CVSROOT: /cvs
Module name: src
Changes by: dera...@cvs.openbsd.org 2022/10/14 21:23:50
Modified files:
sys/kern : kern_sig.c
sys/uvm : uvm_map.c uvm_map.h
Log message:
During the MAP_STACK introduction in 2018, sigaltstack() became a
problem because haphazard use could shoot holes in the address space
(changing permissions, providing opportunities for pivoting, etc). I
tried to write a diff to convert the address space correctly but did
not understand enough about map entries, so instead we mapped new
memory over top of the existing object. Placing a new mapping becomes
unfeasible with the upcoming mimmutable model, so here is code that
adds MAP_STACK to the region. It will only do so for a contigiously
mapped region that is non-syscall with permission RW, otherwise it
returns an error.
Food for thought: If we know the object isn't service by an object,
we should consider zero'ing the region, to block pre-pivot placement?
ok kettenis
