Merge pull request #111 from Lind-Project/feat-mprotec-syscall

rennergade · web-flow · commit 7a5cda77e4d7 · 2025-03-19T16:53:27.000-04:00
Add mprotect syscall
diff --git a/src/RawPOSIX/src/interface/mem.rs b/src/RawPOSIX/src/interface/mem.rs
@@ -305,6 +305,80 @@ pub fn mmap_handler(
     useraddr as u32
 }
 
+/// Handles the `mprotect_syscall`, interacting with the `vmmap` structure.
+///
+/// This function processes the `mprotect_syscall` by updating the `vmmap` entries and performing
+/// the necessary protection changes. The handling logic is as follows:
+/// 1. Validate protection flags - specifically disallow `PROT_EXEC`
+/// 2. Verify address alignment and round to page boundaries
+/// 3. Check if the memory region is mapped in vmmap
+/// 4. Perform the actual mprotect syscall
+/// 5. Update the protection flags in vmmap entries, splitting entries if necessary
+///
+/// # Arguments
+/// * `cageid` - Identifier of the cage that initiated the `mprotect` syscall
+/// * `addr` - Starting address of the region to change protection
+/// * `len` - Length of the region to change protection
+/// * `prot` - New protection flags (e.g., `PROT_READ`, `PROT_WRITE`)
+///
+/// # Returns
+/// * `i32` - Returns 0 on success, -1 on failure
+pub fn mprotect_handler(cageid: u64, addr: *mut u8, len: usize, prot: i32) -> i32 {
+    let cage = cagetable_getref(cageid);
+
+    // PROT_EXEC is not allowed in WASM
+    // TODO: Remove this panic when we support PROT_EXEC for real user code
+    if prot & PROT_EXEC > 0 {
+        // Log the attempt through syscall_error's verbose logging
+        let _ = syscall_error(Errno::EINVAL, "mprotect", "PROT_EXEC attempt detected - this will panic in development");
+        // Panic during development for early detection of unsupported operations
+        panic!("PROT_EXEC is not currently supported in WASM");
+    }
+
+    // Validate length
+    if len == 0 {
+        return syscall_error(Errno::EINVAL, "mprotect", "length cannot be zero");
+    }
+
+    // check if the provided address is multiple of pages
+    let rounded_addr = round_up_page(addr as u64);
+    if rounded_addr != addr as u64 {
+        return syscall_error(Errno::EINVAL, "mprotect", "address is not aligned");
+    }
+
+    // round up length to be multiple of pages
+    let rounded_length = round_up_page(len as u64);
+
+    let mut vmmap = cage.vmmap.write();
+    
+    // Convert to page numbers for vmmap checking
+    let start_page = (addr as u32) >> PAGESHIFT;
+    let npages = (rounded_length >> PAGESHIFT) as u32;
+
+    // Check if the region is mapped
+    if !vmmap.check_existing_mapping(start_page, npages, 0) {
+        return syscall_error(Errno::ENOMEM, "mprotect", "Address range not mapped");
+    }
+
+    // Get system address for the actual mprotect call
+    let sysaddr = vmmap.user_to_sys(addr as u32);
+    
+    drop(vmmap);
+
+    // Perform mprotect through cage implementation
+    let result = cage.mprotect_syscall(sysaddr as *mut u8, rounded_length as usize, prot);
+
+    if result < 0 {
+        return result;
+    }
+
+    // Update vmmap entries with new protection
+    let mut vmmap = cage.vmmap.write();
+    vmmap.update_protections(start_page, npages, prot);
+
+    0
+}
+
 /// Handles the `sbrk_syscall`, interacting with the `vmmap` structure.
 ///
 /// This function processes the `sbrk_syscall` by updating the `vmmap` entries and managing
diff --git a/src/RawPOSIX/src/safeposix/dispatcher.rs b/src/RawPOSIX/src/safeposix/dispatcher.rs
@@ -107,6 +107,7 @@ const WAIT_SYSCALL: i32 = 172;
 const WAITPID_SYSCALL: i32 = 173;
 const BRK_SYSCALL: i32 = 175;
 const SBRK_SYSCALL: i32 = 176;
+const MPROTECT_SYSCALL: i32 = 177;
 
 const NANOSLEEP_TIME64_SYSCALL: i32 = 181;
 const CLOCK_GETTIME_SYSCALL: i32 = 191;
@@ -237,6 +238,15 @@ pub fn lind_syscall_api(
             interface::mmap_handler(cageid, addr, len, prot, flags, fd, off) as i32
         }
 
+        MPROTECT_SYSCALL => {
+            let cage = interface::cagetable_getref(cageid);
+            let addr = arg1 as *mut u8;
+            let len = arg2 as usize;
+            let prot = arg3 as i32;
+            
+            interface::mprotect_handler(cageid, addr, len, prot)
+        }
+
         PREAD_SYSCALL => {
             let fd = arg1 as i32;
             let count = arg3 as usize;
diff --git a/src/RawPOSIX/src/safeposix/syscalls/fs_calls.rs b/src/RawPOSIX/src/safeposix/syscalls/fs_calls.rs
@@ -1040,6 +1040,23 @@ impl Cage {
         ret
     }
 
+    //------------------------------------MPROTECT SYSCALL------------------------------------
+    /*
+    *   mprotect() changes protection for memory pages
+    *   Returns 0 on success, -1 on failure
+    *   Manual page: https://man7.org/linux/man-pages/man2/mprotect.2.html
+    */
+    pub fn mprotect_syscall(&self, addr: *mut u8, len: usize, prot: i32) -> i32 {
+        let ret = unsafe {
+            libc::mprotect(addr as *mut c_void, len, prot)
+        };
+        if ret < 0 {
+            let errno = get_errno();
+            return handle_errno(errno, "mprotect");
+        }
+        ret
+    }
+
     //------------------------------------FLOCK SYSCALL------------------------------------
     /*
      *   Get the kernel fd with provided virtual fd first
diff --git a/src/RawPOSIX/src/safeposix/vmmap.rs b/src/RawPOSIX/src/safeposix/vmmap.rs
@@ -226,6 +226,19 @@ pub trait VmmapOps {
         pages_per_map: u32,
         hint: u32,
     ) -> Option<Interval<u32>>;
+
+    /// Updates protection flags for a range of pages, handling mprotect operations
+    ///
+    /// Arguments:
+    /// - start_page: Starting page number to update
+    /// - npages: Number of pages to update
+    /// - new_prot: New protection flags to apply
+    ///
+    /// This function:
+    /// - Updates protection flags for the specified range
+    /// - Handles splitting of regions if necessary
+    /// - Maintains vmmap consistency
+    fn update_protections(&mut self, start_page: u32, npages: u32, new_prot: i32);
 }
 
 /// Represents a virtual memory map that manages memory regions and their attributes
@@ -951,4 +964,58 @@ impl VmmapOps for Vmmap {
 
         None
     }
+
+    /// Updates protection flags for a range of pages, handling mprotect operations
+    ///
+    /// Arguments:
+    /// - start_page: Starting page number to update
+    /// - npages: Number of pages to update
+    /// - new_prot: New protection flags to apply
+    ///
+    /// This function:
+    /// - Updates protection flags for the specified range
+    /// - Handles splitting of regions if necessary
+    /// - Maintains vmmap consistency
+    fn update_protections(&mut self, start_page: u32, npages: u32, new_prot: i32) {
+        // Calculate page range
+        let region_end_page = start_page + npages;
+        let region_interval = ie(start_page, region_end_page);
+
+        // Store intervals that need to be inserted after iteration
+        let mut to_insert = Vec::new();
+
+        // Iterate over overlapping entries
+        for (interval, entry) in self.entries.overlapping_mut(region_interval) {
+            let entry_start = interval.start();
+            let entry_end = interval.end();
+
+            // Case 1: Entry starts before region
+            if entry_start < start_page {
+                // Split entry and keep original protection for first part
+                let mut first_part = entry.clone();
+                first_part.page_num = entry_start;
+                first_part.npages = start_page - entry_start;
+                to_insert.push((ie(entry_start, start_page), first_part));
+            }
+
+            // Case 2: Entry extends beyond region
+            if entry_end > region_end_page {
+                // Split entry and keep original protection for last part
+                let mut last_part = entry.clone();
+                last_part.page_num = region_end_page;
+                last_part.npages = entry_end - region_end_page;
+                to_insert.push((ie(region_end_page, entry_end), last_part));
+            }
+
+            // Update protection for the overlapping part
+            entry.prot = new_prot;
+            entry.page_num = start_page.max(entry_start);
+            entry.npages = region_end_page.min(entry_end) - entry.page_num;
+        }
+
+        // Insert the split regions
+        for (interval, entry) in to_insert {
+            let _ = self.entries.insert_overwrite(interval, entry);
+        }
+    }
 }
diff --git a/src/RawPOSIX/src/tests/fs_tests.rs b/src/RawPOSIX/src/tests/fs_tests.rs
@@ -6,7 +6,7 @@ pub mod fs_tests {
 
     use fdtables::{translate_virtual_fd, FDTABLE};
     use sysdefs::constants::err_const::get_errno;
-    use sysdefs::constants::fs_const::{SHMMAX, S_IRWXA};
+    use sysdefs::constants::fs_const::{SHMMAX, S_IRWXA, PAGESIZE};
     use sysdefs::constants::sys_const::{DEFAULT_GID, DEFAULT_UID};
     use sysdefs::data::fs_struct::{FSData, ShmidsStruct, StatData};
 
@@ -772,6 +772,107 @@ pub mod fs_tests {
         lindrustfinalize();
     }
 
+    #[test]
+    pub fn ut_lind_fs_mprotect_readwrite_test() {
+        // Acquire test lock and initialize environment
+        let _thelock = setup::lock_and_init();
+        let cage = interface::cagetable_getref(1);
+
+
+        // Create an anonymous memory mapping with read-only permissions
+        // This simulates the C program's mmap() call to allocate a read-only page
+        let readonlydata = cage.mmap_syscall(
+            std::ptr::null_mut(),      // Let kernel choose address
+            PAGESIZE as usize,         // Map one page
+            PROT_READ,                 // Initially read-only
+            (MAP_ANONYMOUS | MAP_PRIVATE) as i32,  // Private anonymous mapping
+            -1,                        // No file descriptor for anonymous mapping
+            0                         // Offset is ignored for anonymous mappings
+        );
+        assert!(readonlydata >= 0, "mmap should succeed");
+
+        // Change the protection to allow writing
+        // This simulates the C program's mprotect() call to make the page writable
+        let result = cage.mprotect_syscall(
+            readonlydata as *mut u8,
+            PAGESIZE as usize,
+            PROT_READ | PROT_WRITE    // Add write permission
+        );
+        assert_eq!(result, 0, "mprotect should succeed");
+
+        // Test string to write to the now-writable memory
+        let text = b"Mprotect write test text\0";
+        unsafe {
+            // Copy test string into the mapped memory
+            // This simulates the C program's memcpy() call
+            let result = libc::memcpy(
+                readonlydata as *mut libc::c_void,
+                text.as_ptr() as *const libc::c_void,
+                text.len()
+            );
+            
+            // Verify that the write operation succeeded by comparing memory contents
+            let written = std::slice::from_raw_parts(readonlydata as *const u8, text.len());
+            assert_eq!(written, text, "Written data should match test string");
+
+            // Print the written text to verify it's readable
+            // This simulates the C program's puts() call
+        }
+
+        // Clean up by unmapping the memory
+        // This simulates the C program's munmap() call
+        let result = cage.munmap_syscall(readonlydata as *mut u8, PAGESIZE as usize);
+        assert_eq!(result, 0, "munmap should succeed");
+
+        // Clean up and exit
+        assert_eq!(cage.exit_syscall(libc::EXIT_SUCCESS), libc::EXIT_SUCCESS);
+        lindrustfinalize();
+    }
+
+    #[test]
+    pub fn ut_lind_fs_mprotect_unmapped_addr() {
+        let _thelock = setup::lock_and_init();
+        let cage = interface::cagetable_getref(1);
+
+        // Try to protect an unmapped address
+        let unmapped_addr = 0x1000 as *mut u8; // Some arbitrary address
+        let result = cage.mprotect_syscall(unmapped_addr, 4096, PROT_READ);
+        assert_eq!(result, -(Errno::ENOMEM as i32), "mprotect should fail with ENOMEM for unmapped address");
+
+        assert_eq!(cage.exit_syscall(libc::EXIT_SUCCESS), libc::EXIT_SUCCESS);
+        lindrustfinalize();
+    }
+
+    #[test]
+    pub fn ut_lind_fs_mprotect_split_region() {
+        let _thelock = setup::lock_and_init();
+        let cage = interface::cagetable_getref(1);
+    
+        // Map 4 pages with anonymous mapping
+        let addr = cage.mmap_syscall(
+            std::ptr::null_mut(),
+            PAGESIZE as usize * 4,
+            PROT_READ | PROT_WRITE,
+            (MAP_PRIVATE | MAP_ANONYMOUS) as i32,
+            -1,
+            0
+        );
+        
+        assert!(addr >= 0, "mmap failed with error: {}", addr);
+    
+        // Change protection for middle two pages
+        let middle_addr = (addr as usize + PAGESIZE as usize) as *mut u8;
+        let result = cage.mprotect_syscall(
+            middle_addr,
+            PAGESIZE as usize * 2,
+            PROT_READ
+        );
+        assert_eq!(result, 0, "mprotect failed");
+    
+        // Clean up
+        assert_eq!(cage.munmap_syscall(addr as *mut u8, PAGESIZE as usize * 4), 0);
+    }
+
     #[test]
     pub fn ut_lind_fs_munmap_zerolen() {
         //acquiring a lock on TESTMUTEX prevents other tests from running concurrently,
@@ -2895,7 +2996,7 @@ pub mod fs_tests {
         assert_eq!(cage.fstat_syscall(fd1, &mut uselessstatdata), 0);
         assert_eq!(cage.fstat_syscall(fd2, &mut uselessstatdata), 0);
 
-        assert_eq!(cage.exec_syscall(2), 0);
+        assert_eq!(cage.exec_syscall(), 0);
 
         let execcage = interface::cagetable_getref(2);
         assert_eq!(
@@ -3101,7 +3202,6 @@ pub mod fs_tests {
         // Now try to create a subdirectory under the parent directory
         let c_subdir_path = std::ffi::CString::new(subdir_path).unwrap();
         let result = unsafe { libc::mkdir(c_subdir_path.as_ptr(), invalid_mode) };
-        println!("mkdir returned for subdir: {}", result);
 
         // Check if mkdir failed
         if result != 0 {
diff --git a/src/RawPOSIX/src/tests/sys_tests.rs b/src/RawPOSIX/src/tests/sys_tests.rs
@@ -128,7 +128,7 @@ pub mod sys_tests {
         let _thelock = setup::lock_and_init();
         let cage1 = interface::cagetable_getref(1);
         // Exec a new child
-        assert_eq!(cage1.exec_syscall(2), 0);
+        assert_eq!(cage1.exec_syscall(), 0);
         // Assert that the fork was correct
         let child_cage = interface::cagetable_getref(2);
         assert_eq!(child_cage.getuid_syscall(), -1);
diff --git a/src/glibc/sysdeps/unix/sysv/linux/mprotect.c b/src/glibc/sysdeps/unix/sysv/linux/mprotect.c
@@ -1,11 +1,14 @@
 #include <unistd.h>
 #include <sysdep-cancel.h>
+#include <stdint.h>
+#include <fcntl.h>
+#include <syscall-template.h>
 
 int
-__GI___mprotect (int fd, const void *buf, size_t nbytes)
+__GI___mprotect (void *addr, size_t len, int prot)
 {
-
-  return 0;
+  return MAKE_SYSCALL(177, "syscall|mprotect", (uint64_t)(uintptr_t) addr, (uint64_t) len, (uint64_t) prot, NOTUSED, NOTUSED, NOTUSED);
 }
 
-weak_alias(__GI___mprotect, __mprotect)
+weak_alias(__GI___mprotect, __mprotect)
+strong_alias(__GI___mprotect, mprotect)
