Kernel+Userland: Refine preventing syscall annotations of Regions option

supercomputer7 · linusg · commit b27f88f61de9 · 2023-02-24T22:26:07.000+01:00
Instead of using a special case of the annotate_mapping syscall, let's
introduce a new prctl option to disallow further annotations of Regions
as new syscall Region(s).
diff --git a/Kernel/API/prctl_numbers.h b/Kernel/API/prctl_numbers.h
@@ -8,3 +8,5 @@
 
 #define PR_SET_DUMPABLE 1
 #define PR_GET_DUMPABLE 2
+#define PR_SET_NO_NEW_SYSCALL_REGION_ANNOTATIONS 3
+#define PR_GET_NO_NEW_SYSCALL_REGION_ANNOTATIONS 4
diff --git a/Kernel/Syscalls/mmap.cpp b/Kernel/Syscalls/mmap.cpp
@@ -578,18 +578,16 @@ ErrorOr<FlatPtr> Process::sys$annotate_mapping(Userspace<void*> address, int fla
     if (flags == to_underlying(VirtualMemoryRangeFlags::None))
         return EINVAL;
 
+    if (!address)
+        return EINVAL;
+
     if (!Memory::is_user_address(address.vaddr()))
         return EFAULT;
 
     return address_space().with([&](auto& space) -> ErrorOr<FlatPtr> {
         if (space->enforces_syscall_regions() && (flags & to_underlying(VirtualMemoryRangeFlags::SyscallCode)))
             return EPERM;
 
-        if (!address) {
-            space->set_enforces_syscall_regions(true);
-            return 0;
-        }
-
         auto* region = space->find_region_containing(Memory::VirtualRange { address.vaddr(), 1 });
         if (!region)
             return EINVAL;
diff --git a/Kernel/Syscalls/prctl.cpp b/Kernel/Syscalls/prctl.cpp
@@ -21,6 +21,22 @@ ErrorOr<FlatPtr> Process::sys$prctl(int option, FlatPtr arg1, [[maybe_unused]] F
                 return EINVAL;
             protected_data.dumpable = arg1;
             return 0;
+        case PR_GET_NO_NEW_SYSCALL_REGION_ANNOTATIONS:
+            return address_space().with([&](auto& space) -> ErrorOr<FlatPtr> {
+                return space->enforces_syscall_regions();
+            });
+        case PR_SET_NO_NEW_SYSCALL_REGION_ANNOTATIONS:
+            if (arg1 != 0 && arg1 != 1)
+                return EINVAL;
+            bool prohibit_new_annotated_syscall_regions = (arg1 == 1);
+            return address_space().with([&](auto& space) -> ErrorOr<FlatPtr> {
+                if (space->enforces_syscall_regions() && !prohibit_new_annotated_syscall_regions)
+                    return EPERM;
+
+                space->set_enforces_syscall_regions(prohibit_new_annotated_syscall_regions);
+                return 0;
+            });
+            return 0;
         }
         return EINVAL;
     });
diff --git a/Userland/Libraries/LibELF/DynamicLinker.cpp b/Userland/Libraries/LibELF/DynamicLinker.cpp
@@ -17,6 +17,7 @@
 #include <AK/ScopeGuard.h>
 #include <AK/Vector.h>
 #include <Kernel/API/VirtualMemoryAnnotations.h>
+#include <Kernel/API/prctl_numbers.h>
 #include <LibC/bits/pthread_integration.h>
 #include <LibC/link.h>
 #include <LibC/sys/mman.h>
@@ -677,7 +678,7 @@ void ELF::DynamicLinker::linker_main(DeprecatedString&& main_program_path, int m
 
     s_loaders.clear();
 
-    int rc = syscall(SC_annotate_mapping, nullptr);
+    int rc = syscall(SC_prctl, PR_SET_NO_NEW_SYSCALL_REGION_ANNOTATIONS, 1, 0);
     if (rc < 0) {
         VERIFY_NOT_REACHED();
     }
