D18880.diff
No OneTemporary
Actions

Size

5 KB

Referenced Files

None

Subscribers

None

D18880.diff
View Options

	Index: head/lib/libc/sys/mmap.2
	===================================================================
	--- head/lib/libc/sys/mmap.2
	+++ head/lib/libc/sys/mmap.2
	@@ -28,7 +28,7 @@
	.\" @(#)mmap.2 8.4 (Berkeley) 5/11/95
	.\" $FreeBSD$
	.\"
	-.Dd June 22, 2017
	+.Dd June 20, 2019
	.Dt MMAP 2
	.Os
	.Sh NAME
	@@ -113,6 +113,22 @@
	Pages may be executed.
	.El
	.Pp
	+In addition to these protection flags,
	+.Fx
	+provides the ability to set the maximum protection of a region allocated by
	+.Nm
	+and later altered by
	+.Xr mprotect 2 .
	+This is accomplished by
	+.Em or Ns 'ing
	+one or more
	+.Dv PROT_
	+values wrapped in the
	+.Dv PROT_MAX()
	+macro into the
	+.Fa prot
	+argument.
	+.Pp
	The
	.Fa flags
	argument specifies the type of the mapped object, mapping options and
	@@ -415,6 +431,11 @@
	An invalid value was passed in the
	.Fa prot
	argument.
	+.It Bq Er EINVAL
	+The
	+.Fa prot
	+argument contains permissions which are not a subset of the specified
	+maximum permissions.
	.It Bq Er EINVAL
	An undefined option was set in the
	.Fa flags
	Index: head/lib/libc/sys/mprotect.2
	===================================================================
	--- head/lib/libc/sys/mprotect.2
	+++ head/lib/libc/sys/mprotect.2
	@@ -28,7 +28,7 @@
	.\" @(#)mprotect.2 8.1 (Berkeley) 6/9/93
	.\" $FreeBSD$
	.\"
	-.Dd August 3, 2016
	+.Dd June 20, 2019
	.Dt MPROTECT 2
	.Os
	.Sh NAME
	@@ -65,6 +65,22 @@
	.It Dv PROT_EXEC
	The pages can be executed.
	.El
	+.Pp
	+In addition to these protection flags,
	+.Fx
	+provides the ability to set the maximum protection of a region
	+(which prevents
	+.Nm
	+from upgrading the permissions).
	+This is accomplished by
	+.Em or Ns 'ing
	+one or more
	+.Dv PROT_
	+values wrapped in the
	+.Dv PROT_MAX()
	+macro into the
	+.Fa prot
	+argument.
	.Sh RETURN VALUES
	.Rv -std mprotect
	.Sh ERRORS
	@@ -78,6 +94,15 @@
	and
	.Fa len
	arguments is not valid.
	+.It Bq Er EINVAL
	+The
	+.Fa prot
	+argument contains unhandled bits.
	+.It Bq Er EINVAL
	+The
	+.Fa prot
	+argument contains permissions which are not a subset of the specified
	+maximum permissions.
	.It Bq Er EACCES
	The calling process was not allowed to change
	the protection to the value specified by
	Index: head/sys/sys/mman.h
	===================================================================
	--- head/sys/sys/mman.h
	+++ head/sys/sys/mman.h
	@@ -55,6 +55,14 @@
	#define PROT_READ 0x01 /* pages can be read */
	#define PROT_WRITE 0x02 /* pages can be written */
	#define PROT_EXEC 0x04 /* pages can be executed */
	+#if __BSD_VISIBLE
	+#define _PROT_ALL (PROT_READ \| PROT_WRITE \| PROT_EXEC)
	+#define PROT_EXTRACT(prot) ((prot) & _PROT_ALL)
	+
	+#define _PROT_MAX_SHIFT 16
	+#define PROT_MAX(prot) ((prot) << _PROT_MAX_SHIFT)
	+#define PROT_MAX_EXTRACT(prot) (((prot) >> _PROT_MAX_SHIFT) & _PROT_ALL)
	+#endif

	/*
	* Flags contain sharing type and options.
	Index: head/sys/vm/vm_mmap.c
	===================================================================
	--- head/sys/vm/vm_mmap.c
	+++ head/sys/vm/vm_mmap.c
	@@ -103,6 +103,9 @@
	static int mincore_mapped = 1;
	SYSCTL_INT(_vm, OID_AUTO, mincore_mapped, CTLFLAG_RWTUN, &mincore_mapped, 0,
	"mincore reports mappings, not residency");
	+static int imply_prot_max = 0;
	+SYSCTL_INT(_vm, OID_AUTO, imply_prot_max, CTLFLAG_RWTUN, &imply_prot_max, 0,
	+ "Imply maximum page permissions in mmap() when none are specified");

	#ifdef MAP_32BIT
	#define MAP_32BIT_MAX_ADDR ((vm_offset_t)1 << 31)
	@@ -187,9 +190,25 @@
	vm_offset_t addr;
	vm_size_t pageoff, size;
	vm_prot_t cap_maxprot;
	- int align, error;
	+ int align, error, max_prot;
	cap_rights_t rights;

	+ if ((prot & ~(_PROT_ALL \| PROT_MAX(_PROT_ALL))) != 0)
	+ return (EINVAL);
	+ max_prot = PROT_MAX_EXTRACT(prot);
	+ prot = PROT_EXTRACT(prot);
	+ if (max_prot != 0 && (max_prot & prot) != prot)
	+ return (EINVAL);
	+ /*
	+ * Always honor PROT_MAX if set. If not, default to all
	+ * permissions unless we're implying maximum permissions.
	+ *
	+ * XXX: should be tunable per process and ABI.
	+ */
	+ if (max_prot == 0)
	+ max_prot = (imply_prot_max && prot != PROT_NONE) ?
	+ prot : _PROT_ALL;
	+
	vms = td->td_proc->p_vmspace;
	fp = NULL;
	AUDIT_ARG_FD(fd);
	@@ -335,7 +354,7 @@
	* This relies on VM_PROT_* matching PROT_*.
	*/
	error = vm_mmap_object(&vms->vm_map, &addr, size, prot,
	- VM_PROT_ALL, flags, NULL, pos, FALSE, td);
	+ max_prot, flags, NULL, pos, FALSE, td);
	} else {
	/*
	* Mapping file, get fp for validation and don't let the
	@@ -363,7 +382,7 @@

	/* This relies on VM_PROT_* matching PROT_. /
	error = fo_mmap(fp, &vms->vm_map, &addr, size, prot,
	- cap_maxprot, flags, pos, td);
	+ max_prot & cap_maxprot, flags, pos, td);
	}

	if (error == 0)
	@@ -594,9 +613,13 @@
	{
	vm_offset_t addr;
	vm_size_t pageoff;
	+ int vm_error, max_prot;

	addr = addr0;
	- prot = (prot & VM_PROT_ALL);
	+ if ((prot & ~(_PROT_ALL \| PROT_MAX(_PROT_ALL))) != 0)
	+ return (EINVAL);
	+ max_prot = PROT_MAX_EXTRACT(prot);
	+ prot = PROT_EXTRACT(prot);
	pageoff = (addr & PAGE_MASK);
	addr -= pageoff;
	size += pageoff;
	@@ -610,8 +633,18 @@
	if (addr + size < addr)
	return (EINVAL);

	- switch (vm_map_protect(&td->td_proc->p_vmspace->vm_map, addr,
	- addr + size, prot, FALSE)) {
	+ vm_error = KERN_SUCCESS;
	+ if (max_prot != 0) {
	+ if ((max_prot & prot) != prot)
	+ return (EINVAL);
	+ vm_error = vm_map_protect(&td->td_proc->p_vmspace->vm_map,
	+ addr, addr + size, max_prot, TRUE);
	+ }
	+ if (vm_error == KERN_SUCCESS)
	+ vm_error = vm_map_protect(&td->td_proc->p_vmspace->vm_map,
	+ addr, addr + size, prot, FALSE);
	+
	+ switch (vm_error) {
	case KERN_SUCCESS:
	return (0);
	case KERN_PROTECTION_FAILURE:

File Metadata

Mime Type: text/plain
Expires: Wed, Nov 26, 6:01 PM (15 h, 7 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 26221439
Default Alt Text: D18880.diff (5 KB)

D18880.diffNo OneTemporaryActions

D18880.diffView Options

File Metadata

Event Timeline

D18880.diff
No OneTemporary
Actions

D18880.diff
View Options