CVS commit: src/sys

Sun, 20 Mar 2016 08:07:27 -0700 

Module Name:    src
Committed By:   khorben
Date:           Sun Mar 20 14:58:11 UTC 2016

Modified Files:
        src/sys/kern: kern_exec.c kern_pax.c
        src/sys/sys: pax.h

Log Message:
Let PaX ASLR know about the current emulation

This effectively fixes PaX ASLR with 32-bits emulation on 64-bits
platforms. Without this knowledge, the offset applied for 32-bits
programs was really meant for a 64-bits address space - thus
shifting the address up to 12 bits, with a success rate of about
1/4096. This offset is calculated once in the lifetime of the
process, which therefore behaved normally when able to start.

Fixes kern/50469, probably also kern/50986

Tested on NetBSD/amd64 (emul_netbsd32)


To generate a diff of this commit:
cvs rdiff -u -r1.423 -r1.424 src/sys/kern/kern_exec.c
cvs rdiff -u -r1.34 -r1.35 src/sys/kern/kern_pax.c
cvs rdiff -u -r1.17 -r1.18 src/sys/sys/pax.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/kern/kern_exec.c
diff -u src/sys/kern/kern_exec.c:1.423 src/sys/kern/kern_exec.c:1.424
--- src/sys/kern/kern_exec.c:1.423	Mon Nov 30 22:47:19 2015
+++ src/sys/kern/kern_exec.c	Sun Mar 20 14:58:10 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: kern_exec.c,v 1.423 2015/11/30 22:47:19 pgoyette Exp $	*/
+/*	$NetBSD: kern_exec.c,v 1.424 2016/03/20 14:58:10 khorben Exp $	*/
 
 /*-
  * Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -59,7 +59,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.423 2015/11/30 22:47:19 pgoyette Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.424 2016/03/20 14:58:10 khorben Exp $");
 
 #include "opt_exec.h"
 #include "opt_execfmt.h"
@@ -1160,7 +1160,7 @@ execve_runproc(struct lwp *l, struct exe
 	vm->vm_minsaddr = (void *)epp->ep_minsaddr;
 
 #ifdef PAX_ASLR
-	pax_aslr_init_vm(l, vm);
+	pax_aslr_init_vm(l, vm, epp);
 #endif /* PAX_ASLR */
 
 	/* Now map address space. */

Index: src/sys/kern/kern_pax.c
diff -u src/sys/kern/kern_pax.c:1.34 src/sys/kern/kern_pax.c:1.35
--- src/sys/kern/kern_pax.c:1.34	Sat Mar 19 18:56:37 2016
+++ src/sys/kern/kern_pax.c	Sun Mar 20 14:58:10 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: kern_pax.c,v 1.34 2016/03/19 18:56:37 christos Exp $	*/
+/*	$NetBSD: kern_pax.c,v 1.35 2016/03/20 14:58:10 khorben Exp $	*/
 
 /*
  * Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -57,7 +57,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_pax.c,v 1.34 2016/03/19 18:56:37 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_pax.c,v 1.35 2016/03/20 14:58:10 khorben Exp $");
 
 #include "opt_pax.h"
 
@@ -86,6 +86,7 @@ __KERNEL_RCSID(0, "$NetBSD: kern_pax.c,v
 
 #ifdef PAX_ASLR
 #include <sys/mman.h>
+#include <compat/netbsd32/netbsd32.h>
 
 int pax_aslr_enabled = 1;
 int pax_aslr_global = PAX_ASLR;
@@ -399,13 +400,18 @@ pax_aslr_active(struct lwp *l)
 }
 
 void
-pax_aslr_init_vm(struct lwp *l, struct vmspace *vm)
+pax_aslr_init_vm(struct lwp *l, struct vmspace *vm, struct exec_package *ep)
 {
 	if (!pax_aslr_active(l))
 		return;
 
-	vm->vm_aslr_delta_mmap = PAX_ASLR_DELTA(cprng_fast32(),
-	    PAX_ASLR_DELTA_MMAP_LSB, PAX_ASLR_DELTA_MMAP_LEN);
+	if (ep->ep_flags & EXEC_32)
+		vm->vm_aslr_delta_mmap = PAX_ASLR_DELTA(cprng_fast32(),
+		    PAX_ASLR_DELTA_MMAP_LSB,
+		    (sizeof(netbsd32_pointer_t) * NBBY) / 2);
+	else
+		vm->vm_aslr_delta_mmap = PAX_ASLR_DELTA(cprng_fast32(),
+		    PAX_ASLR_DELTA_MMAP_LSB, PAX_ASLR_DELTA_MMAP_LEN);
 	PAX_DPRINTF("delta_mmap=%#jx", vm->vm_aslr_delta_mmap);
 }
 

Index: src/sys/sys/pax.h
diff -u src/sys/sys/pax.h:1.17 src/sys/sys/pax.h:1.18
--- src/sys/sys/pax.h:1.17	Sat Mar 19 18:56:37 2016
+++ src/sys/sys/pax.h	Sun Mar 20 14:58:11 2016
@@ -1,4 +1,4 @@
-/* $NetBSD: pax.h,v 1.17 2016/03/19 18:56:37 christos Exp $ */
+/* $NetBSD: pax.h,v 1.18 2016/03/20 14:58:11 khorben Exp $ */
 
 /*-
  * Copyright (c) 2006 Elad Efrat <e...@netbsd.org>
@@ -62,7 +62,7 @@ int pax_segvguard(struct lwp *, struct v
 
 bool pax_aslr_epp_active(struct exec_package *);
 bool pax_aslr_active(struct lwp *);
-void pax_aslr_init_vm(struct lwp *, struct vmspace *);
+void pax_aslr_init_vm(struct lwp *, struct vmspace *, struct exec_package *);
 void pax_aslr_stack(struct exec_package *, u_long *);
 void pax_aslr_mmap(struct lwp *, vaddr_t *, vaddr_t, int);

Reply via email to