Changeset View
Changeset View
Standalone View
Standalone View
sys/kern/imgact_elf.c
Show First 20 Lines • Show All 184 Lines • ▼ Show 20 Lines | SYSCTL_INT(ASLR_NODE_OID, OID_AUTO, stack_gap, CTLFLAG_RW, | ||||
__XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE)) | __XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE)) | ||||
": maximum percentage of main stack to waste on a random gap"); | ": maximum percentage of main stack to waste on a random gap"); | ||||
static int __elfN(sigfastblock) = 1; | static int __elfN(sigfastblock) = 1; | ||||
SYSCTL_INT(__CONCAT(_kern_elf, __ELF_WORD_SIZE), OID_AUTO, sigfastblock, | SYSCTL_INT(__CONCAT(_kern_elf, __ELF_WORD_SIZE), OID_AUTO, sigfastblock, | ||||
CTLFLAG_RWTUN, &__elfN(sigfastblock), 0, | CTLFLAG_RWTUN, &__elfN(sigfastblock), 0, | ||||
"enable sigfastblock for new processes"); | "enable sigfastblock for new processes"); | ||||
static bool __elfN(allow_wx) = true; | |||||
SYSCTL_BOOL(__CONCAT(_kern_elf, __ELF_WORD_SIZE), OID_AUTO, allow_wx, | |||||
CTLFLAG_RWTUN, &__elfN(allow_wx), 0, | |||||
"Allow pages to be mapped simultaneously writable and executable"); | |||||
emaste: Do you think "Allow pages to be mapped simultaneously writable and executable" (adding… | |||||
Done Inline ActionsI updated the string in my branch, will update phab if more substantial changes come out. kib: I updated the string in my branch, will update phab if more substantial changes come out. | |||||
static Elf_Brandinfo *elf_brand_list[MAX_BRANDS]; | static Elf_Brandinfo *elf_brand_list[MAX_BRANDS]; | ||||
#define aligned(a, t) (rounddown2((u_long)(a), sizeof(t)) == (u_long)(a)) | #define aligned(a, t) (rounddown2((u_long)(a), sizeof(t)) == (u_long)(a)) | ||||
static const char FREEBSD_ABI_VENDOR[] = "FreeBSD"; | static const char FREEBSD_ABI_VENDOR[] = "FreeBSD"; | ||||
Elf_Brandnote __elfN(freebsd_brandnote) = { | Elf_Brandnote __elfN(freebsd_brandnote) = { | ||||
.hdr.n_namesz = sizeof(FREEBSD_ABI_VENDOR), | .hdr.n_namesz = sizeof(FREEBSD_ABI_VENDOR), | ||||
▲ Show 20 Lines • Show All 1,030 Lines • ▼ Show 20 Lines | if ((sv->sv_flags & SV_ASLR) == 0 || | ||||
* grow region for mappings as well. We can select | * grow region for mappings as well. We can select | ||||
* the base for the image anywere and still not suffer | * the base for the image anywere and still not suffer | ||||
* from the fragmentation. | * from the fragmentation. | ||||
*/ | */ | ||||
if (!__elfN(aslr_honor_sbrk) || | if (!__elfN(aslr_honor_sbrk) || | ||||
(imgp->proc->p_flag2 & P2_ASLR_IGNSTART) != 0) | (imgp->proc->p_flag2 & P2_ASLR_IGNSTART) != 0) | ||||
imgp->map_flags |= MAP_ASLR_IGNSTART; | imgp->map_flags |= MAP_ASLR_IGNSTART; | ||||
} | } | ||||
if (!__elfN(allow_wx) && (fctl0 & NT_FREEBSD_FCTL_WXNEEDED) == 0) | |||||
imgp->map_flags |= MAP_WXORX; | |||||
error = exec_new_vmspace(imgp, sv); | error = exec_new_vmspace(imgp, sv); | ||||
vmspace = imgp->proc->p_vmspace; | vmspace = imgp->proc->p_vmspace; | ||||
map = &vmspace->vm_map; | map = &vmspace->vm_map; | ||||
imgp->proc->p_sysent = sv; | imgp->proc->p_sysent = sv; | ||||
maxv = vm_map_max(map) - lim_max(td, RLIMIT_STACK); | maxv = vm_map_max(map) - lim_max(td, RLIMIT_STACK); | ||||
▲ Show 20 Lines • Show All 1,587 Lines • Show Last 20 Lines |
Do you think "Allow pages to be mapped simultaneously writable and executable" (adding simultaneously) makes it more clear?