]> git.saurik.com Git - apple/xnu.git/blobdiff - osfmk/vm/vm_fault.c
projects / apple / xnu.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
xnu-2782.40.9.tar.gz
[apple/xnu.git] / osfmk / vm / vm_fault.c
diff --git a/osfmk/vm/vm_fault.c b/osfmk/vm/vm_fault.c
index bb506ceddc0a48c4366688a158059f571d7e20e3..381f69b3a9e2585cf942ee700a26b9555fc57f92 100644 (file)
--- a/osfmk/vm/vm_fault.c
+++ b/osfmk/vm/vm_fault.c
@@ -735,6 +735,7 @@ vm_fault_zero_page(vm_page_t m, boolean_t no_zero_fill)
 
        m->cs_validated = FALSE;
        m->cs_tainted = FALSE;
+       m->cs_nx = FALSE;
 
        if (no_zero_fill == TRUE) {
                my_fault = DBG_NZF_PAGE_FAULT;
@@ -2653,6 +2654,7 @@ vm_fault_enter(vm_page_t m,
        }
 
 #define page_immutable(m,prot) ((m)->cs_validated /*&& ((prot) & VM_PROT_EXECUTE)*/)
+#define page_nx(m) ((m)->cs_nx)
 
        map_is_switched = ((pmap != vm_map_pmap(current_task()->map)) &&
                           (pmap == vm_map_pmap(current_thread()->map)));
@@ -2677,6 +2679,12 @@ vm_fault_enter(vm_page_t m,
                return KERN_CODESIGN_ERROR;
        }
 
+       if (cs_enforcement_enabled && page_nx(m) && (prot & VM_PROT_EXECUTE)) {
+               if (cs_debug)
+                       printf("page marked to be NX, not letting it be mapped EXEC\n");
+               return KERN_CODESIGN_ERROR;
+       }
+
        /* A page could be tainted, or pose a risk of being tainted later.
         * Check whether the receiving process wants it, and make it feel
         * the consequences (that hapens in cs_invalid_page()).
@@ -5807,7 +5815,8 @@ vm_page_validate_cs_mapped(
        kern_return_t           kr;
        memory_object_t         pager;
        void                    *blobs;
-       boolean_t               validated, tainted;
+       boolean_t               validated;
+       unsigned                        tainted;
 
        assert(page->busy);
        vm_object_lock_assert_exclusive(page->object);
@@ -5869,6 +5878,7 @@ vm_page_validate_cs_mapped(
        }
 
        /* verify the SHA1 hash for this page */
+       tainted = 0;
        validated = cs_validate_page(blobs,
                                     pager,
                                     offset + object->paging_offset,
@@ -5877,7 +5887,8 @@ vm_page_validate_cs_mapped(
 
        page->cs_validated = validated;
        if (validated) {
-               page->cs_tainted = tainted;
+               page->cs_tainted = !!(tainted & CS_VALIDATE_TAINTED);
+               page->cs_nx = !!(tainted & CS_VALIDATE_NX);
        }
 }
 
mirror of XNU