Page MenuHomeFreeBSD
Files F146987118

D21081.id60337.diff
No OneTemporary
Actions

D21081.id60337.diff
View Options

Index: head/sys/amd64/amd64/elf_machdep.c
===================================================================
--- head/sys/amd64/amd64/elf_machdep.c
+++ head/sys/amd64/amd64/elf_machdep.c
@@ -82,6 +82,7 @@
.sv_schedtail = NULL,
.sv_thread_detach = NULL,
.sv_trap = NULL,
+ .sv_stackgap = elf64_stackgap,
};
INIT_SYSENTVEC(elf64_sysvec, &elf64_freebsd_sysvec);
Index: head/sys/compat/freebsd32/freebsd32_misc.c
===================================================================
--- head/sys/compat/freebsd32/freebsd32_misc.c
+++ head/sys/compat/freebsd32/freebsd32_misc.c
@@ -3166,6 +3166,9 @@
destp = rounddown2(destp, sizeof(uint32_t));
vectp = (uint32_t *)destp;
+ if (imgp->sysent->sv_stackgap != NULL)
+ imgp->sysent->sv_stackgap(imgp, (u_long *)&vectp);
+
if (imgp->auxargs) {
/*
* Allocate room on the stack for the ELF auxargs
Index: head/sys/compat/ia32/ia32_sysvec.c
===================================================================
--- head/sys/compat/ia32/ia32_sysvec.c
+++ head/sys/compat/ia32/ia32_sysvec.c
@@ -128,6 +128,7 @@
.sv_schedtail = NULL,
.sv_thread_detach = NULL,
.sv_trap = NULL,
+ .sv_stackgap = elf32_stackgap,
};
INIT_SYSENTVEC(elf_ia32_sysvec, &ia32_freebsd_sysvec);
Index: head/sys/kern/imgact_elf.c
===================================================================
--- head/sys/kern/imgact_elf.c
+++ head/sys/kern/imgact_elf.c
@@ -156,6 +156,12 @@
&__elfN(aslr_honor_sbrk), 0,
__XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE)) ": assume sbrk is used");
+static int __elfN(aslr_stack_gap) = 3;
+SYSCTL_INT(ASLR_NODE_OID, OID_AUTO, stack_gap, CTLFLAG_RW,
+ &__elfN(aslr_stack_gap), 0,
+ __XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE))
+ ": maximum percentage of main stack to waste on a random gap");
+
static Elf_Brandinfo *elf_brand_list[MAX_BRANDS];
#define aligned(a, t) (rounddown2((u_long)(a), sizeof(t)) == (u_long)(a))
@@ -2719,4 +2725,25 @@
if (prot & VM_PROT_WRITE)
flags |= PF_W;
return (flags);
+}
+
+void
+__elfN(stackgap)(struct image_params *imgp, u_long *stack_base)
+{
+ u_long range, rbase, gap;
+ int pct;
+
+ if ((imgp->map_flags & MAP_ASLR) == 0)
+ return;
+ pct = __elfN(aslr_stack_gap);
+ if (pct == 0)
+ return;
+ if (pct > 50)
+ pct = 50;
+ range = imgp->eff_stack_sz * pct / 100;
+ range *= pct;
+ arc4rand(&rbase, sizeof(rbase), 0);
+ gap = rbase % range;
+ gap &= ~(sizeof(u_long) - 1);
+ *stack_base -= gap;
}
Index: head/sys/kern/kern_exec.c
===================================================================
--- head/sys/kern/kern_exec.c
+++ head/sys/kern/kern_exec.c
@@ -1128,6 +1128,7 @@
} else {
ssiz = maxssiz;
}
+ imgp->eff_stack_sz = ssiz;
stack_addr = sv->sv_usrstack - ssiz;
error = vm_map_stack(map, stack_addr, (vm_size_t)ssiz,
obj != NULL && imgp->stack_prot != 0 ? imgp->stack_prot :
@@ -1615,6 +1616,9 @@
destp = rounddown2(destp, sizeof(void *));
vectp = (char **)destp;
+ if (imgp->sysent->sv_stackgap != NULL)
+ imgp->sysent->sv_stackgap(imgp, (u_long *)&vectp);
+
if (imgp->auxargs) {
/*
* Allocate room on the stack for the ELF auxargs
Index: head/sys/sys/imgact.h
===================================================================
--- head/sys/sys/imgact.h
+++ head/sys/sys/imgact.h
@@ -87,6 +87,7 @@
int pagesizeslen;
vm_prot_t stack_prot;
u_long stack_sz;
+ u_long eff_stack_sz;
struct ucred *newcred; /* new credentials if changing */
bool credential_setid; /* true if becoming setid */
bool textset;
Index: head/sys/sys/imgact_elf.h
===================================================================
--- head/sys/sys/imgact_elf.h
+++ head/sys/sys/imgact_elf.h
@@ -98,6 +98,7 @@
int __elfN(freebsd_fixup)(register_t **, struct image_params *);
int __elfN(coredump)(struct thread *, struct vnode *, off_t, int);
size_t __elfN(populate_note)(int, void *, void *, size_t, void **);
+void __elfN(stackgap)(struct image_params *, u_long *);
/* Machine specific function to dump per-thread information. */
void __elfN(dump_thread)(struct thread *, void *, size_t *);
Index: head/sys/sys/sysent.h
===================================================================
--- head/sys/sys/sysent.h
+++ head/sys/sys/sysent.h
@@ -109,6 +109,7 @@
int (*sv_coredump)(struct thread *, struct vnode *, off_t, int);
/* function to dump core, or NULL */
int (*sv_imgact_try)(struct image_params *);
+ void (*sv_stackgap)(struct image_params *, u_long *);
int sv_minsigstksz; /* minimum signal stack size */
vm_offset_t sv_minuser; /* VM_MIN_ADDRESS */
vm_offset_t sv_maxuser; /* VM_MAXUSER_ADDRESS */

File Metadata

Mime Type
text/plain
Expires
Sun, Mar 8, 9:18 AM (3 h, 44 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
29401633
Default Alt Text
D21081.id60337.diff (4 KB)

Event Timeline