kern

Christos Zoulas Sun, 10 Apr 2016 08:02:31 -0700

Module Name:    src
Committed By:   christos
Date:           Sun Apr 10 15:02:17 UTC 2016


Modified Files:
        src/sys/kern: kern_pax.c

Log Message:
Add a flags sysctl for ASLR to disable particular features. We seem to be
having issues with stack setup.


To generate a diff of this commit:
cvs rdiff -u -r1.38 -r1.39 src/sys/kern/kern_pax.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/kern/kern_pax.c
diff -u src/sys/kern/kern_pax.c:1.38 src/sys/kern/kern_pax.c:1.39
--- src/sys/kern/kern_pax.c:1.38	Wed Apr  6 23:31:12 2016
+++ src/sys/kern/kern_pax.c	Sun Apr 10 11:02:17 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: kern_pax.c,v 1.38 2016/04/07 03:31:12 christos Exp $	*/
+/*	$NetBSD: kern_pax.c,v 1.39 2016/04/10 15:02:17 christos Exp $	*/
 
 /*
  * Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -57,7 +57,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_pax.c,v 1.38 2016/04/07 03:31:12 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_pax.c,v 1.39 2016/04/10 15:02:17 christos Exp $");
 
 #include "opt_pax.h"
 
@@ -131,6 +131,11 @@ int pax_mprotect_debug;
 
 #ifdef PAX_ASLR_DEBUG
 int pax_aslr_debug;
+/* flag set means disable */
+int pax_aslr_flags;
+#define PAX_ASLR_STACK	1
+#define PAX_ASLR_EXEC	2
+#define PAX_ASLR_MMAP	4
 #endif
 
 static int pax_segvguard_enabled = 1;
@@ -270,6 +275,12 @@ SYSCTL_SETUP(sysctl_security_pax_setup, 
 		       SYSCTL_DESCR("Pring ASLR selected addresses."),
 		       NULL, 0, &pax_aslr_debug, 0,
 		       CTL_CREATE, CTL_EOL);
+	sysctl_createv(clog, 0, &rnode, NULL,
+		       CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+		       CTLTYPE_INT, "flags",
+		       SYSCTL_DESCR("Disable/Enable select ASLR features."),
+		       NULL, 0, &pax_aslr_flags, 0,
+		       CTL_CREATE, CTL_EOL);
 #endif
 	sysctl_createv(clog, 0, &rnode, NULL,
 		       CTLFLAG_PERMANENT|CTLFLAG_IMMEDIATE,
@@ -438,6 +449,11 @@ pax_aslr_init_vm(struct lwp *l, struct v
 	if (!pax_aslr_active(l))
 		return;
 
+#ifdef PAX_ASLR_DEBUG
+	if (pax_aslr_flags & PAX_ASLR_MMAP)
+		return;
+#endif
+
 	uint32_t len = (ep->ep_flags & EXEC_32) ?
 	    PAX_ASLR_DELTA_MMAP_LEN32 : PAX_ASLR_DELTA_MMAP_LEN;
 
@@ -454,6 +470,10 @@ pax_aslr_mmap(struct lwp *l, vaddr_t *ad
 		return;
 #ifdef PAX_ASLR_DEBUG
 	char buf[256];
+
+	if (pax_aslr_flags & PAX_ASLR_MMAP)
+		return;
+
 	if (pax_aslr_debug)
 		snprintb(buf, sizeof(buf), MAP_FMT, f);
 	else
@@ -479,6 +499,10 @@ pax_aslr_stack(struct exec_package *epp,
 {
 	if (!pax_aslr_epp_active(epp))
 		return;
+#ifdef PAX_ASLR_DEBUG
+	if (pax_aslr_flags & PAX_ASLR_STACK)
+		return;
+#endif
 
 	u_long d = PAX_ASLR_DELTA(cprng_fast32(),
 	    PAX_ASLR_DELTA_STACK_LSB,

CVS commit: src/sys/kern

Reply via email to