Projects (at) Tadryanom (dot) Me

author	Tulio A M Mendes <[email protected]>
	Mon, 25 May 2026 00:53:58 +0000 (21:53 -0300)
committer	Tulio A M Mendes <[email protected]>
	Mon, 25 May 2026 15:38:54 +0000 (12:38 -0300)
commit	82ffb8db0629e5e3027d9178482ae480a5a41696
tree	d43fc03ec3ea9b42ba4a4c27b1bffaaf11e2147c	tree \| snapshot
parent	e13618ef3d736a3104d13f2ebfd88e9db95822ed	commit \| diff

security: critical kernel memory isolation and W^X fixes (Round 1)

K01: mmap MAP_FIXED end address validation - prevent user from mapping
     across kernel boundary or overflow
K02: mprotect range kernel boundary check - reject ranges crossing into
     kernel space before permissive stack fallback
K03: shm_at address validation - check alignment and kernel boundary for
     user-supplied shmaddr, use vmm_find_free_area for auto-assigned
A01: NX flag preservation in COW - vmm_as_clone_user_cow and
     vmm_handle_cow_fault now preserve X86_PTE_NX to maintain W^X
     protection across fork and page fault resolution

Tests: 116/116 QEMU, 142/142 battery, 111/111 host, cppcheck clean

docs/FIX_PLAN.md	[new file with mode: 0644]	blob
src/arch/x86/vmm.c		diff \| blob \| blame \| history
src/kernel/shm.c		diff \| blob \| blame \| history
src/kernel/syscall.c		diff \| blob \| blame \| history