Page MenuHomeFreeBSD
Differential D56711

execve: Add guard pages around execve KVA buffers
ClosedPublic
Actions

Authored by markj on Apr 29 2026, 3:07 PM.
Tags
None
Referenced Files
F159913517: D56711.diff
Fri, Jun 19, 11:16 AM
Unknown Object (File)
Thu, Jun 4, 1:49 AM
Unknown Object (File)
Tue, Jun 2, 9:37 PM
Unknown Object (File)
Tue, May 26, 8:16 AM
Unknown Object (File)
Tue, May 26, 8:09 AM
Unknown Object (File)
Tue, May 26, 1:21 AM
Unknown Object (File)
Tue, May 26, 1:11 AM
Unknown Object (File)
May 19 2026, 9:35 PM
View All 31 Files
Subscribers
imp
olce

Details

Reviewers
brooks
alc
kib
Commits
rGa1e4bc883c5d: execve: Add guard pages around execve KVA buffers
rGeca4dd133883: execve: Add guard pages around execve KVA buffers
Summary

This helps ensure that overflows will trigger a panic instead of
silently corrupting adjacent buffers, as happened in SA-26:13.exec.

Extend kmap_alloc_wait() to support allocation of guard pages on both
sides of a KVA allocation. Modify the exec_map setup accordingly.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markj created this revision.Apr 29 2026, 3:07 PM
Herald added subscribers: olce, imp. · View Herald TranscriptApr 29 2026, 3:07 PM
markj requested review of this revision.Apr 29 2026, 3:07 PM
Harbormaster completed remote builds in B72638: Diff 176812.Apr 29 2026, 3:07 PM
kib added inline comments.Apr 29 2026, 11:26 PM
sys/vm/vm_init.c
277

I wonder if exec_map_guard_size should be allowed to set to 0. This might matter on 32bit arches.

kib added inline comments.Apr 29 2026, 11:28 PM
sys/vm/vm_init.c
277

Or at least we could export exec_map_entr* as RO sysctls to get more visibility there.

markj updated this revision to Diff 177119.May 3 2026, 11:54 PM
markj marked 2 inline comments as done.

Add a tunable to control the number of guard pages

Harbormaster completed remote builds in B72746: Diff 177119.May 3 2026, 11:54 PM
kib accepted this revision.May 4 2026, 7:06 AM
This revision is now accepted and ready to land.May 4 2026, 7:06 AM
Closed by commit rGeca4dd133883: execve: Add guard pages around execve KVA buffers (authored by markj). · Explain WhyMay 4 2026, 5:28 PM
This revision was automatically updated to reflect the committed changes.
markj added a commit: rGeca4dd133883: execve: Add guard pages around execve KVA buffers.
markj added a commit: rGa1e4bc883c5d: execve: Add guard pages around execve KVA buffers.May 19 2026, 2:09 PM

Revision Contents
Changeset List

PathSize
sys/
kern/
3 lines
vm/
2 lines
8 lines
1 line
39 lines

Diff 177178

View Options

sys/kern/kern_exec.c

Loading...
View Options

sys/vm/vm_extern.h

Loading...
View Options

sys/vm/vm_init.c

Loading...
View Options

sys/vm/vm_kern.h

Loading...
View Options

sys/vm/vm_kern.c

Loading...