D21352.id61522.diff
No OneTemporary
Actions

Size

10 KB

Referenced Files

None

Subscribers

None

D21352.id61522.diff
View Options

	Index: lib/libc/sys/procctl.2
	===================================================================
	--- lib/libc/sys/procctl.2
	+++ lib/libc/sys/procctl.2
	@@ -29,7 +29,7 @@
	.\"
	.\" $FreeBSD$
	.\"
	-.Dd April 9, 2019
	+.Dd August 31, 2019
	.Dt PROCCTL 2
	.Os
	.Sh NAME
	@@ -503,6 +503,51 @@
	.Vt int .
	If signal delivery has not been requested, it will contain zero
	on return.
	+.It Dv PROC_STACKGAP_CTL
	+Controls the stack gaps in the specified process.
	+A stack gap is the part of the growing area for a
	+.Dv MAP_STACK
	+mapped region, which is reserved and never filled by memory,
	+instead the process is guaranteed to receive a
	+.Dv SIGSEGV
	+signal on accessing pages in the gap.
	+Gaps protect against stack overflow corrupting memory adjacent
	+to the stack.
	+.Pp
	+The
	+.Fa data
	+argument must point to an integer variable, containing the
	+.Dv PROC_STACKGAP_ENABLE
	+flag.
	+If the flag is set, stack gaps are enabled for programs started after an
	+.Xr execve 2
	+by the specified process.
	+.Pp
	+If cleared, stack gaps are disabled for the process.
	+For existing stacks, the gaps become part of the normal grow area
	+and can be filled by memory on access.
	+There is no way to re-enable gaps in the process after they are disabled.
	+.Pp
	+The stack gap state is inherited from the parent on
	+.Xr fork 2 .
	+.It Dv PROC_STACKGAP_STATUS
	+Returns the current state of stack gap for the specified process.
	+The
	+.Fa data
	+must point to an integer variable, which is used to return a bitmask
	+constisting of the following flags:
	+.Bl -tag -width PROC_STACKGAP_DISABLE_EXEC
	+.It Dv PROC_STACKGAP_ENABLE
	+Stack gaps are enabled.
	+.It Dv PROC_STACKGAP_DISABLE
	+Stack gaps are disabled.
	+.It Dv PROC_STACKGAP_ENABLE_EXEC
	+Stack gaps are enabled in the process after
	+.Xr execve 2 .
	+.It Dv PROC_STACKGAP_DISABLE_EXEC
	+Stack gaps are disabled in the process after
	+.Xr execve 2 .
	+.El
	.El
	.Sh NOTES
	Disabling tracing on a process should not be considered a security
	Index: sys/compat/freebsd32/freebsd32_misc.c
	===================================================================
	--- sys/compat/freebsd32/freebsd32_misc.c
	+++ sys/compat/freebsd32/freebsd32_misc.c
	@@ -3338,6 +3338,7 @@
	case PROC_ASLR_CTL:
	case PROC_PROTMAX_CTL:
	case PROC_SPROTECT:
	+ case PROC_STACKGAP_CTL:
	case PROC_TRACE_CTL:
	case PROC_TRAPCAP_CTL:
	error = copyin(PTRIN(uap->data), &flags, sizeof(flags));
	@@ -3370,6 +3371,7 @@
	break;
	case PROC_ASLR_STATUS:
	case PROC_PROTMAX_STATUS:
	+ case PROC_STACKGAP_STATUS:
	case PROC_TRACE_STATUS:
	case PROC_TRAPCAP_STATUS:
	data = &flags;
	@@ -3400,6 +3402,7 @@
	break;
	case PROC_ASLR_STATUS:
	case PROC_PROTMAX_STATUS:
	+ case PROC_STACKGAP_STATUS:
	case PROC_TRACE_STATUS:
	case PROC_TRAPCAP_STATUS:
	if (error == 0)
	Index: sys/kern/kern_exec.c
	===================================================================
	--- sys/kern/kern_exec.c
	+++ sys/kern/kern_exec.c
	@@ -745,6 +745,8 @@
	p->p_flag \|= P_EXEC;
	if ((p->p_flag2 & P2_NOTRACE_EXEC) == 0)
	p->p_flag2 &= ~P2_NOTRACE;
	+ if ((p->p_flag2 & P2_STKGAP_DISABLE_EXEC) == 0)
	+ p->p_flag2 &= ~P2_STKGAP_DISABLE;
	if (p->p_flag & P_PPWAIT) {
	p->p_flag &= ~(P_PPWAIT \| P_PPTRACE);
	cv_broadcast(&p->p_pwait);
	Index: sys/kern/kern_fork.c
	===================================================================
	--- sys/kern/kern_fork.c
	+++ sys/kern/kern_fork.c
	@@ -460,7 +460,8 @@
	p2->p_flag = P_INMEM;
	p2->p_flag2 = p1->p_flag2 & (P2_ASLR_DISABLE \| P2_ASLR_ENABLE \|
	P2_ASLR_IGNSTART \| P2_NOTRACE \| P2_NOTRACE_EXEC \|
	- P2_PROTMAX_ENABLE \| P2_PROTMAX_DISABLE \| P2_TRAPCAP);
	+ P2_PROTMAX_ENABLE \| P2_PROTMAX_DISABLE \| P2_TRAPCAP \|
	+ P2_STKGAP_DISABLE \| P2_STKGAP_DISABLE_EXEC);
	p2->p_swtick = ticks;
	if (p1->p_flag & P_PROFIL)
	startprofclock(p2);
	Index: sys/kern/kern_procctl.c
	===================================================================
	--- sys/kern/kern_procctl.c
	+++ sys/kern/kern_procctl.c
	@@ -520,6 +520,36 @@
	return (0);
	}

	+static int
	+stackgap_ctl(struct thread td, struct proc p, int state)
	+{
	+ PROC_LOCK_ASSERT(p, MA_OWNED);
	+
	+ switch (state) {
	+ case PROC_STACKGAP_ENABLE:
	+ p->p_flag2 &= ~P2_STKGAP_DISABLE_EXEC;
	+ break;
	+ case PROC_STACKGAP_DISABLE:
	+ p->p_flag2 \|= P2_STKGAP_DISABLE \| P2_STKGAP_DISABLE_EXEC;
	+ break;
	+ default:
	+ return (EINVAL);
	+ }
	+ return (0);
	+}
	+
	+static int
	+stackgap_status(struct thread td, struct proc p, int *data)
	+{
	+ PROC_LOCK_ASSERT(p, MA_OWNED);
	+
	+ *data = (p->p_flag2 & P2_STKGAP_DISABLE) != 0 ? PROC_STACKGAP_DISABLE :
	+ PROC_STACKGAP_ENABLE;
	+ *data \|= (p->p_flag2 & P2_STKGAP_DISABLE_EXEC) != 0 ?
	+ PROC_STACKGAP_DISABLE_EXEC : PROC_STACKGAP_ENABLE_EXEC;
	+ return (0);
	+}
	+
	#ifndef _SYS_SYSPROTO_H_
	struct procctl_args {
	idtype_t idtype;
	@@ -548,6 +578,7 @@
	case PROC_ASLR_CTL:
	case PROC_PROTMAX_CTL:
	case PROC_SPROTECT:
	+ case PROC_STACKGAP_CTL:
	case PROC_TRACE_CTL:
	case PROC_TRAPCAP_CTL:
	error = copyin(uap->data, &flags, sizeof(flags));
	@@ -578,6 +609,7 @@
	break;
	case PROC_ASLR_STATUS:
	case PROC_PROTMAX_STATUS:
	+ case PROC_STACKGAP_STATUS:
	case PROC_TRACE_STATUS:
	case PROC_TRAPCAP_STATUS:
	data = &flags;
	@@ -607,6 +639,7 @@
	break;
	case PROC_ASLR_STATUS:
	case PROC_PROTMAX_STATUS:
	+ case PROC_STACKGAP_STATUS:
	case PROC_TRACE_STATUS:
	case PROC_TRAPCAP_STATUS:
	if (error == 0)
	@@ -636,6 +669,10 @@
	return (protmax_ctl(td, p, (int )data));
	case PROC_PROTMAX_STATUS:
	return (protmax_status(td, p, data));
	+ case PROC_STACKGAP_CTL:
	+ return (stackgap_ctl(td, p, (int )data));
	+ case PROC_STACKGAP_STATUS:
	+ return (stackgap_status(td, p, data));
	case PROC_REAP_ACQUIRE:
	return (reap_acquire(td, p));
	case PROC_REAP_RELEASE:
	@@ -678,6 +715,8 @@
	case PROC_REAP_STATUS:
	case PROC_REAP_GETPIDS:
	case PROC_REAP_KILL:
	+ case PROC_STACKGAP_CTL:
	+ case PROC_STACKGAP_STATUS:
	case PROC_TRACE_STATUS:
	case PROC_TRAPCAP_STATUS:
	case PROC_PDEATHSIG_CTL:
	@@ -726,6 +765,8 @@
	case PROC_ASLR_STATUS:
	case PROC_PROTMAX_CTL:
	case PROC_PROTMAX_STATUS:
	+ case PROC_STACKGAP_CTL:
	+ case PROC_STACKGAP_STATUS:
	case PROC_TRACE_STATUS:
	case PROC_TRAPCAP_STATUS:
	tree_locked = false;
	Index: sys/sys/proc.h
	===================================================================
	--- sys/sys/proc.h
	+++ sys/sys/proc.h
	@@ -762,6 +762,8 @@
	#define P2_ASLR_IGNSTART 0x00000100 /* Enable ASLR to consume sbrk area. */
	#define P2_PROTMAX_ENABLE 0x00000200 /* Force enable implied PROT_MAX. */
	#define P2_PROTMAX_DISABLE 0x00000400 /* Force disable implied PROT_MAX. */
	+#define P2_STKGAP_DISABLE 0x00000800 /* Disable stack gap for MAP_STACK */
	+#define P2_STKGAP_DISABLE_EXEC 0x00001000 /* Stack gap disabled after exec */

	/* Flags protected by proctree_lock, kept in p_treeflags. */
	#define P_TREE_ORPHANED 0x00000001 /* Reparented, on orphan list */
	Index: sys/sys/procctl.h
	===================================================================
	--- sys/sys/procctl.h
	+++ sys/sys/procctl.h
	@@ -61,6 +61,8 @@
	#define PROC_ASLR_STATUS 14 /* query ASLR status */
	#define PROC_PROTMAX_CTL 15 /* en/dis implicit PROT_MAX */
	#define PROC_PROTMAX_STATUS 16 /* query implicit PROT_MAX status */
	+#define PROC_STACKGAP_CTL 17 /* en/dis stack gap on MAP_STACK */
	+#define PROC_STACKGAP_STATUS 18 /* query stack gap */

	/* Operations for PROC_SPROTECT (passed in integer arg). */
	#define PPROT_OP(x) ((x) & 0xf)
	@@ -134,6 +136,11 @@
	#define PROC_PROTMAX_NOFORCE 3
	#define PROC_PROTMAX_ACTIVE 0x80000000

	+#define PROC_STACKGAP_ENABLE 0x0001
	+#define PROC_STACKGAP_DISABLE 0x0002
	+#define PROC_STACKGAP_ENABLE_EXEC 0x0004
	+#define PROC_STACKGAP_DISABLE_EXEC 0x0008
	+
	#ifndef _KERNEL
	__BEGIN_DECLS
	int procctl(idtype_t, id_t, int, void *);
	Index: sys/vm/vm_map.c
	===================================================================
	--- sys/vm/vm_map.c
	+++ sys/vm/vm_map.c
	@@ -4132,7 +4132,8 @@
	addrbos + max_ssize > vm_map_max(map) \|\|
	addrbos + max_ssize <= addrbos)
	return (KERN_INVALID_ADDRESS);
	- sgp = (vm_size_t)stack_guard_page * PAGE_SIZE;
	+ sgp = (curproc->p_flag2 & P2_STKGAP_DISABLE) != 0 ? 0 :
	+ (vm_size_t)stack_guard_page * PAGE_SIZE;
	if (sgp >= max_ssize)
	return (KERN_INVALID_ARGUMENT);

	@@ -4183,6 +4184,8 @@
	KASSERT((orient & MAP_STACK_GROWS_UP) == 0 \|\|
	(new_entry->eflags & MAP_ENTRY_GROWS_UP) != 0,
	("new entry lacks MAP_ENTRY_GROWS_UP"));
	+ if (gap_bot == gap_top)
	+ return (KERN_SUCCESS);
	rv = vm_map_insert(map, NULL, 0, gap_bot, gap_top, VM_PROT_NONE,
	VM_PROT_NONE, MAP_CREATE_GUARD \| (orient == MAP_STACK_GROWS_DOWN ?
	MAP_CREATE_STACK_GAP_DN : MAP_CREATE_STACK_GAP_UP));
	@@ -4266,7 +4269,8 @@
	} else {
	return (KERN_FAILURE);
	}
	- guard = gap_entry->next_read;
	+ guard = (curproc->p_flag2 & P2_STKGAP_DISABLE) != 0 ? 0 :
	+ gap_entry->next_read;
	max_grow = gap_entry->end - gap_entry->start;
	if (guard > max_grow)
	return (KERN_NO_SPACE);
	Index: usr.bin/proccontrol/proccontrol.c
	===================================================================
	--- usr.bin/proccontrol/proccontrol.c
	+++ usr.bin/proccontrol/proccontrol.c
	@@ -44,6 +44,7 @@
	MODE_TRACE,
	MODE_TRAPCAP,
	MODE_PROTMAX,
	+ MODE_STACKGAP,
	#ifdef PROC_KPTI_CTL
	MODE_KPTI,
	#endif
	@@ -73,8 +74,8 @@
	usage(void)
	{

	- fprintf(stderr, "Usage: proccontrol -m (aslr\|protmax\|trace\|trapcap"
	- KPTI_USAGE") [-q] "
	+ fprintf(stderr, "Usage: proccontrol -m (aslr\|protmax\|trace\|trapcap\|"
	+ "stackgap"KPTI_USAGE") [-q] "
	"[-s (enable\|disable)] [-p pid \| command]\n");
	exit(1);
	}
	@@ -101,6 +102,8 @@
	mode = MODE_TRACE;
	else if (strcmp(optarg, "trapcap") == 0)
	mode = MODE_TRAPCAP;
	+ else if (strcmp(optarg, "stackgap") == 0)
	+ mode = MODE_STACKGAP;
	#ifdef PROC_KPTI_CTL
	else if (strcmp(optarg, "kpti") == 0)
	mode = MODE_KPTI;
	@@ -153,6 +156,9 @@
	case MODE_PROTMAX:
	error = procctl(P_PID, pid, PROC_PROTMAX_STATUS, &arg);
	break;
	+ case MODE_STACKGAP:
	+ error = procctl(P_PID, pid, PROC_STACKGAP_STATUS, &arg);
	+ break;
	#ifdef PROC_KPTI_CTL
	case MODE_KPTI:
	error = procctl(P_PID, pid, PROC_KPTI_STATUS, &arg);
	@@ -217,6 +223,26 @@
	else
	printf(", not active\n");
	break;
	+ case MODE_STACKGAP:
	+ switch (arg & (PROC_STACKGAP_ENABLE \|
	+ PROC_STACKGAP_DISABLE)) {
	+ case PROC_STACKGAP_ENABLE:
	+ printf("enabled\n");
	+ break;
	+ case PROC_STACKGAP_DISABLE:
	+ printf("disabled\n");
	+ break;
	+ }
	+ switch (arg & (PROC_STACKGAP_ENABLE_EXEC \|
	+ PROC_STACKGAP_DISABLE_EXEC)) {
	+ case PROC_STACKGAP_ENABLE_EXEC:
	+ printf("enabled after exec\n");
	+ break;
	+ case PROC_STACKGAP_DISABLE_EXEC:
	+ printf("disabled after exec\n");
	+ break;
	+ }
	+ break;
	#ifdef PROC_KPTI_CTL
	case MODE_KPTI:
	switch (arg & ~PROC_KPTI_STATUS_ACTIVE) {
	@@ -256,6 +282,11 @@
	PROC_PROTMAX_FORCE_DISABLE;
	error = procctl(P_PID, pid, PROC_PROTMAX_CTL, &arg);
	break;
	+ case MODE_STACKGAP:
	+ arg = enable ? PROC_STACKGAP_ENABLE :
	+ PROC_STACKGAP_DISABLE;
	+ error = procctl(P_PID, pid, PROC_STACKGAP_CTL, &arg);
	+ break;
	#ifdef PROC_KPTI_CTL
	case MODE_KPTI:
	arg = enable ? PROC_KPTI_CTL_ENABLE_ON_EXEC :

File Metadata

Mime Type: text/plain
Expires: Sun, Jan 18, 12:00 AM (8 h, 21 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 27701353
Default Alt Text: D21352.id61522.diff (10 KB)

D21352.id61522.diffNo OneTemporaryActions

D21352.id61522.diffView Options

File Metadata

Event Timeline

D21352.id61522.diff
No OneTemporary
Actions

D21352.id61522.diff
View Options