From 878919d80864301328f3e9c471fe2dce2a8ea61d Mon Sep 17 00:00:00 2001 From: Amlal El Mahrouss Date: Sun, 11 Jan 2026 15:17:49 +0100 Subject: chore: kernel/boot: Enforce subsystem 17 by default. Signed-off-by: Amlal El Mahrouss --- src/boot/src/BootThread.cc | 7 +++++++ src/kernel/KernelKit/PE.h | 2 ++ src/kernel/src/PE32CodeMgr.cc | 6 ++++++ src/libDDK/src/ddk_kernel_call.c | 2 +- src/libSystem/src/SystemCalls.cc | 15 +++++++-------- 5 files changed, 23 insertions(+), 9 deletions(-) (limited to 'src') diff --git a/src/boot/src/BootThread.cc b/src/boot/src/BootThread.cc index ec26209b..bbb8fb5a 100644 --- a/src/boot/src/BootThread.cc +++ b/src/boot/src/BootThread.cc @@ -52,6 +52,13 @@ BootThread::BootThread(VoidPtr blob) : fStartAddress(nullptr), fBlob(blob) { } #endif // __NE_AMD64__ || __NE_ARM64__ +#if !defined(__nekernel_allow_non_nekernel_pe) + if (opt_header_ptr->Subsystem != kNeKernelPESubsystem) { + writer.Write("BootZ: Not a NeKernel PE32+ executable.\r"); + return; + } +#endif + writer.Write("BootZ: PE32+ executable detected (NeKernel Subsystem).\r"); auto numSecs = header_ptr->NumberOfSections; diff --git a/src/kernel/KernelKit/PE.h b/src/kernel/KernelKit/PE.h index 751e7ceb..bef39481 100644 --- a/src/kernel/KernelKit/PE.h +++ b/src/kernel/KernelKit/PE.h @@ -15,6 +15,8 @@ #define kPeMachineAMD64 (0x8664) #define kPeMachineARM64 (0xaa64) +#define kNeKernelPESubsystem (0x11) + typedef struct LDR_EXEC_HEADER final { Kernel::UInt32 Signature; Kernel::UInt16 Machine; diff --git a/src/kernel/src/PE32CodeMgr.cc b/src/kernel/src/PE32CodeMgr.cc index 517900c4..7f5250fd 100644 --- a/src/kernel/src/PE32CodeMgr.cc +++ b/src/kernel/src/PE32CodeMgr.cc @@ -98,6 +98,12 @@ ErrorOr PE32Loader::FindSectionByName(const Char* name) { return ErrorOr{kErrorInvalidData}; } +#if !defined(__nekernel_allow_non_nekernel_pe) + if (opt_header_ptr->Subsystem != kNeKernelPESubsystem) { + return ErrorOr{kErrorInvalidData}; + } +#endif + LDR_SECTION_HEADER_PTR secs = (LDR_SECTION_HEADER_PTR) (((Char*) opt_header_ptr) + header_ptr->SizeOfOptionalHeader); diff --git a/src/libDDK/src/ddk_kernel_call.c b/src/libDDK/src/ddk_kernel_call.c index 95af4dc3..d240c637 100644 --- a/src/libDDK/src/ddk_kernel_call.c +++ b/src/libDDK/src/ddk_kernel_call.c @@ -12,7 +12,7 @@ #include /// @brief this is an internal call, do not use it. -DDK_EXTERN ATTRIBUTE(naked) /* */ +DDK_EXTERN ATTRIBUTE(naked) /* */ ptr_t __ke_call_dispatch(const int32_t name, int32_t cnt, void* data, size_t sz); /// @brief This function hashes the path into a FNV symbol. diff --git a/src/libSystem/src/SystemCalls.cc b/src/libSystem/src/SystemCalls.cc index 0d5980e4..0059d55d 100644 --- a/src/libSystem/src/SystemCalls.cc +++ b/src/libSystem/src/SystemCalls.cc @@ -149,7 +149,8 @@ IMPORT_C UInt64 IoTellFile(_Input Ref desc) { } IMPORT_C SInt32 PrintRelease(_Input IORef buf) { - SInt32* ret = static_cast(libsys_syscall_arg_2(SYSCALL_HASH("PrintRelease"), static_cast(buf))); + SInt32* ret = static_cast( + libsys_syscall_arg_2(SYSCALL_HASH("PrintRelease"), static_cast(buf))); if (!ret) return -kErrorInvalidData; return static_cast(*ret); @@ -159,15 +160,13 @@ IMPORT_C IORef PrintCreate(Void) { return static_cast(libsys_syscall_arg_1(SYSCALL_HASH("PrintCreate"))); } - IMPORT_C VoidPtr MmCreateHeap(UInt64 initial_size, UInt32 max_size) { return static_cast(libsys_syscall_arg_3(SYSCALL_HASH("MmCreateHeap"), - reinterpret_cast(&initial_size), - reinterpret_cast(&max_size))); + reinterpret_cast(&initial_size), + reinterpret_cast(&max_size))); } -IMPORT_C SInt32 MmDestroyHeap(VoidPtr heap) -{ +IMPORT_C SInt32 MmDestroyHeap(VoidPtr heap) { auto ret = libsys_syscall_arg_2(SYSCALL_HASH("MmDestroyHeap"), static_cast(heap)); return *static_cast(ret); } @@ -192,8 +191,8 @@ IMPORT_C SInt32 PrintIn(_Input IORef desc, const Char* fmt, ...) { } IMPORT_C IORef PrintGet(const Char* path) { - return static_cast(libsys_syscall_arg_2(SYSCALL_HASH("PrintGet"), - Verify::sys_safe_cast(path))); + return static_cast( + libsys_syscall_arg_2(SYSCALL_HASH("PrintGet"), Verify::sys_safe_cast(path))); } IMPORT_C ErrRef ErrGetLastError(Void) { -- cgit v1.2.3