From 17bd847ebc85f4f9e62f510563482939a98f0c8e Mon Sep 17 00:00:00 2001
From: Amlal El Mahrouss <amlal@nekernel.org>
Date: Fri, 6 Jun 2025 05:44:34 +0200
Subject: feat: kernel: Start enforcing `User`s validation when issuing OS
 calls.

refactor: PE: remove BaseOfData, as we are only relying on PE32+ now.

Signed-off-by: Amlal El Mahrouss <amlal@nekernel.org>
---
 dev/boot/src/BootThread.cc                         | 19 ++++++++++---------
 dev/kernel/HALKit/AMD64/HalCoreInterruptHandler.cc |  7 +++++++
 dev/kernel/KernelKit/PE.h                          |  3 +--
 dev/kernel/KernelKit/UserMgr.h                     |  3 +++
 4 files changed, 21 insertions(+), 11 deletions(-)

(limited to 'dev')

diff --git a/dev/boot/src/BootThread.cc b/dev/boot/src/BootThread.cc
index b502b52e..5566e3e0 100644
--- a/dev/boot/src/BootThread.cc
+++ b/dev/boot/src/BootThread.cc
@@ -15,6 +15,8 @@
 #include <KernelKit/PEF.h>
 #include <modules/CoreGfx/TextGfx.h>
 
+#define kBootThreadSz mib_cast(16)
+
 /// @brief External boot services symbol.
 EXTERN EfiBootServices* BS;
 
@@ -67,11 +69,10 @@ BootThread::BootThread(VoidPtr blob) : fStartAddress(nullptr), fBlob(blob) {
     writer.Write("BootZ: Magic: ").Write(header_ptr->Signature).Write("\r");
 
     EfiPhysicalAddress loadStartAddress = opt_header_ptr->ImageBase;
-    loadStartAddress += opt_header_ptr->BaseOfData;
 
-    writer.Write("BootZ: Image base: ").Write(loadStartAddress).Write("\r");
+    writer.Write("BootZ: Image-Base: ").Write(loadStartAddress).Write("\r");
 
-    fStack = new UInt8[mib_cast(16)];
+    fStack = new UInt8[kBootThreadSz];
 
     if (!fStack) {
       writer.Write("BootZ: Unable to allocate stack.\r");
@@ -172,13 +173,13 @@ Int32 BootThread::Start(HEL::BootInfoHeader* handover, Bool own_stack) {
 
   if (own_stack) {
     writer.Write("BootZ: Using it's own stack.\r");
-    writer.Write("BootZ: Stack address: ").Write((UIntPtr) &fStack[mib_cast(16) - 1]).Write("\r");
-    writer.Write("BootZ: Stack size: ").Write(mib_cast(16)).Write("\r");
+    writer.Write("BootZ: Stack address: ").Write((UIntPtr) &fStack[kBootThreadSz - 1]).Write("\r");
+    writer.Write("BootZ: Stack size: ").Write(kBootThreadSz).Write("\r");
 
-    fHandover->f_StackTop = &fStack[mib_cast(16) - 1];
-    fHandover->f_StackSz  = mib_cast(16);
+    fHandover->f_StackTop = &fStack[kBootThreadSz - 1];
+    fHandover->f_StackSz  = kBootThreadSz;
 
-    auto ret = rt_jump_to_address(fStartAddress, fHandover, &fStack[mib_cast(16) - 1]);
+    auto ret = rt_jump_to_address(fStartAddress, fHandover, &fStack[kBootThreadSz - 1]);
 
     // we don't need the stack anymore.
 
@@ -187,7 +188,7 @@ Int32 BootThread::Start(HEL::BootInfoHeader* handover, Bool own_stack) {
 
     return ret;
   } else {
-    writer.Write("BootZ: Using Bootloader's stack.\r");
+    writer.Write("BootZ: Using the bootloader's stack.\r");
 
     return reinterpret_cast<HEL::HandoverProc>(fStartAddress)(fHandover);
   }
diff --git a/dev/kernel/HALKit/AMD64/HalCoreInterruptHandler.cc b/dev/kernel/HALKit/AMD64/HalCoreInterruptHandler.cc
index 01456ae5..98e1ed61 100644
--- a/dev/kernel/HALKit/AMD64/HalCoreInterruptHandler.cc
+++ b/dev/kernel/HALKit/AMD64/HalCoreInterruptHandler.cc
@@ -6,6 +6,7 @@
 
 #include <ArchKit/ArchKit.h>
 #include <KernelKit/ProcessScheduler.h>
+#include <KernelKit/UserMgr.h>
 #include <NeKit/KString.h>
 #include <SignalKit/Signals.h>
 
@@ -133,6 +134,8 @@ EXTERN_C Kernel::Void hal_system_call_enter(Kernel::UIntPtr rcx_syscall_index,
                                             Kernel::UIntPtr rdx_syscall_struct) {
   hal_idt_send_eoi(50);
 
+  if (!Kernel::kCurrentUser) return;
+
   if (rcx_syscall_index < kSysCalls.Count()) {
     if (kSysCalls[rcx_syscall_index].fHooked) {
       if (kSysCalls[rcx_syscall_index].fProc) {
@@ -149,6 +152,10 @@ EXTERN_C Kernel::Void hal_kernel_call_enter(Kernel::UIntPtr rcx_kerncall_index,
                                             Kernel::UIntPtr rdx_kerncall_struct) {
   hal_idt_send_eoi(51);
 
+  if (!Kernel::kRootUser) return;
+  if (Kernel::kCurrentUser != Kernel::kRootUser) return;
+  if (!Kernel::kCurrentUser->IsSuperUser()) return;
+
   if (rcx_kerncall_index < kKernCalls.Count()) {
     if (kKernCalls[rcx_kerncall_index].fHooked) {
       if (kKernCalls[rcx_kerncall_index].fProc) {
diff --git a/dev/kernel/KernelKit/PE.h b/dev/kernel/KernelKit/PE.h
index df5047a3..3aa8fbf2 100644
--- a/dev/kernel/KernelKit/PE.h
+++ b/dev/kernel/KernelKit/PE.h
@@ -44,8 +44,7 @@ typedef struct LDR_OPTIONAL_HEADER final {
   Kernel::UInt32 SizeOfUninitializedData;
   Kernel::UInt32 AddressOfEntryPoint;
   Kernel::UInt32 BaseOfCode;
-  Kernel::UInt32 BaseOfData;
-  Kernel::UInt32 ImageBase;
+  Kernel::UInt64 ImageBase;
   Kernel::UInt32 SectionAlignment;
   Kernel::UInt32 FileAlignment;
   Kernel::UInt16 MajorOperatingSystemVersion;
diff --git a/dev/kernel/KernelKit/UserMgr.h b/dev/kernel/KernelKit/UserMgr.h
index ef1cc659..6fa8ba14 100644
--- a/dev/kernel/KernelKit/UserMgr.h
+++ b/dev/kernel/KernelKit/UserMgr.h
@@ -87,6 +87,9 @@ class User final {
   Char         mUserName[kMaxUserNameLen] = {0};
   UInt64       mUserFNV{0UL};
 };
+
+inline User* kCurrentUser = nullptr;
+inline User* kRootUser    = nullptr;
 }  // namespace Kernel
 
 #endif /* ifndef INC_USER_H */
-- 
cgit v1.2.3