Page MenuHomeFreeBSD

Remove execute permissions from mappings in exec_map and pipe_map.
ClosedPublic

Authored by markj on Nov 3 2018, 5:12 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Dec 26, 10:33 PM
Unknown Object (File)
Thu, Dec 26, 9:44 AM
Unknown Object (File)
Thu, Dec 26, 9:40 AM
Unknown Object (File)
Thu, Dec 26, 9:13 AM
Unknown Object (File)
Wed, Dec 25, 9:12 PM
Unknown Object (File)
Dec 6 2024, 7:32 AM
Unknown Object (File)
Nov 30 2024, 1:33 AM
Unknown Object (File)
Nov 24 2024, 3:03 PM
Subscribers

Details

Summary

They are not needed. I considered also adding prot and maxprot
parameters to kmem_suballoc(), but that doesn't appear to have any
effect on submaps, so I didn't bother.

Reported by: jhb

Test Plan

I used kgdb to examine PTEs in the range managed by the two
submaps and verified that NX was present where it wasn't before.

I audited uses of exec_map and pipe_map in the kernel (exec_map
has some uses in some exotic image activators, though most
uses look like they could be replaced with an allocation of a single
wired page).

Diff Detail

Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 20612
Build 20032: arc lint + arc unit

Event Timeline

markj edited the test plan for this revision. (Show Details)
markj added reviewers: alc, kib, jhb.
markj marked an inline comment as done.Nov 3 2018, 5:26 PM
markj added inline comments.
sys/vm/vm_kern.c
628

This should be "maxprot".

sys/kern/kern_exec.c
1350–1351

This is the only use of the kmap_alloc_wait() function that I am able to find. Why do you think it is useful to add prot and maxprot args to it, instead of hardcoding VM_PROT_RW into the vm_map_insert() call from the function ?

markj marked an inline comment as done.Nov 4 2018, 5:15 PM
markj added inline comments.
sys/kern/kern_exec.c
1350–1351

kmap_alloc_wait() is a simple wrapper of vm_map_insert(); it seemed a bit strange to me to bake this policy into the implementation. I don't think it's particularly useful to have the extra arguments, though, so I will change kmap_alloc_wait() instead if you prefer.

kib added inline comments.
sys/kern/kern_exec.c
1350–1351

The current code hardcodes the policy as well. I was more curious about implied usefulness of the prot/maxprot arguments.

This revision is now accepted and ready to land.Nov 4 2018, 5:24 PM
sys/kern/kern_exec.c
1350–1351

I do probably find it a bit odd to provide both arguments. I would probably lean towards either hardcoding a RW policy or providing a single 'prot' argument that is used as both 'prot' and 'maxprot', but that is a minor detail.

markj marked 2 inline comments as done.Nov 6 2018, 4:49 PM
markj added inline comments.
sys/kern/kern_exec.c
1350–1351

Ok, I will just hard-code the policy.

markj marked an inline comment as done.
  • Hard-code VM_PROT_RW in kmap_alloc_wait().
This revision now requires review to proceed.Nov 6 2018, 4:49 PM
This revision is now accepted and ready to land.Nov 6 2018, 8:19 PM

Thanks for testing and fixing this.

This revision was automatically updated to reflect the committed changes.