Module Name: src
Committed By: khorben
Date: Sun Mar 20 14:58:11 UTC 2016
Modified Files:
src/sys/kern: kern_exec.c kern_pax.c
src/sys/sys: pax.h
Log Message:
Let PaX ASLR know about the current emulation
This effectively fixes PaX ASLR with 32-bits emulation on 64-bits
platforms. Without this knowledge, the offset applied for 32-bits
programs was really meant for a 64-bits address space - thus
shifting the address up to 12 bits, with a success rate of about
1/4096. This offset is calculated once in the lifetime of the
process, which therefore behaved normally when able to start.
Fixes kern/50469, probably also kern/50986
Tested on NetBSD/amd64 (emul_netbsd32)
To generate a diff of this commit:
cvs rdiff -u -r1.423 -r1.424 src/sys/kern/kern_exec.c
cvs rdiff -u -r1.34 -r1.35 src/sys/kern/kern_pax.c
cvs rdiff -u -r1.17 -r1.18 src/sys/sys/pax.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/kern_exec.c
diff -u src/sys/kern/kern_exec.c:1.423 src/sys/kern/kern_exec.c:1.424
--- src/sys/kern/kern_exec.c:1.423 Mon Nov 30 22:47:19 2015
+++ src/sys/kern/kern_exec.c Sun Mar 20 14:58:10 2016
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_exec.c,v 1.423 2015/11/30 22:47:19 pgoyette Exp $ */
+/* $NetBSD: kern_exec.c,v 1.424 2016/03/20 14:58:10 khorben Exp $ */
/*-
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -59,7 +59,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.423 2015/11/30 22:47:19 pgoyette Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.424 2016/03/20 14:58:10 khorben Exp $");
#include "opt_exec.h"
#include "opt_execfmt.h"
@@ -1160,7 +1160,7 @@ execve_runproc(struct lwp *l, struct exe
vm->vm_minsaddr = (void *)epp->ep_minsaddr;
#ifdef PAX_ASLR
- pax_aslr_init_vm(l, vm);
+ pax_aslr_init_vm(l, vm, epp);
#endif /* PAX_ASLR */
/* Now map address space. */
Index: src/sys/kern/kern_pax.c
diff -u src/sys/kern/kern_pax.c:1.34 src/sys/kern/kern_pax.c:1.35
--- src/sys/kern/kern_pax.c:1.34 Sat Mar 19 18:56:37 2016
+++ src/sys/kern/kern_pax.c Sun Mar 20 14:58:10 2016
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_pax.c,v 1.34 2016/03/19 18:56:37 christos Exp $ */
+/* $NetBSD: kern_pax.c,v 1.35 2016/03/20 14:58:10 khorben Exp $ */
/*
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -57,7 +57,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_pax.c,v 1.34 2016/03/19 18:56:37 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_pax.c,v 1.35 2016/03/20 14:58:10 khorben Exp $");
#include "opt_pax.h"
@@ -86,6 +86,7 @@ __KERNEL_RCSID(0, "$NetBSD: kern_pax.c,v
#ifdef PAX_ASLR
#include <sys/mman.h>
+#include <compat/netbsd32/netbsd32.h>
int pax_aslr_enabled = 1;
int pax_aslr_global = PAX_ASLR;
@@ -399,13 +400,18 @@ pax_aslr_active(struct lwp *l)
}
void
-pax_aslr_init_vm(struct lwp *l, struct vmspace *vm)
+pax_aslr_init_vm(struct lwp *l, struct vmspace *vm, struct exec_package *ep)
{
if (!pax_aslr_active(l))
return;
- vm->vm_aslr_delta_mmap = PAX_ASLR_DELTA(cprng_fast32(),
- PAX_ASLR_DELTA_MMAP_LSB, PAX_ASLR_DELTA_MMAP_LEN);
+ if (ep->ep_flags & EXEC_32)
+ vm->vm_aslr_delta_mmap = PAX_ASLR_DELTA(cprng_fast32(),
+ PAX_ASLR_DELTA_MMAP_LSB,
+ (sizeof(netbsd32_pointer_t) * NBBY) / 2);
+ else
+ vm->vm_aslr_delta_mmap = PAX_ASLR_DELTA(cprng_fast32(),
+ PAX_ASLR_DELTA_MMAP_LSB, PAX_ASLR_DELTA_MMAP_LEN);
PAX_DPRINTF("delta_mmap=%#jx", vm->vm_aslr_delta_mmap);
}
Index: src/sys/sys/pax.h
diff -u src/sys/sys/pax.h:1.17 src/sys/sys/pax.h:1.18
--- src/sys/sys/pax.h:1.17 Sat Mar 19 18:56:37 2016
+++ src/sys/sys/pax.h Sun Mar 20 14:58:11 2016
@@ -1,4 +1,4 @@
-/* $NetBSD: pax.h,v 1.17 2016/03/19 18:56:37 christos Exp $ */
+/* $NetBSD: pax.h,v 1.18 2016/03/20 14:58:11 khorben Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat <[email protected]>
@@ -62,7 +62,7 @@ int pax_segvguard(struct lwp *, struct v
bool pax_aslr_epp_active(struct exec_package *);
bool pax_aslr_active(struct lwp *);
-void pax_aslr_init_vm(struct lwp *, struct vmspace *);
+void pax_aslr_init_vm(struct lwp *, struct vmspace *, struct exec_package *);
void pax_aslr_stack(struct exec_package *, u_long *);
void pax_aslr_mmap(struct lwp *, vaddr_t *, vaddr_t, int);
