Make the kernel respect the write protection bits by default

phil-opp · phil-opp · commit 3e49682ad186 · 2020-10-30T13:06:45.000+01:00
diff --git a/src/bin/bios.rs b/src/bin/bios.rs
@@ -133,12 +133,6 @@ fn bootloader_main(
         page_tables,
         system_info,
     );
-
-    /*
-    // Make sure that the kernel respects the write-protection bits, even when in ring 0.
-    enable_write_protect_bit();
-
-    */
 }
 
 fn init_logger(framebuffer_start: PhysAddr, framebuffer_size: usize) -> FrameBufferInfo {
@@ -197,11 +191,6 @@ fn create_page_tables(
     }
 }
 
-fn enable_write_protect_bit() {
-    use x86_64::registers::control::{Cr0, Cr0Flags};
-    unsafe { Cr0::update(|cr0| *cr0 |= Cr0Flags::WRITE_PROTECT) };
-}
-
 fn detect_rsdp() -> Option<PhysAddr> {
     use core::ptr::NonNull;
     use rsdp::{
diff --git a/src/binary/mod.rs b/src/binary/mod.rs
@@ -97,6 +97,8 @@ where
 
     // Enable support for the no-execute bit in page tables.
     enable_nxe_bit();
+    // Make the kernel respect the write-protection bits even when in ring 0 by default
+    enable_write_protect_bit();
 
     let (entry_point, mut used_entries) =
         load_kernel::load_kernel(kernel_bytes, kernel_page_table, frame_allocator)
@@ -412,3 +414,8 @@ fn enable_nxe_bit() {
     use x86_64::registers::control::{Efer, EferFlags};
     unsafe { Efer::update(|efer| *efer |= EferFlags::NO_EXECUTE_ENABLE) }
 }
+
+fn enable_write_protect_bit() {
+    use x86_64::registers::control::{Cr0, Cr0Flags};
+    unsafe { Cr0::update(|cr0| *cr0 |= Cr0Flags::WRITE_PROTECT) };
+}
