Kernel: Remove bogus kernel image access validation checks

This code had been misinterpreting the Multiboot ELF section headers since the beginning. Furthermore QEMU wasn't even passing us any headers at all, so this wasn't checking anything.
2026-02-23 08:06:11 +00:00 · 2020-01-06 13:27:14 +01:00
parent 99f71a9a2c
commit 47cc3e68c6
1 changed files with 0 additions and 42 deletions
--- a/Kernel/Process.cpp
+++ b/Kernel/Process.cpp
@@ -44,7 +44,6 @@
 #include <LibC/limits.h>
 #include <LibC/signal_numbers.h>
 #include <LibELF/ELFLoader.h>
-#include <LibELF/exec_elf.h>

 //#define DEBUG_POLL_SELECT
 //#define DEBUG_IO
@@ -2040,43 +2039,12 @@ pid_t Process::sys$waitpid(pid_t waitee, int* wstatus, int options)
    return waitee_pid;
 }

-enum class KernelMemoryCheckResult {
-    NotInsideKernelMemory,
-    AccessGranted,
-    AccessDenied
-};
-
-static KernelMemoryCheckResult check_kernel_memory_access(VirtualAddress vaddr, bool is_write)
-{
-    auto& sections = multiboot_info_ptr->u.elf_sec;
-
-    auto* kernel_program_headers = (Elf32_Phdr*)(sections.addr);
-    for (unsigned i = 0; i < sections.num; ++i) {
-        auto& segment = kernel_program_headers[i];
-        if (segment.p_type != PT_LOAD || !segment.p_vaddr || !segment.p_memsz)
-            continue;
-        if (vaddr.get() < segment.p_vaddr || vaddr.get() > (segment.p_vaddr + segment.p_memsz))
-            continue;
-        if (is_write && !(kernel_program_headers[i].p_flags & PF_W))
-            return KernelMemoryCheckResult::AccessDenied;
-        if (!is_write && !(kernel_program_headers[i].p_flags & PF_R))
-            return KernelMemoryCheckResult::AccessDenied;
-        return KernelMemoryCheckResult::AccessGranted;
-    }
-    return KernelMemoryCheckResult::NotInsideKernelMemory;
-}
-
 bool Process::validate_read_from_kernel(VirtualAddress vaddr, ssize_t size) const
 {
    if (vaddr.is_null())
        return false;
    // We check extra carefully here since the first 4MB of the address space is identity-mapped.
    // This code allows access outside of the known used address ranges to get caught.
-    auto kmc_result = check_kernel_memory_access(vaddr, false);
-    if (kmc_result == KernelMemoryCheckResult::AccessGranted)
-        return true;
-    if (kmc_result == KernelMemoryCheckResult::AccessDenied)
-        return false;
    if (is_kmalloc_address(vaddr.as_ptr()))
        return true;
    return MM.validate_kernel_read(*this, vaddr, size);
@@ -2094,11 +2062,6 @@ bool Process::validate_read(const void* address, ssize_t size) const
    ASSERT(size >= 0);
    VirtualAddress first_address((u32)address);
    if (is_ring0()) {
-        auto kmc_result = check_kernel_memory_access(first_address, false);
-        if (kmc_result == KernelMemoryCheckResult::AccessGranted)
-            return true;
-        if (kmc_result == KernelMemoryCheckResult::AccessDenied)
-            return false;
        if (is_kmalloc_address(address))
            return true;
    }
@@ -2114,11 +2077,6 @@ bool Process::validate_write(void* address, ssize_t size) const
    if (is_ring0()) {
        if (is_kmalloc_address(address))
            return true;
-        auto kmc_result = check_kernel_memory_access(first_address, true);
-        if (kmc_result == KernelMemoryCheckResult::AccessGranted)
-            return true;
-        if (kmc_result == KernelMemoryCheckResult::AccessDenied)
-            return false;
    }
    if (!size)
        return false;