Page MenuHomeFreeBSD
Differential D20814 Diff 60950 sys/security/mac/mac_process.c

Changeset View

Standalone View

View Options

sys/security/mac/mac_process.c

Show First 20 LinesShow All 246 Lines▼ Show 20 Lines default:
return ("---"); return ("---");
} }
} }
static void static void
mac_proc_vm_revoke_recurse(struct thread *td, struct ucred *cred, mac_proc_vm_revoke_recurse(struct thread *td, struct ucred *cred,
struct vm_map *map) struct vm_map *map)
{ {
vm_map_entry_t vme; vm_map_entry_t prev, vme;
int result; int result;
vm_prot_t revokeperms; vm_prot_t revokeperms;
vm_object_t backing_object, object; vm_object_t backing_object, object;
vm_ooffset_t offset; vm_ooffset_t offset;
struct vnode *vp; struct vnode *vp;
struct mount *mp; struct mount *mp;
if (!mac_mmap_revocation) if (!mac_mmap_revocation)
return; return;
vm_map_lock(map); vm_map_lock(map);
for (vme = map->header.next; vme != &map->header; vme = vme->next) { for (prev = &map->header;
(vme = prev->next) != &map->header; prev = vme) {
if (vme->eflags & MAP_ENTRY_IS_SUB_MAP) { if (vme->eflags & MAP_ENTRY_IS_SUB_MAP) {
alcUnsubmitted
Not Done
Inline Actions

This case didn't get simplified.

alc: This case didn't get simplified.
mac_proc_vm_revoke_recurse(td, cred, mac_proc_vm_revoke_recurse(td, cred,
vme->object.sub_map); vme->object.sub_map);
continue; continue;
} }
/* /*
* Skip over entries that obviously are not shared. * Skip over entries that obviously are not shared.
*/ */
if (vme->eflags & (MAP_ENTRY_COW | MAP_ENTRY_NOSYNC) || if (vme->eflags & (MAP_ENTRY_COW | MAP_ENTRY_NOSYNC) ||
▲ Show 20 LinesShow All 67 Lines▼ Show 20 Lines if ((vme->protection & revokeperms) == 0) {
* Why bother if there's no read permissions * Why bother if there's no read permissions
* anymore? For the rest, we need to leave * anymore? For the rest, we need to leave
* the write permissions on for COW, or * the write permissions on for COW, or
* remove them entirely if configured to. * remove them entirely if configured to.
*/ */
if (!mac_mmap_revocation_via_cow) { if (!mac_mmap_revocation_via_cow) {
vme->max_protection &= ~VM_PROT_WRITE; vme->max_protection &= ~VM_PROT_WRITE;
vme->protection &= ~VM_PROT_WRITE; vme->protection &= ~VM_PROT_WRITE;
} if ((revokeperms & VM_PROT_READ) == 0) } if ((revokeperms & VM_PROT_READ) == 0)
alcUnsubmitted
Not Done
Inline Actions

(This comment is unrelated to the patch.) This looks like a bug to me, albeit an arguably innocuous one. If mac_mmap_revocation_via_cow is false, we should not be making the map entry COW.

alc: (This comment is unrelated to the patch.) This looks like a bug to me, albeit an arguably…
vme->eflags |= MAP_ENTRY_COW | vme->eflags |= MAP_ENTRY_COW |
MAP_ENTRY_NEEDS_COPY; MAP_ENTRY_NEEDS_COPY;
} }
if (revokeperms & VM_PROT_EXECUTE) { if (revokeperms & VM_PROT_EXECUTE) {
vme->max_protection &= ~VM_PROT_EXECUTE; vme->max_protection &= ~VM_PROT_EXECUTE;
vme->protection &= ~VM_PROT_EXECUTE; vme->protection &= ~VM_PROT_EXECUTE;
} }
if (revokeperms & VM_PROT_READ) { if (revokeperms & VM_PROT_READ) {
vme->max_protection = 0; vme->max_protection = 0;
vme->protection = 0; vme->protection = 0;
} }
pmap_protect(map->pmap, vme->start, vme->end, pmap_protect(map->pmap, vme->start, vme->end,
vme->protection & ~revokeperms); vme->protection & ~revokeperms);
vm_map_simplify_entry(map, vme); vm_map_try_merge_entries(map, prev, vme);
} }
} }
vm_map_unlock(map); vm_map_unlock(map);
} }
MAC_CHECK_PROBE_DEFINE2(proc_check_debug, "struct ucred *", "struct proc *"); MAC_CHECK_PROBE_DEFINE2(proc_check_debug, "struct ucred *", "struct proc *");
int int
▲ Show 20 LinesShow All 57 LinesShow Last 20 Lines