Skip to content

v0.5.0: PAE + W^X

Choose a tag to compare

View all tags
@github-actions github-actions released this 29 Jun 16:57
· 31 commits to master since this release
v0.5.0
ff51658

Section 7 of the roadmap. Paging upgrades from 32-bit 2-level (4 MiB
PSE) to PAE 3-level (PDPT -> PD -> PT, 8-byte entries, NX at bit 63),
and W^X lands across kernel image + every user process.

Kernel image refuses execution from its own .data / .bss and refuses
writes to .text / .rodata. Userland apps are linked with three program
headers so each segment's PTE permissions match the ELF p_flags:
.text R-X, .rodata R-NX, .data + .bss RW-NX. A new wxattack ELF proves
the gate fires: it stamps a one-byte shellcode into a global and calls
it via a function pointer; the CPU page-faults at the first instruction
fetch and the kernel kills the process.

8 atomic commits collapsing a 10-step plan. Side fixes:
paging_copy_user_pgdir now allocates its own PD0 (sys_fork was
dereferencing zero before); apps/game.s writable globals moved from
.text into .section .data (W^X turned the in-place writes into #PF
until the move).

Assets 4
Loading