il_7029-2 Sdiff usr/src/uts/common/os/fork.c

Print this page

Code review comments from jeffpc
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

1070         cp->p_siginfo = pp->p_siginfo;
1071         cp->p_flag = pp->p_flag & (SJCTL|SNOWAIT|SNOCD);
1072         cp->p_sessp = pp->p_sessp;
1073         sess_hold(pp);
1074         cp->p_brand = pp->p_brand;
1075         if (PROC_IS_BRANDED(pp))
1076                 BROP(pp)->b_copy_procdata(cp, pp);
1077         cp->p_bssbase = pp->p_bssbase;
1078         cp->p_brkbase = pp->p_brkbase;
1079         cp->p_brksize = pp->p_brksize;
1080         cp->p_brkpageszc = pp->p_brkpageszc;
1081         cp->p_stksize = pp->p_stksize;
1082         cp->p_stkpageszc = pp->p_stkpageszc;
1083         cp->p_stkprot = pp->p_stkprot;
1084         cp->p_datprot = pp->p_datprot;
1085         cp->p_usrstack = pp->p_usrstack;
1086         cp->p_model = pp->p_model;
1087         cp->p_ppid = pp->p_pid;
1088         cp->p_ancpid = pp->p_pid;
1089         cp->p_portcnt = pp->p_portcnt;





1090 
1091         /*
1092          * Initialize watchpoint structures
1093          */
1094         avl_create(&cp->p_warea, wa_compare, sizeof (struct watched_area),
1095             offsetof(struct watched_area, wa_link));
1096 
1097         /*
1098          * Initialize immediate resource control values.
1099          */
1100         cp->p_stk_ctl = pp->p_stk_ctl;
1101         cp->p_fsz_ctl = pp->p_fsz_ctl;
1102         cp->p_vmem_ctl = pp->p_vmem_ctl;
1103         cp->p_fno_ctl = pp->p_fno_ctl;
1104 
1105         /*
1106          * Link up to parent-child-sibling chain.  No need to lock
1107          * in general since only a call to freeproc() (done by the
1108          * same parent as newproc()) diddles with the child chain.
1109          */

1070         cp->p_siginfo = pp->p_siginfo;
1071         cp->p_flag = pp->p_flag & (SJCTL|SNOWAIT|SNOCD);
1072         cp->p_sessp = pp->p_sessp;
1073         sess_hold(pp);
1074         cp->p_brand = pp->p_brand;
1075         if (PROC_IS_BRANDED(pp))
1076                 BROP(pp)->b_copy_procdata(cp, pp);
1077         cp->p_bssbase = pp->p_bssbase;
1078         cp->p_brkbase = pp->p_brkbase;
1079         cp->p_brksize = pp->p_brksize;
1080         cp->p_brkpageszc = pp->p_brkpageszc;
1081         cp->p_stksize = pp->p_stksize;
1082         cp->p_stkpageszc = pp->p_stkpageszc;
1083         cp->p_stkprot = pp->p_stkprot;
1084         cp->p_datprot = pp->p_datprot;
1085         cp->p_usrstack = pp->p_usrstack;
1086         cp->p_model = pp->p_model;
1087         cp->p_ppid = pp->p_pid;
1088         cp->p_ancpid = pp->p_pid;
1089         cp->p_portcnt = pp->p_portcnt;
1090         /*
1091          * Security flags are preserved on fork, the inherited copy come into
1092          * effect on exec
1093          */
1094         cp->p_secflags = pp->p_secflags;
1095 
1096         /*
1097          * Initialize watchpoint structures
1098          */
1099         avl_create(&cp->p_warea, wa_compare, sizeof (struct watched_area),
1100             offsetof(struct watched_area, wa_link));
1101 
1102         /*
1103          * Initialize immediate resource control values.
1104          */
1105         cp->p_stk_ctl = pp->p_stk_ctl;
1106         cp->p_fsz_ctl = pp->p_fsz_ctl;
1107         cp->p_vmem_ctl = pp->p_vmem_ctl;
1108         cp->p_fno_ctl = pp->p_fno_ctl;
1109 
1110         /*
1111          * Link up to parent-child-sibling chain.  No need to lock
1112          * in general since only a call to freeproc() (done by the
1113          * same parent as newproc()) diddles with the child chain.
1114          */