Print this page
uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap.  Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it


  30 #define _SYS_PROC_H
  31 
  32 #include <sys/time.h>
  33 #include <sys/thread.h>
  34 #include <sys/cred.h>
  35 #include <sys/user.h>
  36 #include <sys/watchpoint.h>
  37 #include <sys/timer.h>
  38 #if defined(__x86)
  39 #include <sys/tss.h>
  40 #include <sys/segments.h>
  41 #endif
  42 #include <sys/utrap.h>
  43 #include <sys/model.h>
  44 #include <sys/refstr.h>
  45 #include <sys/avl.h>
  46 #include <sys/rctl.h>
  47 #include <sys/list.h>
  48 #include <sys/avl.h>
  49 #include <sys/door_impl.h>

  50 
  51 #ifdef  __cplusplus
  52 extern "C" {
  53 #endif
  54 
  55 /*
  56  * Profile arguments.
  57  */
  58 struct prof {
  59         void            *pr_base;       /* buffer base */
  60         uintptr_t       pr_off;         /* pc offset */
  61         size_t          pr_size;        /* buffer size */
  62         uint32_t        pr_scale;       /* pc scaling */
  63         long            pr_samples;     /* sample count */
  64 };
  65 
  66 /*
  67  * An lwp directory entry.
  68  * If le_thread != NULL, this is an active lwp.
  69  * If le_thread == NULL, this is an unreaped zombie lwp.


 330         avl_tree_t      p_ct_held;      /* held contracts */
 331         struct ct_equeue **p_ct_equeue; /* process-type event queues */
 332 
 333         struct cont_process *p_ct_process; /* process contract */
 334         list_node_t     p_ct_member;    /* process contract membership */
 335         sigqueue_t      *p_killsqp;     /* sigqueue pointer for SIGKILL */
 336 
 337         int             p_dtrace_probes; /* are there probes for this proc? */
 338         uint64_t        p_dtrace_count; /* number of DTrace tracepoints */
 339                                         /* (protected by P_PR_LOCK) */
 340         void            *p_dtrace_helpers; /* DTrace helpers, if any */
 341         struct pool     *p_pool;        /* pointer to containing pool */
 342         kcondvar_t      p_poolcv;       /* synchronization with pools */
 343         uint_t          p_poolcnt;      /* # threads inside pool barrier */
 344         uint_t          p_poolflag;     /* pool-related flags (see below) */
 345         uintptr_t       p_portcnt;      /* event ports counter */
 346         struct zone     *p_zone;        /* zone in which process lives */
 347         struct vnode    *p_execdir;     /* directory that p_exec came from */
 348         struct brand    *p_brand;       /* process's brand  */
 349         void            *p_brand_data;  /* per-process brand state */

 350 
 351         /* additional lock to protect p_sessp (but not its contents) */
 352         kmutex_t p_splock;
 353         rctl_qty_t      p_locked_mem;   /* locked memory charged to proc */
 354                                         /* protected by p_lock */
 355         rctl_qty_t      p_crypto_mem;   /* /dev/crypto memory charged to proc */
 356                                         /* protected by p_lock */
 357         clock_t p_ttime;                /* buffered task time */
 358 
 359         /*
 360          * The user structure
 361          */
 362         struct user p_user;             /* (see sys/user.h) */
 363 } proc_t;
 364 
 365 #define PROC_T                          /* headers relying on proc_t are OK */
 366 
 367 #ifdef _KERNEL
 368 
 369 /* active process chain */


 767 extern  void    lwp_stk_cache_init(void);
 768 extern  void    lwp_stk_fini(klwp_t *);
 769 extern  void    lwp_installctx(klwp_t *);
 770 extern  void    lwp_rtt(void);
 771 extern  void    lwp_rtt_initial(void);
 772 extern  int     lwp_setprivate(klwp_t *, int, uintptr_t);
 773 extern  void    lwp_stat_update(lwp_stat_id_t, long);
 774 extern  void    lwp_attach_brand_hdlrs(klwp_t *);
 775 extern  void    lwp_detach_brand_hdlrs(klwp_t *);
 776 
 777 #if defined(__sparcv9)
 778 extern  void    lwp_mmodel_newlwp(void);
 779 extern  void    lwp_mmodel_shared_as(caddr_t, size_t);
 780 #define LWP_MMODEL_NEWLWP()             lwp_mmodel_newlwp()
 781 #define LWP_MMODEL_SHARED_AS(addr, sz)  lwp_mmodel_shared_as((addr), (sz))
 782 #else
 783 #define LWP_MMODEL_NEWLWP()
 784 #define LWP_MMODEL_SHARED_AS(addr, sz)
 785 #endif
 786 







 787 /*
 788  * Signal queue function prototypes. Must be here due to header ordering
 789  * dependencies.
 790  */
 791 extern void sigqfree(proc_t *);
 792 extern void siginfofree(sigqueue_t *);
 793 extern void sigdeq(proc_t *, kthread_t *, int, sigqueue_t **);
 794 extern void sigdelq(proc_t *, kthread_t *, int);
 795 extern void sigaddq(proc_t *, kthread_t *, k_siginfo_t *, int);
 796 extern void sigaddqa(proc_t *, kthread_t *, sigqueue_t *);
 797 extern void sigqsend(int, proc_t *, kthread_t *, sigqueue_t *);
 798 extern void sigdupq(proc_t *, proc_t *);
 799 extern int sigwillqueue(int, int);
 800 extern sigqhdr_t *sigqhdralloc(size_t, uint_t);
 801 extern sigqueue_t *sigqalloc(sigqhdr_t *);
 802 extern void sigqhdrfree(sigqhdr_t *);
 803 extern sigqueue_t *sigappend(k_sigset_t *, sigqueue_t *,
 804         k_sigset_t *, sigqueue_t *);
 805 extern sigqueue_t *sigprepend(k_sigset_t *, sigqueue_t *,
 806         k_sigset_t *, sigqueue_t *);


  30 #define _SYS_PROC_H
  31 
  32 #include <sys/time.h>
  33 #include <sys/thread.h>
  34 #include <sys/cred.h>
  35 #include <sys/user.h>
  36 #include <sys/watchpoint.h>
  37 #include <sys/timer.h>
  38 #if defined(__x86)
  39 #include <sys/tss.h>
  40 #include <sys/segments.h>
  41 #endif
  42 #include <sys/utrap.h>
  43 #include <sys/model.h>
  44 #include <sys/refstr.h>
  45 #include <sys/avl.h>
  46 #include <sys/rctl.h>
  47 #include <sys/list.h>
  48 #include <sys/avl.h>
  49 #include <sys/door_impl.h>
  50 #include <sys/secflags.h>
  51 
  52 #ifdef  __cplusplus
  53 extern "C" {
  54 #endif
  55 
  56 /*
  57  * Profile arguments.
  58  */
  59 struct prof {
  60         void            *pr_base;       /* buffer base */
  61         uintptr_t       pr_off;         /* pc offset */
  62         size_t          pr_size;        /* buffer size */
  63         uint32_t        pr_scale;       /* pc scaling */
  64         long            pr_samples;     /* sample count */
  65 };
  66 
  67 /*
  68  * An lwp directory entry.
  69  * If le_thread != NULL, this is an active lwp.
  70  * If le_thread == NULL, this is an unreaped zombie lwp.


 331         avl_tree_t      p_ct_held;      /* held contracts */
 332         struct ct_equeue **p_ct_equeue; /* process-type event queues */
 333 
 334         struct cont_process *p_ct_process; /* process contract */
 335         list_node_t     p_ct_member;    /* process contract membership */
 336         sigqueue_t      *p_killsqp;     /* sigqueue pointer for SIGKILL */
 337 
 338         int             p_dtrace_probes; /* are there probes for this proc? */
 339         uint64_t        p_dtrace_count; /* number of DTrace tracepoints */
 340                                         /* (protected by P_PR_LOCK) */
 341         void            *p_dtrace_helpers; /* DTrace helpers, if any */
 342         struct pool     *p_pool;        /* pointer to containing pool */
 343         kcondvar_t      p_poolcv;       /* synchronization with pools */
 344         uint_t          p_poolcnt;      /* # threads inside pool barrier */
 345         uint_t          p_poolflag;     /* pool-related flags (see below) */
 346         uintptr_t       p_portcnt;      /* event ports counter */
 347         struct zone     *p_zone;        /* zone in which process lives */
 348         struct vnode    *p_execdir;     /* directory that p_exec came from */
 349         struct brand    *p_brand;       /* process's brand  */
 350         void            *p_brand_data;  /* per-process brand state */
 351         psecflags_t     p_secflags;     /* per-process security flags */
 352 
 353         /* additional lock to protect p_sessp (but not its contents) */
 354         kmutex_t p_splock;
 355         rctl_qty_t      p_locked_mem;   /* locked memory charged to proc */
 356                                         /* protected by p_lock */
 357         rctl_qty_t      p_crypto_mem;   /* /dev/crypto memory charged to proc */
 358                                         /* protected by p_lock */
 359         clock_t p_ttime;                /* buffered task time */
 360 
 361         /*
 362          * The user structure
 363          */
 364         struct user p_user;             /* (see sys/user.h) */
 365 } proc_t;
 366 
 367 #define PROC_T                          /* headers relying on proc_t are OK */
 368 
 369 #ifdef _KERNEL
 370 
 371 /* active process chain */


 769 extern  void    lwp_stk_cache_init(void);
 770 extern  void    lwp_stk_fini(klwp_t *);
 771 extern  void    lwp_installctx(klwp_t *);
 772 extern  void    lwp_rtt(void);
 773 extern  void    lwp_rtt_initial(void);
 774 extern  int     lwp_setprivate(klwp_t *, int, uintptr_t);
 775 extern  void    lwp_stat_update(lwp_stat_id_t, long);
 776 extern  void    lwp_attach_brand_hdlrs(klwp_t *);
 777 extern  void    lwp_detach_brand_hdlrs(klwp_t *);
 778 
 779 #if defined(__sparcv9)
 780 extern  void    lwp_mmodel_newlwp(void);
 781 extern  void    lwp_mmodel_shared_as(caddr_t, size_t);
 782 #define LWP_MMODEL_NEWLWP()             lwp_mmodel_newlwp()
 783 #define LWP_MMODEL_SHARED_AS(addr, sz)  lwp_mmodel_shared_as((addr), (sz))
 784 #else
 785 #define LWP_MMODEL_NEWLWP()
 786 #define LWP_MMODEL_SHARED_AS(addr, sz)
 787 #endif
 788 
 789 /* Security flag manipulation */
 790 extern boolean_t secflag_enabled(proc_t *, uint_t);
 791 extern void secflag_set(proc_t *, uint_t);
 792 extern void secflag_enable(proc_t *, uint_t);
 793 extern void secflag_disable(proc_t *, uint_t);
 794 extern void secflag_promote(proc_t *);
 795 
 796 /*
 797  * Signal queue function prototypes. Must be here due to header ordering
 798  * dependencies.
 799  */
 800 extern void sigqfree(proc_t *);
 801 extern void siginfofree(sigqueue_t *);
 802 extern void sigdeq(proc_t *, kthread_t *, int, sigqueue_t **);
 803 extern void sigdelq(proc_t *, kthread_t *, int);
 804 extern void sigaddq(proc_t *, kthread_t *, k_siginfo_t *, int);
 805 extern void sigaddqa(proc_t *, kthread_t *, sigqueue_t *);
 806 extern void sigqsend(int, proc_t *, kthread_t *, sigqueue_t *);
 807 extern void sigdupq(proc_t *, proc_t *);
 808 extern int sigwillqueue(int, int);
 809 extern sigqhdr_t *sigqhdralloc(size_t, uint_t);
 810 extern sigqueue_t *sigqalloc(sigqhdr_t *);
 811 extern void sigqhdrfree(sigqhdr_t *);
 812 extern sigqueue_t *sigappend(k_sigset_t *, sigqueue_t *,
 813         k_sigset_t *, sigqueue_t *);
 814 extern sigqueue_t *sigprepend(k_sigset_t *, sigqueue_t *,
 815         k_sigset_t *, sigqueue_t *);