mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-14 20:37:06 +00:00
exec: Remove the stack gap implementation
ASLR stack randomization will reappear in a forthcoming commit. Rather
than inserting a random gap into the stack mapping, the entire stack
mapping itself will be randomized in the same way that other mappings
are when ASLR is enabled.
No functional change intended, as the stack gap implementation is
currently disabled by default.
Reviewed by: kib
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 758d98debe)
This commit is contained in:
Mark Johnston
parent
947e849150
commit
40d6b2a362
|
|
@ -3755,7 +3755,6 @@ static struct flag_desc note_feature_ctl_flags[] = {
|
|||
{ NT_FREEBSD_FCTL_STKGAP_DISABLE, "STKGAP_DISABLE" },
|
||||
{ NT_FREEBSD_FCTL_WXNEEDED, "WXNEEDED" },
|
||||
{ NT_FREEBSD_FCTL_LA48, "LA48" },
|
||||
{ NT_FREEBSD_FCTL_ASG_DISABLE, "ASG_DISABLE" },
|
||||
{ 0, NULL }
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -89,7 +89,6 @@ struct sysentvec elf64_freebsd_sysvec_la48 = {
|
|||
.sv_schedtail = NULL,
|
||||
.sv_thread_detach = NULL,
|
||||
.sv_trap = NULL,
|
||||
.sv_stackgap = elf64_stackgap,
|
||||
.sv_onexec_old = exec_onexec_old,
|
||||
.sv_onexit = exit_onexit,
|
||||
};
|
||||
|
|
@ -128,7 +127,6 @@ struct sysentvec elf64_freebsd_sysvec_la57 = {
|
|||
.sv_schedtail = NULL,
|
||||
.sv_thread_detach = NULL,
|
||||
.sv_trap = NULL,
|
||||
.sv_stackgap = elf64_stackgap,
|
||||
.sv_onexec_old = exec_onexec_old,
|
||||
.sv_onexit = exit_onexit,
|
||||
};
|
||||
|
|
|
|||
|
|
@ -3417,8 +3417,6 @@ freebsd32_copyout_strings(struct image_params *imgp, uintptr_t *stack_base)
|
|||
destp = rounddown2(destp, sizeof(uint32_t));
|
||||
ustringp = destp;
|
||||
|
||||
exec_stackgap(imgp, &destp);
|
||||
|
||||
if (imgp->auxargs) {
|
||||
/*
|
||||
* Allocate room on the stack for the ELF auxargs
|
||||
|
|
|
|||
|
|
@ -135,7 +135,6 @@ struct sysentvec ia32_freebsd_sysvec = {
|
|||
.sv_schedtail = NULL,
|
||||
.sv_thread_detach = NULL,
|
||||
.sv_trap = NULL,
|
||||
.sv_stackgap = elf32_stackgap,
|
||||
.sv_onexec_old = exec_onexec_old,
|
||||
.sv_onexit = exit_onexit,
|
||||
};
|
||||
|
|
|
|||
|
|
@ -2902,22 +2902,3 @@ __elfN(untrans_prot)(vm_prot_t prot)
|
|||
flags |= PF_W;
|
||||
return (flags);
|
||||
}
|
||||
|
||||
vm_size_t
|
||||
__elfN(stackgap)(struct image_params *imgp, uintptr_t *stack_base)
|
||||
{
|
||||
uintptr_t range, rbase, gap;
|
||||
int pct;
|
||||
|
||||
pct = __elfN(aslr_stack_gap);
|
||||
if (pct == 0)
|
||||
return (0);
|
||||
if (pct > 50)
|
||||
pct = 50;
|
||||
range = imgp->eff_stack_sz * pct / 100;
|
||||
arc4rand(&rbase, sizeof(rbase), 0);
|
||||
gap = rbase % range;
|
||||
gap &= ~(sizeof(u_long) - 1);
|
||||
*stack_base -= gap;
|
||||
return (gap);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1209,9 +1209,6 @@ exec_new_vmspace(struct image_params *imgp, struct sysentvec *sv)
|
|||
} else {
|
||||
ssiz = maxssiz;
|
||||
}
|
||||
imgp->eff_stack_sz = lim_cur(curthread, RLIMIT_STACK);
|
||||
if (ssiz < imgp->eff_stack_sz)
|
||||
imgp->eff_stack_sz = ssiz;
|
||||
stack_addr = sv->sv_usrstack - ssiz;
|
||||
stack_prot = obj != NULL && imgp->stack_prot != 0 ?
|
||||
imgp->stack_prot : sv->sv_stackprot;
|
||||
|
|
@ -1631,21 +1628,6 @@ exec_args_get_begin_envv(struct image_args *args)
|
|||
return (args->endp);
|
||||
}
|
||||
|
||||
void
|
||||
exec_stackgap(struct image_params *imgp, uintptr_t *dp)
|
||||
{
|
||||
struct proc *p = imgp->proc;
|
||||
|
||||
if (imgp->sysent->sv_stackgap == NULL ||
|
||||
(p->p_fctl0 & (NT_FREEBSD_FCTL_ASLR_DISABLE |
|
||||
NT_FREEBSD_FCTL_ASG_DISABLE)) != 0 ||
|
||||
(imgp->map_flags & MAP_ASLR) == 0) {
|
||||
p->p_vmspace->vm_stkgap = 0;
|
||||
return;
|
||||
}
|
||||
p->p_vmspace->vm_stkgap = imgp->sysent->sv_stackgap(imgp, dp);
|
||||
}
|
||||
|
||||
/*
|
||||
* Copy strings out to the new process address space, constructing new arg
|
||||
* and env vector tables. Return a pointer to the base so that it can be used
|
||||
|
|
@ -1725,8 +1707,6 @@ exec_copyout_strings(struct image_params *imgp, uintptr_t *stack_base)
|
|||
destp = rounddown2(destp, sizeof(void *));
|
||||
ustringp = destp;
|
||||
|
||||
exec_stackgap(imgp, &destp);
|
||||
|
||||
if (imgp->auxargs) {
|
||||
/*
|
||||
* Allocate room on the stack for the ELF auxargs
|
||||
|
|
|
|||
|
|
@ -804,7 +804,7 @@ typedef struct {
|
|||
#define NT_FREEBSD_FCTL_STKGAP_DISABLE 0x00000004
|
||||
#define NT_FREEBSD_FCTL_WXNEEDED 0x00000008
|
||||
#define NT_FREEBSD_FCTL_LA48 0x00000010
|
||||
#define NT_FREEBSD_FCTL_ASG_DISABLE 0x00000020 /* ASLR STACK GAP Disable */
|
||||
/* was ASG_DISABLE, do not reuse 0x00000020 */
|
||||
|
||||
/* Values for n_type. Used in core files. */
|
||||
#define NT_PRSTATUS 1 /* Process status. */
|
||||
|
|
|
|||
|
|
@ -84,7 +84,6 @@ struct image_params {
|
|||
int pagesizeslen;
|
||||
vm_prot_t stack_prot;
|
||||
u_long stack_sz;
|
||||
u_long eff_stack_sz;
|
||||
struct ucred *newcred; /* new credentials if changing */
|
||||
#define IMGACT_SHELL 0x1
|
||||
#define IMGACT_BINMISC 0x2
|
||||
|
|
@ -122,7 +121,6 @@ int exec_copyin_args(struct image_args *, const char *, enum uio_seg,
|
|||
char **, char **);
|
||||
int exec_copyin_data_fds(struct thread *, struct image_args *, const void *,
|
||||
size_t, const int *, size_t);
|
||||
void exec_stackgap(struct image_params *imgp, uintptr_t *dp);
|
||||
int pre_execve(struct thread *td, struct vmspace **oldvmspace);
|
||||
void post_execve(struct thread *td, int error, struct vmspace *oldvmspace);
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -106,7 +106,6 @@ int __elfN(remove_brand_entry)(Elf_Brandinfo *entry);
|
|||
int __elfN(freebsd_fixup)(uintptr_t *, struct image_params *);
|
||||
int __elfN(coredump)(struct thread *, struct vnode *, off_t, int);
|
||||
size_t __elfN(populate_note)(int, void *, void *, size_t, void **);
|
||||
vm_size_t __elfN(stackgap)(struct image_params *, uintptr_t *);
|
||||
int __elfN(freebsd_copyout_auxargs)(struct image_params *, uintptr_t);
|
||||
|
||||
/* Machine specific function to dump per-thread information. */
|
||||
|
|
|
|||
|
|
@ -115,7 +115,6 @@ struct sysentvec {
|
|||
int (*sv_coredump)(struct thread *, struct vnode *, off_t, int);
|
||||
/* function to dump core, or NULL */
|
||||
int (*sv_imgact_try)(struct image_params *);
|
||||
vm_size_t (*sv_stackgap)(struct image_params *, uintptr_t *);
|
||||
int (*sv_copyout_auxargs)(struct image_params *,
|
||||
uintptr_t);
|
||||
int sv_minsigstksz; /* minimum signal stack size */
|
||||
|
|
|
|||
|
|
@ -71,8 +71,6 @@ static struct ControlFeatures featurelist[] = {
|
|||
{ "nostackgap", NT_FREEBSD_FCTL_STKGAP_DISABLE, "Disable stack gap" },
|
||||
{ "wxneeded", NT_FREEBSD_FCTL_WXNEEDED, "Requires W+X mappings" },
|
||||
{ "la48", NT_FREEBSD_FCTL_LA48, "amd64: Limit user VA to 48bit" },
|
||||
{ "noaslrstkgap", NT_FREEBSD_FCTL_ASG_DISABLE,
|
||||
"Disable ASLR stack gap" },
|
||||
};
|
||||
|
||||
static struct option long_opts[] = {
|
||||
|
|
|
|||
Loading…
Reference in a new issue