Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.


  20  */
  21 /*
  22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  */
  25 
  26 /*
  27  * UNIX machine dependent virtual memory support.
  28  */
  29 
  30 #include <sys/vm.h>
  31 #include <sys/exec.h>
  32 
  33 #include <sys/exechdr.h>
  34 #include <vm/seg_kmem.h>
  35 #include <sys/atomic.h>
  36 #include <sys/archsystm.h>
  37 #include <sys/machsystm.h>
  38 #include <sys/kdi.h>
  39 #include <sys/cpu_module.h>

  40 
  41 #include <vm/hat_sfmmu.h>
  42 
  43 #include <sys/memnode.h>
  44 
  45 #include <sys/mem_config.h>
  46 #include <sys/mem_cage.h>
  47 #include <vm/vm_dep.h>
  48 #include <vm/page.h>
  49 #include <sys/platform_module.h>
  50 
  51 /*
  52  * These variables are set by module specific config routines.
  53  * They are only set by modules which will use physical cache page coloring.
  54  */
  55 int do_pg_coloring = 0;
  56 
  57 /*
  58  * These variables can be conveniently patched at kernel load time to
  59  * prevent do_pg_coloring from being enabled by


 347                 }
 348         }
 349         *basep = lo;
 350         *lenp = hi - lo;
 351         return (1);
 352 }
 353 
 354 /*
 355  * Determine whether [*basep, *basep + *lenp) contains a mappable range of
 356  * addresses at least "minlen" long.  On success, 1 is returned and *basep
 357  * and *lenp are adjusted to describe the acceptable range.  On failure, 0
 358  * is returned.
 359  */
 360 int
 361 valid_va_range(caddr_t *basep, size_t *lenp, size_t minlen, int dir)
 362 {
 363         return (valid_va_range_aligned(basep, lenp, minlen, dir, 0, 0, 0));
 364 }
 365 
 366 /*







 367  * Determine whether [addr, addr+len] with protections `prot' are valid
 368  * for a user address space.
 369  */
 370 /*ARGSUSED*/
 371 int
 372 valid_usr_range(caddr_t addr, size_t len, uint_t prot, struct as *as,
 373     caddr_t userlimit)
 374 {
 375         caddr_t eaddr = addr + len;
 376 
 377         if (eaddr <= addr || addr >= userlimit || eaddr > userlimit)
 378                 return (RANGE_BADADDR);
 379 




 380         /*
 381          * Determine if the address range falls within an illegal
 382          * range of the MMU.
 383          */
 384         if (eaddr > hole_start && addr < hole_end)
 385                 return (RANGE_BADADDR);
 386 
 387 #if defined(SF_ERRATA_57)
 388         /*
 389          * Make sure USERLIMIT isn't raised too high
 390          */
 391         ASSERT64(addr <= (caddr_t)0xffffffff80000000ul ||
 392             errata57_limit == 0);
 393 
 394         if (AS_TYPE_64BIT(as) &&
 395             (addr < errata57_limit) &&
 396             (prot & PROT_EXEC))
 397                 return (RANGE_BADPROT);
 398 #endif /* SF_ERRATA57 */
 399         return (RANGE_OKAY);




  20  */
  21 /*
  22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  */
  25 
  26 /*
  27  * UNIX machine dependent virtual memory support.
  28  */
  29 
  30 #include <sys/vm.h>
  31 #include <sys/exec.h>
  32 
  33 #include <sys/exechdr.h>
  34 #include <vm/seg_kmem.h>
  35 #include <sys/atomic.h>
  36 #include <sys/archsystm.h>
  37 #include <sys/machsystm.h>
  38 #include <sys/kdi.h>
  39 #include <sys/cpu_module.h>
  40 #include <sys/secflags.h>
  41 
  42 #include <vm/hat_sfmmu.h>
  43 
  44 #include <sys/memnode.h>
  45 
  46 #include <sys/mem_config.h>
  47 #include <sys/mem_cage.h>
  48 #include <vm/vm_dep.h>
  49 #include <vm/page.h>
  50 #include <sys/platform_module.h>
  51 
  52 /*
  53  * These variables are set by module specific config routines.
  54  * They are only set by modules which will use physical cache page coloring.
  55  */
  56 int do_pg_coloring = 0;
  57 
  58 /*
  59  * These variables can be conveniently patched at kernel load time to
  60  * prevent do_pg_coloring from being enabled by


 348                 }
 349         }
 350         *basep = lo;
 351         *lenp = hi - lo;
 352         return (1);
 353 }
 354 
 355 /*
 356  * Determine whether [*basep, *basep + *lenp) contains a mappable range of
 357  * addresses at least "minlen" long.  On success, 1 is returned and *basep
 358  * and *lenp are adjusted to describe the acceptable range.  On failure, 0
 359  * is returned.
 360  */
 361 int
 362 valid_va_range(caddr_t *basep, size_t *lenp, size_t minlen, int dir)
 363 {
 364         return (valid_va_range_aligned(basep, lenp, minlen, dir, 0, 0, 0));
 365 }
 366 
 367 /*
 368  * Default to forbidding the first 64k of address space.  This protects most
 369  * reasonably sized structures from dereferences through NULL:
 370  *     ((foo_t *)0)->bar
 371  */
 372 uintptr_t forbidden_null_mapping_sz = 0x10000;
 373 
 374 /*
 375  * Determine whether [addr, addr+len] with protections `prot' are valid
 376  * for a user address space.
 377  */
 378 /*ARGSUSED*/
 379 int
 380 valid_usr_range(caddr_t addr, size_t len, uint_t prot, struct as *as,
 381     caddr_t userlimit)
 382 {
 383         caddr_t eaddr = addr + len;
 384 
 385         if (eaddr <= addr || addr >= userlimit || eaddr > userlimit)
 386                 return (RANGE_BADADDR);
 387 
 388         if ((addr <= (caddr_t)forbidden_null_mapping_sz) &&
 389             secflag_enabled(as->a_proc, PROC_SEC_FORBIDNULLMAP))
 390                 return (RANGE_BADADDR);
 391 
 392         /*
 393          * Determine if the address range falls within an illegal
 394          * range of the MMU.
 395          */
 396         if (eaddr > hole_start && addr < hole_end)
 397                 return (RANGE_BADADDR);
 398 
 399 #if defined(SF_ERRATA_57)
 400         /*
 401          * Make sure USERLIMIT isn't raised too high
 402          */
 403         ASSERT64(addr <= (caddr_t)0xffffffff80000000ul ||
 404             errata57_limit == 0);
 405 
 406         if (AS_TYPE_64BIT(as) &&
 407             (addr < errata57_limit) &&
 408             (prot & PROT_EXEC))
 409                 return (RANGE_BADPROT);
 410 #endif /* SF_ERRATA57 */
 411         return (RANGE_OKAY);