freebsd32 kern sys vm

Konstantin Belousov Sat, 15 Oct 2011 05:36:26 -0700

Author: kib
Date: Sat Oct 15 12:35:18 2011
New Revision: 226388
URL: http://svn.freebsd.org/changeset/base/226388


Log:
  Control the execution permission of the readable segments for
  i386 binaries on the amd64 and ia64 with the sysctl, instead of
  unconditionally enabling it.
  
  Reviewed by:  marcel

Modified:
  head/sys/compat/freebsd32/freebsd32_misc.c
  head/sys/kern/imgact_elf.c
  head/sys/sys/sysent.h
  head/sys/vm/vm_unix.c

Modified: head/sys/compat/freebsd32/freebsd32_misc.c
==============================================================================
--- head/sys/compat/freebsd32/freebsd32_misc.c  Sat Oct 15 12:33:24 2011        
(r226387)
+++ head/sys/compat/freebsd32/freebsd32_misc.c  Sat Oct 15 12:35:18 2011        
(r226388)
@@ -445,7 +445,7 @@ freebsd32_mprotect(struct thread *td, st
        ap.len = uap->len;
        ap.prot = uap->prot;
 #if defined(__amd64__) || defined(__ia64__)
-       if (ap.prot & PROT_READ)
+       if (i386_read_exec && (ap.prot & PROT_READ) != 0)
                ap.prot |= PROT_EXEC;
 #endif
        return (sys_mprotect(td, &ap));
@@ -536,7 +536,7 @@ freebsd32_mmap(struct thread *td, struct
 #endif
 
 #if defined(__amd64__) || defined(__ia64__)
-       if (prot & PROT_READ)
+       if (i386_read_exec && (prot & PROT_READ))
                prot |= PROT_EXEC;
 #endif
 

Modified: head/sys/kern/imgact_elf.c
==============================================================================
--- head/sys/kern/imgact_elf.c  Sat Oct 15 12:33:24 2011        (r226387)
+++ head/sys/kern/imgact_elf.c  Sat Oct 15 12:35:18 2011        (r226388)
@@ -123,6 +123,14 @@ SYSCTL_INT(__CONCAT(_kern_elf, __ELF_WOR
     nxstack, CTLFLAG_RW, &__elfN(nxstack), 0,
     __XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE)) ": enable non-executable stack");
 
+#if __ELF_WORD_SIZE == 32
+#if defined(__amd64__) || defined(__ia64__)
+int i386_read_exec = 0;
+SYSCTL_INT(_kern_elf32, OID_AUTO, read_exec, CTLFLAG_RW, &i386_read_exec, 0,
+    "enable execution from readable segments");
+#endif
+#endif
+
 static Elf_Brandinfo *elf_brand_list[MAX_BRANDS];
 
 #define        trunc_page_ps(va, ps)   ((va) & ~(ps - 1))
@@ -1666,7 +1674,7 @@ __elfN(trans_prot)(Elf_Word flags)
                prot |= VM_PROT_READ;
 #if __ELF_WORD_SIZE == 32
 #if defined(__amd64__) || defined(__ia64__)
-       if (flags & PF_R)
+       if (i386_read_exec && (flags & PF_R))
                prot |= VM_PROT_EXECUTE;
 #endif
 #endif

Modified: head/sys/sys/sysent.h
==============================================================================
--- head/sys/sys/sysent.h       Sat Oct 15 12:33:24 2011        (r226387)
+++ head/sys/sys/sysent.h       Sat Oct 15 12:35:18 2011        (r226388)
@@ -151,6 +151,10 @@ extern struct sysentvec null_sysvec;
 extern struct sysent sysent[];
 extern const char *syscallnames[];
 
+#if defined(__amd64__) || defined(__ia64__)
+extern int i386_read_exec;
+#endif
+
 #define        NO_SYSCALL (-1)
 
 struct module;

Modified: head/sys/vm/vm_unix.c
==============================================================================
--- head/sys/vm/vm_unix.c       Sat Oct 15 12:33:24 2011        (r226387)
+++ head/sys/vm/vm_unix.c       Sat Oct 15 12:35:18 2011        (r226388)
@@ -141,7 +141,7 @@ sys_obreak(td, uap)
                prot = VM_PROT_RW;
 #ifdef COMPAT_FREEBSD32
 #if defined(__amd64__) || defined(__ia64__)
-               if (SV_PROC_FLAG(td->td_proc, SV_ILP32))
+               if (i386_read_exec && SV_PROC_FLAG(td->td_proc, SV_ILP32))
                        prot |= VM_PROT_EXECUTE;
 #endif
 #endif
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

svn commit: r226388 - in head/sys: compat/freebsd32 kern sys vm

Reply via email to