Module Name: src Committed By: bouyer Date: Tue Aug 31 10:55:34 UTC 2010
Modified Files: src/sys/kern [netbsd-5-0]: exec_subr.c kern_pax.c Log Message: Pull up following revision(s) (requested by christos in ticket #1444): sys/kern/kern_pax.c: revision 1.24 sys/kern/exec_subr.c: revision 1.65 Fix issues with stack allocation and pax aslr: - since the size is unsigned, don't check just that it is > 0, but limit it to the MAXSSIZ - if the stack size is reduced because of aslr, make sure we reduce the actual allocation by the same size so that the size does not wrap around. NB: Must be pulled up to 5.x! To generate a diff of this commit: cvs rdiff -u -r1.61.8.1 -r1.61.8.1.2.1 src/sys/kern/exec_subr.c cvs rdiff -u -r1.22 -r1.22.14.1 src/sys/kern/kern_pax.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/kern/exec_subr.c diff -u src/sys/kern/exec_subr.c:1.61.8.1 src/sys/kern/exec_subr.c:1.61.8.1.2.1 --- src/sys/kern/exec_subr.c:1.61.8.1 Wed Apr 1 00:25:22 2009 +++ src/sys/kern/exec_subr.c Tue Aug 31 10:55:34 2010 @@ -1,4 +1,4 @@ -/* $NetBSD: exec_subr.c,v 1.61.8.1 2009/04/01 00:25:22 snj Exp $ */ +/* $NetBSD: exec_subr.c,v 1.61.8.1.2.1 2010/08/31 10:55:34 bouyer Exp $ */ /* * Copyright (c) 1993, 1994, 1996 Christopher G. Demetriou @@ -31,7 +31,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: exec_subr.c,v 1.61.8.1 2009/04/01 00:25:22 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: exec_subr.c,v 1.61.8.1.2.1 2010/08/31 10:55:34 bouyer Exp $"); #include "opt_pax.h" @@ -386,6 +386,7 @@ epp->ep_minsaddr = USRSTACK; max_stack_size = MAXSSIZ; } + epp->ep_ssize = l->l_proc->p_rlimit[RLIMIT_STACK].rlim_cur; #ifdef PAX_ASLR pax_aslr_stack(l, epp, &max_stack_size); @@ -395,7 +396,6 @@ epp->ep_maxsaddr = (u_long)STACK_GROW(epp->ep_minsaddr, max_stack_size); - epp->ep_ssize = l->l_proc->p_rlimit[RLIMIT_STACK].rlim_cur; /* * set up commands for stack. note that this takes *two*, one to @@ -410,11 +410,11 @@ noaccess_size = max_stack_size - access_size; noaccess_linear_min = (u_long)STACK_ALLOC(STACK_GROW(epp->ep_minsaddr, access_size), noaccess_size); - if (noaccess_size > 0) { + if (noaccess_size > 0 && noaccess_size <= MAXSSIZ) { NEW_VMCMD2(&epp->ep_vmcmds, vmcmd_map_zero, noaccess_size, noaccess_linear_min, NULL, 0, VM_PROT_NONE, VMCMD_STACK); } - KASSERT(access_size > 0); + KASSERT(access_size > 0 && access_size <= MAXSSIZ); NEW_VMCMD2(&epp->ep_vmcmds, vmcmd_map_zero, access_size, access_linear_min, NULL, 0, VM_PROT_READ | VM_PROT_WRITE, VMCMD_STACK); Index: src/sys/kern/kern_pax.c diff -u src/sys/kern/kern_pax.c:1.22 src/sys/kern/kern_pax.c:1.22.14.1 --- src/sys/kern/kern_pax.c:1.22 Wed Jun 4 12:26:20 2008 +++ src/sys/kern/kern_pax.c Tue Aug 31 10:55:34 2010 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_pax.c,v 1.22 2008/06/04 12:26:20 ad Exp $ */ +/* $NetBSD: kern_pax.c,v 1.22.14.1 2010/08/31 10:55:34 bouyer Exp $ */ /*- * Copyright (c) 2006 Elad Efrat <e...@netbsd.org> @@ -28,7 +28,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: kern_pax.c,v 1.22 2008/06/04 12:26:20 ad Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_pax.c,v 1.22.14.1 2010/08/31 10:55:34 bouyer Exp $"); #include "opt_pax.h" @@ -353,6 +353,8 @@ #endif epp->ep_minsaddr -= d; *max_stack_size -= d; + if (epp->ep_ssize > *max_stack_size) + epp->ep_ssize = *max_stack_size; } } #endif /* PAX_ASLR */