avoid using shared memory

ps5-payload-dev · Jan 1, 2025 · 1a5cae4 · 1a5cae4
1 parent 623d6d3
commit 1a5cae4
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 74 deletions.
diff --git a/elfldr.c b/elfldr.c
@@ -114,64 +114,6 @@ pt_load(elfldr_ctx_t *ctx, Elf64_Phdr *phdr) {
 }
 
 
-/**
- * Reload a PT_LOAD program header with executable permissions.
- **/
-static int
-pt_reload(elfldr_ctx_t *ctx, Elf64_Phdr *phdr) {
-  intptr_t addr = ctx->base_addr + phdr->p_vaddr;
-  void* data = ctx->base_mirror + phdr->p_vaddr;
-  size_t memsz = ROUND_PG(phdr->p_memsz);
-  int prot = PFLAGS(phdr->p_flags);
-  int alias_fd = -1;
-  int shm_fd = -1;
-  int error = 0;
-
-  // Create shm with executable permissions.
-  if((shm_fd=pt_jitshm_create(ctx->pid, 0, memsz,
-			      prot | PROT_READ | PROT_WRITE)) < 0) {
-    pt_perror(ctx->pid, "pt_jitshm_create");
-    error = -1;
-  }
-
-  // Map shm into an executable address space.
-  else if((addr=pt_mmap(ctx->pid, addr, memsz, prot,
-			MAP_FIXED | MAP_PRIVATE,
-			shm_fd, 0)) == -1) {
-    pt_perror(ctx->pid, "pt_mmap");
-    error = -1;
-  }
-
-  // Create an shm alias fd with write permissions.
-  else if((alias_fd=pt_jitshm_alias(ctx->pid, shm_fd,
-				    PROT_READ | PROT_WRITE)) < 0) {
-    pt_perror(ctx->pid, "pt_jitshm_alias");
-    error = -1;
-  }
-
-  // Map shm alias into a writable address space.
-  else if((addr=pt_mmap(ctx->pid, 0, memsz, PROT_READ | PROT_WRITE,
-			MAP_SHARED, alias_fd, 0)) == -1) {
-    pt_perror(ctx->pid, "pt_mmap");
-    error = -1;
-  }
-
-  // Resore data
-  else {
-    if(mdbg_copyin(ctx->pid, data, addr, memsz)) {
-      klog_perror("mdbg_copyin");
-      error = -1;
-    }
-    pt_munmap(ctx->pid, addr, memsz);
-  }
-
-  pt_close(ctx->pid, alias_fd);
-  pt_close(ctx->pid, shm_fd);
-
-  return error;
-}
-
-
 int
 elfldr_sanity_check(uint8_t *elf, size_t elf_size) {
   Elf64_Ehdr *ehdr = (Elf64_Ehdr*)elf;
@@ -292,7 +234,11 @@ elfldr_load(pid_t pid, uint8_t *elf) {
     }
 
     if(phdr[i].p_flags & PF_X) {
-      error = pt_reload(&ctx, &phdr[i]);
+      if(kernel_mprotect(pid, ctx.base_addr + phdr[i].p_vaddr,
+                         ROUND_PG(phdr[i].p_memsz),
+                         PFLAGS(phdr[i].p_flags))) {
+	perror("kernel_mprotect");
+      }
     } else {
       if(pt_mprotect(pid, ctx.base_addr + phdr[i].p_vaddr,
 		     ROUND_PG(phdr[i].p_memsz),

diff --git a/pt.c b/pt.c
@@ -231,18 +231,6 @@ pt_syscall(pid_t pid, int sysno, ...) {
 }
 
 
-int
-pt_jitshm_create(pid_t pid, intptr_t name, size_t size, int flags) {
-  return (int)pt_syscall(pid, 0x215, name, size, flags);
-}
-
-
-int
-pt_jitshm_alias(pid_t pid, int fd, int flags) {
-  return (int)pt_syscall(pid, 0x216, fd, flags);
-}
-
-
 intptr_t
 pt_mmap(pid_t pid, intptr_t addr, size_t len, int prot, int flags,
 	int fd, off_t off) {

diff --git a/pt.h b/pt.h
@@ -34,9 +34,6 @@ int pt_getint(pid_t pid, intptr_t addr);
 long pt_syscall(pid_t pid, int sysno, ...);
 intptr_t pt_resolve(pid_t pid, const char* nid);
 
-int pt_jitshm_create(pid_t pid, intptr_t name, size_t size, int flags);
-int pt_jitshm_alias(pid_t pid, int fd, int flags);
-
 intptr_t pt_mmap(pid_t pid, intptr_t addr, size_t len, int prot, int flags,
 		 int fd, off_t off);
 int pt_msync(pid_t, intptr_t addr, size_t len, int flags);