[core/loader] Implement a bit improper ASLR (#2945)

A bit improper of an ASLR - it does something but something good? Who knows... All I know is that there is a non-uniform distrobution for rand() and that rng_seed is likely a better solution? I don't know Signed-off-by: lizzie lizzie@eden-emu.dev Reviewed-on: https://git.eden-emu.dev/eden-emu/eden/pulls/2945 Reviewed-by: Maufeat <sahyno1996@gmail.com> Reviewed-by: MaranBr <maranbr@eden-emu.dev> Co-authored-by: lizzie <lizzie@eden-emu.dev> Co-committed-by: lizzie <lizzie@eden-emu.dev>
2 months ago · 504df4856d
5 changed files with 34 additions and 19 deletions
--- a/src/core/hle/kernel/k_process.cpp
+++ b/src/core/hle/kernel/k_process.cpp
@ -28,9 +28,6 @@ namespace Kernel {
 namespace {
 // TODO: Remove this workaround when proper ASLR is implemented for all address spaces.
 constexpr u64 CodeStartOffset = 0x500000UL;
 Result TerminateChildren(KernelCore& kernel, KProcess* process,
                         const KThread* thread_to_not_terminate) {
    // Request that all children threads terminate.
@ -1157,7 +1154,7 @@ KProcess::KProcess(KernelCore& kernel)
 KProcess::~KProcess() = default;
 Result KProcess::LoadFromMetadata(const FileSys::ProgramMetadata& metadata, std::size_t code_size,
                                  KProcessAddress aslr_space_start, bool is_hbl) {
    KProcessAddress aslr_space_start, size_t aslr_space_offset, bool is_hbl) {
    // Create a resource limit for the process.
    const auto pool = static_cast<KMemoryManager::Pool>(metadata.GetPoolPartition());
    const auto physical_memory_size = m_kernel.MemoryManager().GetSize(pool);
@ -1187,25 +1184,24 @@ Result KProcess::LoadFromMetadata(const FileSys::ProgramMetadata& metadata, std:
    // Set the address space type and code address.
    switch (metadata.GetAddressSpaceType()) {
    case FileSys::ProgramAddressSpaceType::Is39Bit:
        flag |= Svc::CreateProcessFlag::AddressSpace64Bit;
        // For 39-bit processes, the ASLR region starts at 0x800'0000 and is ~512GiB large.
        // However, some (buggy) programs/libraries like skyline incorrectly depend on the
        // existence of ASLR pages before the entry point, so we will adjust the load address
        // to point to about 2GiB into the ASLR region.
        code_address = 0x8000'0000;
        flag |= Svc::CreateProcessFlag::AddressSpace64Bit;
        code_address = 0x8000'0000 + aslr_space_offset;
        break;
    case FileSys::ProgramAddressSpaceType::Is36Bit:
        flag |= Svc::CreateProcessFlag::AddressSpace64BitDeprecated;
        code_address = 0x800'0000;
        code_address = 0x800'0000 + aslr_space_offset;
        break;
    case FileSys::ProgramAddressSpaceType::Is32Bit:
        flag |= Svc::CreateProcessFlag::AddressSpace32Bit;
        code_address = 0x20'0000 + CodeStartOffset;
        code_address = 0x20'0000 + aslr_space_offset;
        break;
    case FileSys::ProgramAddressSpaceType::Is32BitNoMap:
        flag |= Svc::CreateProcessFlag::AddressSpace32BitWithoutAlias;
        code_address = 0x20'0000 + CodeStartOffset;
        code_address = 0x20'0000 + aslr_space_offset;
        break;
    }
--- a/src/core/hle/kernel/k_process.h
+++ b/src/core/hle/kernel/k_process.h
@ -511,7 +511,7 @@ public:
 public:
    Result LoadFromMetadata(const FileSys::ProgramMetadata& metadata, std::size_t code_size,
                            KProcessAddress aslr_space_start, bool is_hbl);
        KProcessAddress aslr_space_start, size_t aslr_space_offset, bool is_hbl);
    void LoadModule(CodeSet code_set, KProcessAddress base_addr);
--- a/src/core/loader/deconstructed_rom_directory.cpp
+++ b/src/core/loader/deconstructed_rom_directory.cpp
@ -1,3 +1,6 @@
 // SPDX-FileCopyrightText: Copyright 2025 Eden Emulator Project
 // SPDX-License-Identifier: GPL-3.0-or-later
 // SPDX-FileCopyrightText: Copyright 2018 yuzu Emulator Project
 // SPDX-License-Identifier: GPL-2.0-or-later
@ -223,8 +226,13 @@ AppLoader_DeconstructedRomDirectory::LoadResult AppLoader_DeconstructedRomDirect
    // Add patch size to the total module size
    code_size += patch_ctx.GetTotalPatchSize();
    // TODO: this is bad form of ASLR, it sucks
    size_t aslr_offset = ((::Settings::values.rng_seed_enabled.GetValue()
        ? ::Settings::values.rng_seed.GetValue()
        : std::rand()) * 0x734287f27) & 0xfff000;
    // Setup the process code layout
    if (process.LoadFromMetadata(metadata, code_size, fastmem_base, is_hbl).IsError()) {
    if (process.LoadFromMetadata(metadata, code_size, fastmem_base, aslr_offset, is_hbl).IsError()) {
        return {ResultStatus::ErrorUnableToParseKernelMetadata, {}};
    }
--- a/src/core/loader/kip.cpp
+++ b/src/core/loader/kip.cpp
@ -5,6 +5,7 @@
 // SPDX-License-Identifier: GPL-2.0-or-later
 #include <cstring>
 #include "common/settings.h"
 #include "core/file_sys/kernel_executable.h"
 #include "core/file_sys/program_metadata.h"
 #include "core/hle/kernel/code_set.h"
@ -76,11 +77,10 @@ AppLoader::LoadResult AppLoader_KIP::Load(Kernel::KProcess& process,
    Kernel::CodeSet codeset;
    Kernel::PhysicalMemory program_image;
    const auto load_segment = [&program_image](Kernel::CodeSet::Segment& segment,
                                               const std::vector<u8>& data, u32 offset) {
    const auto load_segment = [&program_image](Kernel::CodeSet::Segment& segment, const std::vector<u8>& data, u32 offset) {
        segment.addr = offset;
        segment.offset = offset;
        segment.size = PageAlignSize(static_cast<u32>(data.size()));
        segment.size = PageAlignSize(u32(data.size()));
        program_image.resize(offset + data.size());
        std::memcpy(program_image.data() + offset, data.data(), data.size());
    };
@ -92,10 +92,14 @@ AppLoader::LoadResult AppLoader_KIP::Load(Kernel::KProcess& process,
    program_image.resize(PageAlignSize(kip->GetBSSOffset()) + kip->GetBSSSize());
    codeset.DataSegment().size += kip->GetBSSSize();
    // TODO: this is bad form of ASLR, it sucks
    size_t aslr_offset = ((::Settings::values.rng_seed_enabled.GetValue()
        ? ::Settings::values.rng_seed.GetValue()
        : std::rand()) * 0x734287f27) & 0xfff000;
    // Setup the process code layout
    if (process
            .LoadFromMetadata(FileSys::ProgramMetadata::GetDefault(), program_image.size(), 0,
                              false)
            .LoadFromMetadata(FileSys::ProgramMetadata::GetDefault(), program_image.size(), 0, aslr_offset, false)
            .IsError()) {
        return {ResultStatus::ErrorNotInitialized, {}};
    }
--- a/src/core/loader/nro.cpp
+++ b/src/core/loader/nro.cpp
@ -1,3 +1,6 @@
 // SPDX-FileCopyrightText: Copyright 2025 Eden Emulator Project
 // SPDX-License-Identifier: GPL-3.0-or-later
 // SPDX-FileCopyrightText: Copyright 2018 yuzu Emulator Project
 // SPDX-License-Identifier: GPL-2.0-or-later
@ -237,10 +240,14 @@ static bool LoadNroImpl(Core::System& system, Kernel::KProcess& process,
        return 0;
    }();
    // TODO: this is bad form of ASLR, it sucks
    size_t aslr_offset = ((::Settings::values.rng_seed_enabled.GetValue()
        ? ::Settings::values.rng_seed.GetValue()
        : std::rand()) * 0x734287f27) & 0xfff000;
    // Setup the process code layout
    if (process
            .LoadFromMetadata(FileSys::ProgramMetadata::GetDefault(), image_size, fastmem_base,
                              false)
            .LoadFromMetadata(FileSys::ProgramMetadata::GetDefault(), image_size, fastmem_base, aslr_offset, false)
            .IsError()) {
        return false;
    }