rangelock;cookie:Pointer;ilk:p_mtx); function rangelock_unlock_range(lock:p_rangelock;cookie:Pointer;start,__end:off_t;ilk:p_mtx):Pointer; -function rangelock_rlock(lock:p_rangelock;start,__end:off_t;ilk:p_mtx):Pointer; -function rangelock_wlock(lock:p_rangelock;start,__end:off_t;ilk:p_mtx):Pointer; -procedure rlqentry_free(rleq:p_rl_q_entry); +function rangelock_rlock (lock:p_rangelock;start,__end:off_t;ilk:p_mtx):Pointer; +function rangelock_wlock (lock:p_rangelock;start,__end:off_t;ilk:p_mtx):Pointer; +procedure rlqentry_free (rleq:p_rl_q_entry); implementation @@ -197,7 +197,7 @@ begin entry:=cookie; Assert((entry^.rl_q_flags and RL_LOCK_GRANTED)<>0,'Unlocking non-granted lock'); - Assert(entry^.rl_q_start=start, 'wrong start'); + Assert(entry^.rl_q_start=start , 'wrong start'); Assert(entry^.rl_q_end >= __end, 'wrong end'); mtx_lock(ilk^); diff --git a/sys/md/md_exception.pas b/sys/md/md_exception.pas index 5efda0fe..b5c256eb 100644 --- a/sys/md/md_exception.pas +++ b/sys/md/md_exception.pas @@ -266,7 +266,7 @@ begin STATUS_ACCESS_VIOLATION: begin - if pmap_danger_zone(@vm_map_t(p_proc.p_vmspace)^.pmap, + if pmap_danger_zone(vm_map_t(p_proc.p_vmspace)^.pmap, get_pageflt_addr(p), 256) then begin diff --git a/sys/md/vm_pmap.pas b/sys/md/vm_pmap.pas index 3dbb46c1..8a0b58ec 100644 --- a/sys/md/vm_pmap.pas +++ b/sys/md/vm_pmap.pas @@ -12,6 +12,8 @@ uses sys_vm_object, vnode, vuio, + kern_mtx, + kern_rangelock, md_map, vm_pmap_prot, vm_nt_map; @@ -41,6 +43,8 @@ procedure iov_uplift(iov:p_iovec); type p_pmap=^_pmap; _pmap=packed object + rmlock:rangelock; + rm_mtx:mtx; nt_map:_vm_nt_map; end; @@ -63,6 +67,16 @@ procedure pmap_align_superpage(obj :vm_object_t; addr :p_vm_offset_t; size :vm_size_t); +function pmap_wlock(pmap :pmap_t; + start:vm_offset_t; + __end:vm_offset_t):Pointer; + +function pmap_rlock(pmap :pmap_t; + start:vm_offset_t; + __end:vm_offset_t):Pointer; + +procedure pmap_unlock(pmap:pmap_t;cookie:Pointer); + procedure pmap_enter_object(pmap :pmap_t; obj :vm_object_t; offset :vm_ooffset_t; @@ -252,16 +266,20 @@ begin dmem_init; dev_mem_init(4); - PAGE_PROT:=nil; - - r:=md_mmap(PAGE_PROT,PAGE_MAP_COUNT,VM_RW); - - if (r<>0) then + if (PAGE_PROT=nil) then begin - Writeln('failed md_mmap(',HexStr(PAGE_MAP_COUNT,11),'):0x',HexStr(r,8)); - Assert(false,'pmap_pinit'); + r:=md_mmap(PAGE_PROT,PAGE_MAP_COUNT,VM_RW); + + if (r<>0) then + begin + Writeln('failed md_mmap(',HexStr(PAGE_MAP_COUNT,11),'):0x',HexStr(r,8)); + Assert(false,'pmap_pinit'); + end; end; + rangelock_init(@pmap^.rmlock); + mtx_init(pmap^.rm_mtx,'pmap'); + vm_nt_map_init(@pmap^.nt_map,VM_MINUSER_ADDRESS,VM_MAXUSER_ADDRESS); //exclude @@ -503,6 +521,25 @@ begin end; end; +function pmap_wlock(pmap :pmap_t; + start:vm_offset_t; + __end:vm_offset_t):Pointer; +begin + Result:=rangelock_wlock(@pmap^.rmlock,start,__end,@pmap^.rm_mtx); +end; + +function pmap_rlock(pmap :pmap_t; + start:vm_offset_t; + __end:vm_offset_t):Pointer; +begin + Result:=rangelock_rlock(@pmap^.rmlock,start,__end,@pmap^.rm_mtx); +end; + +procedure pmap_unlock(pmap:pmap_t;cookie:Pointer); +begin + rangelock_unlock(@pmap^.rmlock,cookie,@pmap^.rm_mtx); +end; + procedure pmap_copy(src_obj :p_vm_nt_file_obj; src_ofs :vm_ooffset_t; dst_obj :p_vm_nt_file_obj; @@ -598,6 +635,8 @@ var info:t_fd_info; cow :p_vm_nt_file_obj; + lock:Pointer; + max:Integer; r:Integer; @@ -607,6 +646,10 @@ begin Writeln('pmap_enter_object:',HexStr(start,11),':',HexStr(__end,11),':',HexStr(prot,2)); end; + lock:=pmap_wlock(pmap,start,__end); + + pmap_mark_rwx(start,__end,prot); + r:=0; case vm_object_type(obj) of OBJT_SELF , // same? @@ -875,17 +918,15 @@ begin goto _default; end; - Exit; end; else begin Writeln('TODO:',vm_object_type(obj)); Assert(False); - Exit; end; end; - pmap_mark_rwx(start,__end,prot); + pmap_unlock(pmap,lock); end; procedure pmap_protect(pmap :pmap_t; @@ -893,6 +934,8 @@ procedure pmap_protect(pmap :pmap_t; start :vm_offset_t; __end :vm_offset_t; prot :vm_prot_t); +var + lock:Pointer; label _default; begin @@ -901,6 +944,10 @@ begin Writeln('pmap_protect:',HexStr(start,11),':',HexStr(__end,11),':prot:',HexStr(prot,2)); end; + lock:=pmap_wlock(pmap,start,__end); + + pmap_mark_rwx(start,__end,prot); + case vm_object_type(obj) of OBJT_SELF , // same? @@ -908,10 +955,15 @@ begin begin _default: - vm_nt_map_protect(@pmap^.nt_map, - start, - __end, - (prot and VM_RW)); + vm_nt_map_prot_fix(@pmap^.nt_map, + start, + __end, + TAKE_PROT_TRACK); + + //vm_nt_map_protect(@pmap^.nt_map, + // start, + // __end, + // (prot and VM_RW)); end; OBJT_DEVICE: @@ -942,11 +994,10 @@ begin begin Writeln('TODO:',vm_object_type(obj)); Assert(False); - Exit; end; end; - pmap_mark_rwx(start,__end,prot); + pmap_unlock(pmap,lock); end; procedure pmap_madvise(pmap :pmap_t; @@ -957,6 +1008,8 @@ procedure pmap_madvise(pmap :pmap_t; label _default; var + lock:Pointer; + r:Integer; begin if (p_print_pmap) then @@ -964,6 +1017,8 @@ begin Writeln('pmap_madv_free:',HexStr(start,11),':',HexStr(__end,11),':',HexStr(advise,2)); end; + lock:=pmap_wlock(pmap,start,__end); + r:=0; case vm_object_type(obj) of OBJT_SELF , // same? @@ -997,7 +1052,6 @@ begin begin Writeln('TODO:',vm_object_type(obj)); Assert(False); - Exit; end; end; @@ -1006,6 +1060,8 @@ begin Writeln('failed md_reset:0x',HexStr(r,8)); Assert(false,'pmap_madv_free'); end; + + pmap_unlock(pmap,lock); end; procedure pmap_remove(pmap :pmap_t; @@ -1015,6 +1071,8 @@ procedure pmap_remove(pmap :pmap_t; label _default; var + lock:Pointer; + r:Integer; begin if (p_print_pmap) then @@ -1022,7 +1080,10 @@ begin Writeln('pmap_remove:',HexStr(start,11),':',HexStr(__end,11)); end; + lock:=pmap_wlock(pmap,start,__end); + pmap_unmark_rwx(start,__end); + //untrack? r:=0; case vm_object_type(obj) of @@ -1069,7 +1130,6 @@ begin begin Writeln('TODO:',vm_object_type(obj)); Assert(False); - Exit; end; end; @@ -1078,6 +1138,8 @@ begin Writeln('failed vm_nt_map_delete:0x',HexStr(r,8)); Assert(false,'pmap_remove'); end; + + pmap_unlock(pmap,lock); end; function pmap_mirror_map(pmap :pmap_t; @@ -1103,9 +1165,9 @@ begin end; end; -function pmap_danger_zone(pmap:pmap_t; - addr:vm_offset_t; - size:vm_offset_t):Boolean; +function pmap_danger_zone(pmap:pmap_t; + addr:vm_offset_t; + size:vm_offset_t):Boolean; begin Result:=False; while (pmap^.nt_map.danger_zone.in_range(addr,size)) do diff --git a/sys/vfs/kern_descrip.pas b/sys/vfs/kern_descrip.pas index 933f65d2..b8dbd052 100644 --- a/sys/vfs/kern_descrip.pas +++ b/sys/vfs/kern_descrip.pas @@ -207,6 +207,9 @@ end; } function sys_getdtablesize():Integer; begin + //priv_check(td,683); + Exit(EPERM); + curkthread^.td_retval[0]:=lim_cur(RLIMIT_NOFILE); Exit(0); end; @@ -227,6 +230,9 @@ function do_dup(flags,old,new:Integer;retval:PQWORD):Integer; forward; } function sys_dup2(from,_to:Integer):Integer; begin + //priv_check(td,683); + Exit(EPERM); + Exit(do_dup(DUP_FIXED, from, _to, @curkthread^.td_retval)); end; @@ -235,6 +241,9 @@ end; } function sys_dup(u_fd:Integer):Integer; begin + //priv_check(td,688); + Exit(EPERM); + Exit(do_dup(0, u_fd, 0, @curkthread^.td_retval)); end; @@ -249,6 +258,13 @@ var ofl:__oflock; error:Integer; begin + + //if (priv_check(td,683) <> 0) then + if (cmd > 13) or (($3818 shr (cmd and $1f) and 1)=0) then + begin + Exit(EINVAL); + end; + error:=0; case cmd of F_OGETLK, @@ -285,10 +301,14 @@ begin else; end; if (error<>0) then + begin Exit(error); + end; error:=kern_fcntl(fd, cmd, arg); if (error<>0) then + begin Exit(error); + end; if (cmd=F_OGETLK) then begin ofl.l_start :=fl.l_start; @@ -313,7 +333,9 @@ begin fpp^:=fget_unlocked(fd); if (fpp^=nil) then + begin Exit(EBADF); + end; if (fpp^^.f_type=DTYPE_CAPABILITY) then begin @@ -968,11 +990,16 @@ var error:Integer; vfslocked:Integer; begin + //priv_check(td,683); + Exit(EPERM); + td:=curkthread; error:=fget(fd, CAP_FPATHCONF, @fp); if (error<>0) then + begin Exit(error); + end; { If asynchronous I/O is available, it works for all descriptors. } if (name=_PC_ASYNC_IO) then diff --git a/sys/vfs/vfs_cache.pas b/sys/vfs/vfs_cache.pas index 0508d302..5c82a19c 100644 --- a/sys/vfs/vfs_cache.pas +++ b/sys/vfs/vfs_cache.pas @@ -369,6 +369,9 @@ end; { Implementation of the getcwd syscall. } function sys___getcwd(buf:PChar;buflen:DWORD):Integer; begin + //priv_check(td,683); + Exit(EPERM); + Exit(kern___getcwd(buf, UIO_USERSPACE, buflen)); end; diff --git a/sys/vfs/vfs_mount.pas b/sys/vfs/vfs_mount.pas index b9382d54..28d30f2c 100644 --- a/sys/vfs/vfs_mount.pas +++ b/sys/vfs/vfs_mount.pas @@ -1897,7 +1897,8 @@ var auio:p_uio; error:Integer; begin - //priv_check(param_1,683); + //priv_check(td,683); + Exit(EPERM); { * Filter out MNT_ROOTFS. We do not want clients of nmount() in @@ -1939,8 +1940,8 @@ var ma:p_mntarg; error:Integer; begin - - //priv_check(param_1,683); + //priv_check(td,683); + Exit(EPERM); vfsp:=nil; ma:=nil; @@ -2004,7 +2005,8 @@ var pathbuf:t_mname; error,id0,id1,vfslocked:Integer; begin - //priv_check(param_1,683); + //priv_check(td,683); + Exit(EPERM); //if (jailed(td^.td_ucred)) or (usermount=0) then //begin diff --git a/sys/vfs/vfs_syscalls.pas b/sys/vfs/vfs_syscalls.pas index 208ea9fc..f50a62a8 100644 --- a/sys/vfs/vfs_syscalls.pas +++ b/sys/vfs/vfs_syscalls.pas @@ -255,6 +255,9 @@ var sf:t_statfs; error:Integer; begin + //priv_check(td,683); + Exit(EPERM); + error:=kern_statfs(path, UIO_USERSPACE, @sf); if (error=0) then begin @@ -348,6 +351,9 @@ var sf:t_statfs; error:Integer; begin + //priv_check(td,683); + Exit(EPERM); + error:=kern_fstatfs(fd, @sf); if (error=0) then begin @@ -498,6 +504,9 @@ end; } function sys_getfsstat(buf:Pointer;bufsize:QWORD;flags:Integer):Integer; begin + //priv_check(td,683); + Exit(EPERM); + Exit(kern_getfsstat(@buf, bufsize, UIO_USERSPACE, flags)); end; @@ -515,6 +524,9 @@ var error:Integer; tvfslocked:Integer; begin + //priv_check(td,683); + Exit(EPERM); + error:=getvnode(fd, CAP_FCHDIR, @fp); if (error<>0) then begin @@ -607,6 +619,9 @@ end; } function sys_chdir(path:PChar):Integer; begin + //priv_check(td,683); + Exit(EPERM); + Exit(kern_chdir(path, UIO_USERSPACE)); end; @@ -671,10 +686,13 @@ begin begin Exit(error); end; + NDINIT(@nd, LOOKUP, FOLLOW or LOCKSHARED or LOCKLEAF or MPSAFE or AUDITVNODE1, UIO_USERSPACE, path, curkthread); error:=nd_namei(@nd); if (error<>0) then + begin goto _error; + end; vfslocked:=NDHASGIANT(@nd); error:=change_dir(nd.ni_vp); if (error<>0) then @@ -1043,6 +1061,9 @@ end; function sys_openat(fd:Integer;path:PChar;flags,mode:Integer):Integer; begin + //priv_check(td,683); + Exit(EPERM); + Result:=kern_openat(fd, path, UIO_USERSPACE, flags, mode); // if (curkthread<>nil) then @@ -1255,16 +1276,25 @@ end; } function sys_mknod(path:PChar;mode,dev:Integer):Integer; begin + //priv_check(td,683); + Exit(EPERM); + Exit(kern_mknod(path, UIO_USERSPACE, mode, dev)); end; function sys_mknodat(fd:Integer;path:PChar;mode,dev:Integer):Integer; begin + //priv_check(td,683); + Exit(EPERM); + Exit(kern_mknodat(fd, path, UIO_USERSPACE, mode, dev)); end; function kern_mkfifo(path:PChar;pathseg:uio_seg;mode:Integer):Integer; begin + //priv_check(td,683); + Exit(EPERM); + Exit(kern_mkfifoat(AT_FDCWD, path, pathseg, mode)); end; @@ -1273,11 +1303,17 @@ end; } function sys_mkfifo(path:PChar;mode:Integer):Integer; begin + //priv_check(td,683); + Exit(EPERM); + Exit(kern_mkfifo(path, UIO_USERSPACE, mode)); end; function sys_mkfifoat(fd:Integer;path:PChar;mode:Integer):Integer; begin + //priv_check(td,683); + Exit(EPERM); + Exit(kern_mkfifoat(fd, path, UIO_USERSPACE, mode)); end; @@ -1372,11 +1408,17 @@ end; } function sys_link(name1,name2:PChar):Integer; begin + //priv_check(td,683); + Exit(EPERM); + Exit(kern_link(name1,name2,UIO_USERSPACE)); end; function sys_linkat(fd1:Integer;path1:PChar;fd2:Integer;path2:PChar;flag:Integer):Integer; begin + //priv_check(td,683); + Exit(EPERM); + if ((flag and (not AT_SYMLINK_FOLLOW))<>0) then begin Exit(EINVAL); @@ -1482,11 +1524,17 @@ end; } function sys_symlink(path,link:PChar):Integer; begin + //priv_check(td,683); + Exit(EPERM); + Exit(kern_symlink(path, link, UIO_USERSPACE)); end; function sys_symlinkat(path1:PChar;fd:Integer;path2:PChar):Integer; begin + //priv_check(td,683); + Exit(EPERM); + Exit(kern_symlinkat(path1, fd, path2, UIO_USERSPACE)); end; @@ -1595,6 +1643,9 @@ end; function sys_unlinkat(fd:Integer;path:PChar;flag:Integer):Integer; begin + //priv_check(td,683); + Exit(EPERM); + if ((flag and (not AT_REMOVEDIR))<>0) then begin Exit(EINVAL); @@ -1805,6 +1856,9 @@ end; } function sys_access(path:PChar;flags:Integer):Integer; begin + //priv_check(td,683); + Exit(EPERM); + Exit(kern_access(path, UIO_USERSPACE, flags)); end; @@ -1895,6 +1949,9 @@ var sb:p_stat; error:Integer; begin + //priv_check(td,683); + Exit(EPERM); + error:=kern_statat(flag, fd, path, UIO_USERSPACE, @sb); if (error=0) then begin @@ -1916,6 +1973,9 @@ var sb:t_stat; error:Integer; begin + //priv_check(td,683); + Exit(EPERM); + error:=kern_lstat(path, UIO_USERSPACE, @sb); if (error=0) then begin @@ -1958,6 +2018,9 @@ end; } function sys_pathconf(path:PChar;name:Integer):Integer; begin + //priv_check(td,683); + Exit(EPERM); + Exit(kern_pathconf(path, UIO_USERSPACE, name, FOLLOW)); end; @@ -2032,6 +2095,9 @@ end; } function sys_readlink(path,buf:PChar;count:QWORD):Integer; begin + //priv_check(td,683); + Exit(EPERM); + Exit(kern_readlink(path, UIO_USERSPACE, buf, UIO_USERSPACE, count)); end; @@ -2113,6 +2179,9 @@ var nd:t_nameidata; vfslocked:Integer; begin + //priv_check(td,683); + Exit(EPERM); + NDINIT(@nd, LOOKUP, NOFOLLOW or MPSAFE or AUDITVNODE1, UIO_USERSPACE, path, curkthread); error:=nd_namei(@nd); if (error<>0) then @@ -2217,11 +2286,17 @@ end; } function sys_chmod(path:PChar;mode:Integer):Integer; begin + //priv_check(td,683); + Exit(EPERM); + Exit(kern_chmod(path, UIO_USERSPACE, mode)); end; function sys_fchmodat(fd:Integer;path:PChar;mode,flag:Integer):Integer; begin + //priv_check(td,683); + Exit(EPERM); + if ((flag and (not AT_SYMLINK_NOFOLLOW))<>0) then begin Exit(EINVAL); @@ -2235,6 +2310,9 @@ end; } function sys_lchmod(path:PChar;mode:Integer):Integer; begin + //priv_check(td,683); + Exit(EPERM); + Exit(kern_fchmodat(AT_FDCWD, path, UIO_USERSPACE, mode, AT_SYMLINK_NOFOLLOW)); end; @@ -2246,6 +2324,9 @@ var fp:p_file; error:Integer; begin + //priv_check(td,683); + Exit(EPERM); + error:=fget(fd, CAP_FCHMOD, @fp); if (error<>0) then begin @@ -2324,11 +2405,17 @@ end; } function sys_chown(path:PChar;uid,gid:Integer):Integer; begin + //priv_check(td,683); + Exit(EPERM); + Exit(kern_chown(path, UIO_USERSPACE, uid, gid)); end; function sys_fchownat(fd:Integer;path:PChar;uid,gid,flag:Integer):Integer; begin + //priv_check(td,683); + Exit(EPERM); + if ((flag and (not AT_SYMLINK_NOFOLLOW))<>0) then begin Exit(EINVAL); @@ -2347,6 +2434,9 @@ end; } function sys_lchown(path:PChar;uid,gid:Integer):Integer; begin + //priv_check(td,683); + Exit(EPERM); + Exit(kern_lchown(path, UIO_USERSPACE, uid, gid)); end; @@ -2358,6 +2448,9 @@ var fp:p_file; error:Integer; begin + //priv_check(td,683); + Exit(EPERM); + error:=fget(fd, CAP_FCHOWN, @fp); if (error<>0) then begin @@ -2500,6 +2593,9 @@ end; function sys_futimesat(fd:Integer;path:PChar;times:Pointer):Integer; begin + //priv_check(td,683); + Exit(EPERM); + Exit(kern_utimesat(fd, path, UIO_USERSPACE, times, UIO_USERSPACE)); end; @@ -2531,6 +2627,9 @@ end; } function sys_lutimes(path:PChar;tptr:Pointer):Integer; begin + //priv_check(td,683); + Exit(EPERM); + Exit(kern_lutimes(path, UIO_USERSPACE, tptr, UIO_USERSPACE)); end; @@ -2858,6 +2957,9 @@ end; function sys_renameat(oldfd:Integer;old:PChar;newfd:Integer;new:PChar):Integer; begin + //priv_check(td,683); + Exit(EPERM); + Exit(kern_renameat(oldfd, old, newfd, new, UIO_USERSPACE)); end; @@ -2954,6 +3056,9 @@ end; function sys_mkdirat(fd:Integer;path:PChar;mode:Integer):Integer; begin + //priv_check(td,683); + Exit(EPERM); + Exit(kern_mkdirat(fd, path, UIO_USERSPACE, mode)); end; @@ -3184,6 +3289,9 @@ function sys_umask(newmask:Integer):Integer; var td:p_kthread; begin + //priv_check(td,683); + Exit(EPERM); + td:=curkthread; if (td=nil) then Exit(-1); @@ -3208,6 +3316,9 @@ var nd:t_nameidata; vfslocked:Integer; begin + //priv_check(td,683); + Exit(EPERM); + NDINIT(@nd, LOOKUP, FOLLOW or LOCKLEAF or MPSAFE or AUDITVNODE1, UIO_USERSPACE, path, curkthread); diff --git a/sys/vm/vm_mmap.pas b/sys/vm/vm_mmap.pas index 3f675f9e..342db407 100644 --- a/sys/vm/vm_mmap.pas +++ b/sys/vm/vm_mmap.pas @@ -1044,7 +1044,11 @@ var begin map:=p_proc.p_vmspace; + vm_map_lock(map); + Result:=pmap_mirror_map(map^.pmap,paddr,paddr+psize); + + vm_map_unlock(map); end; procedure mirror_unmap(base:Pointer;size:QWORD); diff --git a/sys/vm/vm_nt_map.pas b/sys/vm/vm_nt_map.pas index c6e38252..4004f4e3 100644 --- a/sys/vm/vm_nt_map.pas +++ b/sys/vm/vm_nt_map.pas @@ -19,6 +19,9 @@ const MAX_UNION_SIZE=256*1024*1024; + TAKE_PROT_TRACK=1; + REMAP_PROT =2; + type t_danger_range=packed record start:DWORD; @@ -216,7 +219,7 @@ begin while (start<__end) do begin - if ((mode and 1)=0) then + if ((mode and TAKE_PROT_TRACK)=0) then begin next:=pmap_scan_rwx(start,__end); @@ -233,7 +236,7 @@ begin base:=start; size:=next-start; - if ((mode and 2)<>0) or (prot<>(max and VM_RW)) then + if ((mode and REMAP_PROT)=0) or (prot<>(max and VM_RW)) then begin r:=md_protect(Pointer(base),size,prot); if (r<>0) then @@ -597,7 +600,7 @@ begin ets[i]^.start, ets[i]^.__end, max, - 2 + TAKE_PROT_TRACK or REMAP_PROT //untrack trigger or restore track? ); end; end;