Module Name: src
Committed By: christos
Date: Sat Mar 19 18:56:37 UTC 2016
Modified Files:
src/sys/kern: exec_elf.c kern_pax.c
src/sys/sys: pax.h
Log Message:
Allow enabling and disabling PaX ASLR debug
To generate a diff of this commit:
cvs rdiff -u -r1.81 -r1.82 src/sys/kern/exec_elf.c
cvs rdiff -u -r1.33 -r1.34 src/sys/kern/kern_pax.c
cvs rdiff -u -r1.16 -r1.17 src/sys/sys/pax.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/exec_elf.c
diff -u src/sys/kern/exec_elf.c:1.81 src/sys/kern/exec_elf.c:1.82
--- src/sys/kern/exec_elf.c:1.81 Thu Nov 26 08:15:34 2015
+++ src/sys/kern/exec_elf.c Sat Mar 19 14:56:37 2016
@@ -1,4 +1,4 @@
-/* $NetBSD: exec_elf.c,v 1.81 2015/11/26 13:15:34 martin Exp $ */
+/* $NetBSD: exec_elf.c,v 1.82 2016/03/19 18:56:37 christos Exp $ */
/*-
* Copyright (c) 1994, 2000, 2005, 2015 The NetBSD Foundation, Inc.
@@ -57,7 +57,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(1, "$NetBSD: exec_elf.c,v 1.81 2015/11/26 13:15:34 martin Exp $");
+__KERNEL_RCSID(1, "$NetBSD: exec_elf.c,v 1.82 2016/03/19 18:56:37 christos Exp $");
#ifdef _KERNEL_OPT
#include "opt_pax.h"
@@ -140,11 +140,12 @@ elf_placedynexec(struct exec_package *ep
delta = PAX_ASLR_DELTA(r, l2, PAX_ASLR_DELTA_EXEC_LEN);
offset = ELF_TRUNC(delta, pax_align) + PAGE_SIZE;
#ifdef PAX_ASLR_DEBUG
- uprintf("r=0x%x l2=0x%zx PGSHIFT=0x%x Delta=0x%zx\n", r, l2,
- PGSHIFT, delta);
- uprintf("pax offset=0x%llx entry=0x%llx\n",
- (unsigned long long)offset,
- (unsigned long long)eh->e_entry);
+ if (pax_aslr_debug) {
+ uprintf("%s: r=%#x l2=%#zx pax_align=%#zx delta=%#zx\n",
+ __func__, r, l2, pax_align, delta);
+ uprintf("%s: pax offset=%#jx entry=%#jx\n", __func__,
+ (uintmax_t)offset, (uintmax_t)eh->e_entry);
+ }
#endif /* PAX_ASLR_DEBUG */
} else
#endif /* PAX_ASLR */
Index: src/sys/kern/kern_pax.c
diff -u src/sys/kern/kern_pax.c:1.33 src/sys/kern/kern_pax.c:1.34
--- src/sys/kern/kern_pax.c:1.33 Thu Oct 8 22:00:59 2015
+++ src/sys/kern/kern_pax.c Sat Mar 19 14:56:37 2016
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_pax.c,v 1.33 2015/10/09 02:00:59 christos Exp $ */
+/* $NetBSD: kern_pax.c,v 1.34 2016/03/19 18:56:37 christos Exp $ */
/*
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -57,7 +57,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_pax.c,v 1.33 2015/10/09 02:00:59 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_pax.c,v 1.34 2016/03/19 18:56:37 christos Exp $");
#include "opt_pax.h"
@@ -68,6 +68,7 @@ __KERNEL_RCSID(0, "$NetBSD: kern_pax.c,v
#include <sys/pax.h>
#include <sys/sysctl.h>
#include <sys/kmem.h>
+#include <sys/mman.h>
#include <sys/fileassoc.h>
#include <sys/syslog.h>
#include <sys/vnode.h>
@@ -76,7 +77,9 @@ __KERNEL_RCSID(0, "$NetBSD: kern_pax.c,v
#include <sys/cprng.h>
#ifdef PAX_ASLR_DEBUG
-#define PAX_DPRINTF(_fmt, args...) uprintf("%s: " _fmt "\n", __func__, ##args)
+#define PAX_DPRINTF(_fmt, args...) \
+ do if (pax_aslr_debug) uprintf("%s: " _fmt "\n", __func__, ##args); \
+ while (/*CONSTCOND*/0)
#else
#define PAX_DPRINTF(_fmt, args...) do {} while (/*CONSTCOND*/0)
#endif
@@ -120,6 +123,10 @@ static bool pax_mprotect_elf_flags_activ
#define PAX_SEGVGUARD_MAXCRASHES 5
#endif
+#ifdef PAX_ASLR_DEBUG
+int pax_aslr_debug;
+#endif
+
static int pax_segvguard_enabled = 1;
static int pax_segvguard_global = PAX_SEGVGUARD;
static int pax_segvguard_expiry = PAX_SEGVGUARD_EXPIRY;
@@ -242,6 +249,14 @@ SYSCTL_SETUP(sysctl_security_pax_setup,
"specified, apply to all processes."),
NULL, 0, &pax_aslr_global, 0,
CTL_CREATE, CTL_EOL);
+#ifdef PAX_ASLR_DEBUG
+ sysctl_createv(clog, 0, &rnode, NULL,
+ CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+ CTLTYPE_INT, "debug",
+ SYSCTL_DESCR("Pring ASLR selected addresses."),
+ NULL, 0, &pax_aslr_debug, 0,
+ CTL_CREATE, CTL_EOL);
+#endif
sysctl_createv(clog, 0, &rnode, NULL,
CTLFLAG_PERMANENT|CTLFLAG_IMMEDIATE,
CTLTYPE_INT, "mmap_len",
@@ -391,6 +406,7 @@ pax_aslr_init_vm(struct lwp *l, struct v
vm->vm_aslr_delta_mmap = PAX_ASLR_DELTA(cprng_fast32(),
PAX_ASLR_DELTA_MMAP_LSB, PAX_ASLR_DELTA_MMAP_LEN);
+ PAX_DPRINTF("delta_mmap=%#jx", vm->vm_aslr_delta_mmap);
}
void
@@ -398,18 +414,25 @@ pax_aslr_mmap(struct lwp *l, vaddr_t *ad
{
if (!pax_aslr_active(l))
return;
+#ifdef PAX_ASLR_DEBUG
+ char buf[256];
+ if (pax_aslr_debug)
+ snprintb(buf, sizeof(buf), MAP_FMT, f);
+ else
+ buf[0] = '\0';
+#endif
if (!(f & MAP_FIXED) && ((orig_addr == 0) || !(f & MAP_ANON))) {
- PAX_DPRINTF("applying to 0x%lx orig_addr=0x%lx f=%x",
- (unsigned long)*addr, (unsigned long)orig_addr, f);
+ PAX_DPRINTF("applying to %#jx orig_addr=%#jx f=%s",
+ (uintmax_t)*addr, (uintmax_t)orig_addr, buf);
if (!(l->l_proc->p_vmspace->vm_map.flags & VM_MAP_TOPDOWN))
*addr += l->l_proc->p_vmspace->vm_aslr_delta_mmap;
else
*addr -= l->l_proc->p_vmspace->vm_aslr_delta_mmap;
- PAX_DPRINTF("result 0x%lx", *addr);
+ PAX_DPRINTF("result %#jx", (uintmax_t)*addr);
} else {
- PAX_DPRINTF("not applying to 0x%lx orig_addr=0x%lx f=%x",
- (unsigned long)*addr, (unsigned long)orig_addr, f);
+ PAX_DPRINTF("not applying to %#jx orig_addr=%#jx f=%s",
+ (uintmax_t)*addr, (uintmax_t)orig_addr, buf);
}
}
@@ -422,8 +445,8 @@ pax_aslr_stack(struct exec_package *epp,
u_long d = PAX_ASLR_DELTA(cprng_fast32(),
PAX_ASLR_DELTA_STACK_LSB,
PAX_ASLR_DELTA_STACK_LEN);
- PAX_DPRINTF("stack 0x%lx d=0x%lx 0x%lx",
- epp->ep_minsaddr, d, epp->ep_minsaddr - d);
+ PAX_DPRINTF("stack %#jx delta=%#lx diff=%lx",
+ (uintmax_t)epp->ep_minsaddr, d, epp->ep_minsaddr - d);
epp->ep_minsaddr -= d;
*max_stack_size -= d;
if (epp->ep_ssize > *max_stack_size)
Index: src/sys/sys/pax.h
diff -u src/sys/sys/pax.h:1.16 src/sys/sys/pax.h:1.17
--- src/sys/sys/pax.h:1.16 Sat Sep 26 12:12:24 2015
+++ src/sys/sys/pax.h Sat Mar 19 14:56:37 2016
@@ -1,4 +1,4 @@
-/* $NetBSD: pax.h,v 1.16 2015/09/26 16:12:24 maxv Exp $ */
+/* $NetBSD: pax.h,v 1.17 2016/03/19 18:56:37 christos Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat <[email protected]>
@@ -48,6 +48,9 @@ struct vmspace;
#define PAX_ASLR_DELTA_EXEC_LEN 12
#endif
#endif /* PAX_ASLR */
+#ifdef PAX_ASLR_DEBUG
+extern int pax_aslr_debug;
+#endif
void pax_init(void);
void pax_setup_elf_flags(struct exec_package *, uint32_t);
