Old behavior: Crash due to VERIFY, unless we're completely and entirely out of
memory (m_available_ranges being empty), in which case it would return -ENOMEM.
New behavior: Return ENOMEM (and don't crash). In the case of nullptr,
also emit a helpful diagnostic.
Note that MAP_FIXED with nullptr is technically okay, but tends to be a sign
that something went wrong.
Also, this should improve mmap performance marginally, as it pulls the check out
of a loop that does not modify any parts of the check.
UE is now self-hosting! Fixes#5709.
However, this still needs some love: "ue UserspaceEmulator true" spits out tons
of error messages, probably false-positives, and takes about 229 seconds to run.
Then again, true-in-ue-in-ue-in-Qemu is three levels of emulation, so no wonder
it takes a long time! :D
Since there is usually no correlation between guest memory-layout and UE memory-layout,
this option does not make any sense. Especially since we provide nullptr.
This was misleading. The spec just wants us to check a string matches
a string in the JavaScript MIME type essence list. It doesn't want us
to parse the string as a MIME type to then use its essence for the
check.
Renames "mime_type" to "string" to make this less misleading.
Process member variable like m_euid are very valuable targets for
kernel exploits and until now they have been writable at all times.
This patch moves m_euid along with a whole bunch of other members
into a new Process::ProtectedData struct. This struct is remapped
as read-only memory whenever we don't need to write to it.
This means that a kernel write primitive is no longer enough to
overwrite a process's effective UID, you must first unprotect the
protected data where the UID is stored. :^)
This was using up to 12KB of kernel stack in the triply indirect case
and looks generally spooky. Let's just allocate a ByteBuffer for now
and take the performance hit (of heap allocation). Longer term we can
reorganize the code to reduce the majority of the heap churn.
The auditing code always starts by checking if we're in one of the
ignored code ranges (malloc, free, realloc, syscall, etc.)
To reduce the number of checks needed, we can cache the bounds of
the LibC text segment. This allows us to fast-reject addresses that
cannot possibly be a LibC function.
