Changeset View
Changeset View
Standalone View
Standalone View
sys/security/mac/mac_process.c
Show First 20 Lines • Show All 246 Lines • ▼ Show 20 Lines | default: | ||||
return ("---"); | return ("---"); | ||||
} | } | ||||
} | } | ||||
static void | static void | ||||
mac_proc_vm_revoke_recurse(struct thread *td, struct ucred *cred, | mac_proc_vm_revoke_recurse(struct thread *td, struct ucred *cred, | ||||
struct vm_map *map) | struct vm_map *map) | ||||
{ | { | ||||
vm_map_entry_t vme; | vm_map_entry_t prev, vme; | ||||
int result; | int result; | ||||
vm_prot_t revokeperms; | vm_prot_t revokeperms; | ||||
vm_object_t backing_object, object; | vm_object_t backing_object, object; | ||||
vm_ooffset_t offset; | vm_ooffset_t offset; | ||||
struct vnode *vp; | struct vnode *vp; | ||||
struct mount *mp; | struct mount *mp; | ||||
if (!mac_mmap_revocation) | if (!mac_mmap_revocation) | ||||
return; | return; | ||||
vm_map_lock(map); | vm_map_lock(map); | ||||
for (vme = map->header.next; vme != &map->header; vme = vme->next) { | for (prev = &map->header; | ||||
(vme = prev->next) != &map->header; prev = vme) { | |||||
if (vme->eflags & MAP_ENTRY_IS_SUB_MAP) { | if (vme->eflags & MAP_ENTRY_IS_SUB_MAP) { | ||||
alc: This case didn't get simplified. | |||||
mac_proc_vm_revoke_recurse(td, cred, | mac_proc_vm_revoke_recurse(td, cred, | ||||
vme->object.sub_map); | vme->object.sub_map); | ||||
continue; | continue; | ||||
} | } | ||||
/* | /* | ||||
* Skip over entries that obviously are not shared. | * Skip over entries that obviously are not shared. | ||||
*/ | */ | ||||
if (vme->eflags & (MAP_ENTRY_COW | MAP_ENTRY_NOSYNC) || | if (vme->eflags & (MAP_ENTRY_COW | MAP_ENTRY_NOSYNC) || | ||||
▲ Show 20 Lines • Show All 67 Lines • ▼ Show 20 Lines | if ((vme->protection & revokeperms) == 0) { | ||||
* Why bother if there's no read permissions | * Why bother if there's no read permissions | ||||
* anymore? For the rest, we need to leave | * anymore? For the rest, we need to leave | ||||
* the write permissions on for COW, or | * the write permissions on for COW, or | ||||
* remove them entirely if configured to. | * remove them entirely if configured to. | ||||
*/ | */ | ||||
if (!mac_mmap_revocation_via_cow) { | if (!mac_mmap_revocation_via_cow) { | ||||
vme->max_protection &= ~VM_PROT_WRITE; | vme->max_protection &= ~VM_PROT_WRITE; | ||||
vme->protection &= ~VM_PROT_WRITE; | vme->protection &= ~VM_PROT_WRITE; | ||||
} if ((revokeperms & VM_PROT_READ) == 0) | } if ((revokeperms & VM_PROT_READ) == 0) | ||||
Not Done Inline Actions(This comment is unrelated to the patch.) This looks like a bug to me, albeit an arguably innocuous one. If mac_mmap_revocation_via_cow is false, we should not be making the map entry COW. alc: (This comment is unrelated to the patch.) This looks like a bug to me, albeit an arguably… | |||||
vme->eflags |= MAP_ENTRY_COW | | vme->eflags |= MAP_ENTRY_COW | | ||||
MAP_ENTRY_NEEDS_COPY; | MAP_ENTRY_NEEDS_COPY; | ||||
} | } | ||||
if (revokeperms & VM_PROT_EXECUTE) { | if (revokeperms & VM_PROT_EXECUTE) { | ||||
vme->max_protection &= ~VM_PROT_EXECUTE; | vme->max_protection &= ~VM_PROT_EXECUTE; | ||||
vme->protection &= ~VM_PROT_EXECUTE; | vme->protection &= ~VM_PROT_EXECUTE; | ||||
} | } | ||||
if (revokeperms & VM_PROT_READ) { | if (revokeperms & VM_PROT_READ) { | ||||
vme->max_protection = 0; | vme->max_protection = 0; | ||||
vme->protection = 0; | vme->protection = 0; | ||||
} | } | ||||
pmap_protect(map->pmap, vme->start, vme->end, | pmap_protect(map->pmap, vme->start, vme->end, | ||||
vme->protection & ~revokeperms); | vme->protection & ~revokeperms); | ||||
vm_map_simplify_entry(map, vme); | vm_map_try_merge_entries(map, prev, vme); | ||||
} | } | ||||
} | } | ||||
vm_map_unlock(map); | vm_map_unlock(map); | ||||
} | } | ||||
MAC_CHECK_PROBE_DEFINE2(proc_check_debug, "struct ucred *", "struct proc *"); | MAC_CHECK_PROBE_DEFINE2(proc_check_debug, "struct ucred *", "struct proc *"); | ||||
int | int | ||||
▲ Show 20 Lines • Show All 57 Lines • Show Last 20 Lines |
This case didn't get simplified.