Module Name: src
Committed By: riastradh
Date: Tue Nov 21 14:35:36 UTC 2023
Modified Files:
src/sys/kern: exec_subr.c
src/sys/sys: pax.h
src/sys/uvm: uvm_mmap.c
Log Message:
pax(9): Rework header file more coherently to nix some needless #ifs.
Cleans up some of the fallout from PR kern/57711 fixes.
Could do a little more to nix PAX_SEGVGUARD conditionals but maybe
not worth it.
To generate a diff of this commit:
cvs rdiff -u -r1.87 -r1.88 src/sys/kern/exec_subr.c
cvs rdiff -u -r1.27 -r1.28 src/sys/sys/pax.h
cvs rdiff -u -r1.184 -r1.185 src/sys/uvm/uvm_mmap.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/exec_subr.c
diff -u src/sys/kern/exec_subr.c:1.87 src/sys/kern/exec_subr.c:1.88
--- src/sys/kern/exec_subr.c:1.87 Tue Nov 21 12:12:26 2023
+++ src/sys/kern/exec_subr.c Tue Nov 21 14:35:36 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: exec_subr.c,v 1.87 2023/11/21 12:12:26 martin Exp $ */
+/* $NetBSD: exec_subr.c,v 1.88 2023/11/21 14:35:36 riastradh Exp $ */
/*
* Copyright (c) 1993, 1994, 1996 Christopher G. Demetriou
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: exec_subr.c,v 1.87 2023/11/21 12:12:26 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: exec_subr.c,v 1.88 2023/11/21 14:35:36 riastradh Exp $");
#include "opt_pax.h"
@@ -162,7 +162,7 @@ static int
vmcmd_get_prot(struct lwp *l, const struct exec_vmcmd *cmd, vm_prot_t *prot,
vm_prot_t *maxprot)
{
- vm_prot_t extraprot __unused = PROT_MPROTECT_EXTRACT(cmd->ev_prot);
+ vm_prot_t extraprot = PROT_MPROTECT_EXTRACT(cmd->ev_prot);
*prot = cmd->ev_prot & UVM_PROT_ALL;
*maxprot = PAX_MPROTECT_MAXPROTECT(l, *prot, extraprot, UVM_PROT_ALL);
Index: src/sys/sys/pax.h
diff -u src/sys/sys/pax.h:1.27 src/sys/sys/pax.h:1.28
--- src/sys/sys/pax.h:1.27 Thu Jan 23 10:21:14 2020
+++ src/sys/sys/pax.h Tue Nov 21 14:35:36 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: pax.h,v 1.27 2020/01/23 10:21:14 ad Exp $ */
+/* $NetBSD: pax.h,v 1.28 2023/11/21 14:35:36 riastradh Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat <e...@netbsd.org>
@@ -53,53 +53,80 @@ struct vmspace;
extern int pax_aslr_debug;
#endif
-void pax_segvguard_cleanup(struct vnode *);
-
#if defined(PAX_MPROTECT) || defined(PAX_SEGVGUARD) || defined(PAX_ASLR)
void pax_init(void);
void pax_set_flags(struct exec_package *, struct proc *);
void pax_setup_elf_flags(struct exec_package *, uint32_t);
#else
-# define pax_init()
-# define pax_set_flags(e, p)
-# define pax_setup_elf_flags(e, flags) __USE(flags)
+static inline void
+pax_init(void)
+{
+}
+static inline void
+pax_set_flags(struct exec_package *epp, struct proc *p)
+{
+}
+static inline void
+pax_setup_elf_flags(struct exec_package *epp, uint32_t flags)
+{
+}
#endif
+#ifdef PAX_MPROTECT
+
vm_prot_t pax_mprotect_maxprotect(
-#ifdef PAX_MPROTECT_DEBUG
+# ifdef PAX_MPROTECT_DEBUG
const char *, size_t,
-#endif
+# endif
struct lwp *, vm_prot_t, vm_prot_t, vm_prot_t);
int pax_mprotect_validate(
-#ifdef PAX_MPROTECT_DEBUG
+# ifdef PAX_MPROTECT_DEBUG
const char *, size_t,
-#endif
+# endif
struct lwp *, vm_prot_t);
+int pax_mprotect_prot(struct lwp *);
-#ifndef PAX_MPROTECT
-# define PAX_MPROTECT_MAXPROTECT(l, active, extra, max) (max)
-# define PAX_MPROTECT_VALIDATE(l, prot) (0)
-# define pax_mprotect_prot(l) 0
#else
-# ifdef PAX_MPROTECT_DEBUG
-# define PAX_MPROTECT_MAXPROTECT(l, active, extra, max) \
- pax_mprotect_maxprotect(__FILE__, __LINE__, (l), (active), (extra), (max))
-# define PAX_MPROTECT_VALIDATE(l, prot) \
- pax_mprotect_validate(__FILE__, __LINE__, (l), (prot))
-# else
-# define PAX_MPROTECT_MAXPROTECT(l, active, extra, max) \
- pax_mprotect_maxprotect((l), (active), (extra), (max))
-# define PAX_MPROTECT_VALIDATE(l, prot) \
- pax_mprotect_validate((l), (prot))
-# endif
-int pax_mprotect_prot(struct lwp *);
+
+static inline vm_prot_t
+pax_mprotect_maxprotect(struct lwp *l, vm_prot_t prot, vm_prot_t extra,
+ vm_prot_t max)
+{
+ return max;
+}
+static inline vm_prot_t
+pax_mprotect_validate(struct lwp *l, vm_prot_t prot)
+{
+ return 0;
+}
+static inline int
+pax_mprotect_prot(struct lwp *l)
+{
+ return 0;
+}
+
+#endif
+
+#if defined(PAX_MPROTECT) && defined(PAX_MPROTECT_DEBUG)
+# define PAX_MPROTECT_MAXPROTECT(l, active, extra, max) \
+ pax_mprotect_maxprotect(__FILE__, __LINE__, (l), (active), (extra), (max))
+# define PAX_MPROTECT_VALIDATE(l, prot) \
+ pax_mprotect_validate(__FILE__, __LINE__, (l), (prot))
+#else
+# define PAX_MPROTECT_MAXPROTECT(l, active, extra, max) \
+ pax_mprotect_maxprotect((l), (active), (extra), (max))
+# define PAX_MPROTECT_VALIDATE(l, prot) \
+ pax_mprotect_validate((l), (prot))
#endif
+
+#ifdef PAX_SEGVGUARD
int pax_segvguard(struct lwp *, struct vnode *, const char *, bool);
+void pax_segvguard_cleanup(struct vnode *);
+#endif
+#ifdef PAX_ASLR
#define PAX_ASLR_DELTA(delta, lsb, len) \
(((delta) & ((1UL << (len)) - 1)) << (lsb))
-
-#ifdef PAX_ASLR
void pax_aslr_init_vm(struct lwp *, struct vmspace *, struct exec_package *);
void pax_aslr_stack(struct exec_package *, vsize_t *);
uint32_t pax_aslr_stack_gap(struct exec_package *);
@@ -107,12 +134,33 @@ vaddr_t pax_aslr_exec_offset(struct exec
voff_t pax_aslr_rtld_offset(struct exec_package *, vaddr_t, int);
void pax_aslr_mmap(struct lwp *, vaddr_t *, vaddr_t, int);
#else
-# define pax_aslr_init_vm(l, v, e)
-# define pax_aslr_stack(e, o)
-# define pax_aslr_stack_gap(e) 0
-# define pax_aslr_exec_offset(e, a) MAX(a, PAGE_SIZE)
-# define pax_aslr_rtld_offset(e, a, u) 0
-# define pax_aslr_mmap(l, a, b, c)
+static inline void
+pax_aslr_init_vm(struct lwp *l, struct vmspace *vm, struct exec_package *epp)
+{
+}
+static inline void
+pax_aslr_stack(struct exec_package *epp, vsize_t *max_stack_size)
+{
+}
+static inline uint32_t
+pax_aslr_stack_gap(struct exec_package *epp)
+{
+ return 0;
+}
+static inline vaddr_t
+pax_aslr_exec_offset(struct exec_package *epp, vaddr_t align)
+{
+ return MAX(align, PAGE_SIZE);
+}
+static inline voff_t
+pax_aslr_rtld_offset(struct exec_package *epp, vaddr_t align, int use_topdown)
+{
+ return 0;
+}
+static inline void
+pax_aslr_mmap(struct lwp *l, vaddr_t *addr, vaddr_t orig_addr, int flags)
+{
+}
#endif
#endif /* !_SYS_PAX_H_ */
Index: src/sys/uvm/uvm_mmap.c
diff -u src/sys/uvm/uvm_mmap.c:1.184 src/sys/uvm/uvm_mmap.c:1.185
--- src/sys/uvm/uvm_mmap.c:1.184 Thu Jul 7 11:29:18 2022
+++ src/sys/uvm/uvm_mmap.c Tue Nov 21 14:35:36 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: uvm_mmap.c,v 1.184 2022/07/07 11:29:18 rin Exp $ */
+/* $NetBSD: uvm_mmap.c,v 1.185 2023/11/21 14:35:36 riastradh Exp $ */
/*
* Copyright (c) 1997 Charles D. Cranor and Washington University.
@@ -46,7 +46,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uvm_mmap.c,v 1.184 2022/07/07 11:29:18 rin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uvm_mmap.c,v 1.185 2023/11/21 14:35:36 riastradh Exp $");
#include "opt_compat_netbsd.h"
#include "opt_pax.h"
@@ -282,9 +282,7 @@ sys_mmap(struct lwp *l, const struct sys
struct file *fp = NULL;
struct uvm_object *uobj;
int error;
-#ifdef PAX_ASLR
vaddr_t orig_addr;
-#endif /* PAX_ASLR */
/*
* first, extract syscall args from the uap.
@@ -298,9 +296,7 @@ sys_mmap(struct lwp *l, const struct sys
fd = SCARG(uap, fd);
pos = SCARG(uap, pos);
-#ifdef PAX_ASLR
orig_addr = addr;
-#endif /* PAX_ASLR */
if ((flags & (MAP_SHARED|MAP_PRIVATE)) == (MAP_SHARED|MAP_PRIVATE))
return EINVAL;
