Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.


  31 
  32 #include <sys/time.h>
  33 #include <sys/thread.h>
  34 #include <sys/cred.h>
  35 #include <sys/user.h>
  36 #include <sys/watchpoint.h>
  37 #include <sys/timer.h>
  38 #if defined(__x86)
  39 #include <sys/tss.h>
  40 #include <sys/segments.h>
  41 #endif
  42 #include <sys/utrap.h>
  43 #include <sys/model.h>
  44 #include <sys/refstr.h>
  45 #include <sys/avl.h>
  46 #include <sys/rctl.h>
  47 #include <sys/list.h>
  48 #include <sys/avl.h>
  49 #include <sys/door_impl.h>
  50 #include <sys/signalfd.h>

  51 
  52 #ifdef  __cplusplus
  53 extern "C" {
  54 #endif
  55 
  56 /*
  57  * Profile arguments.
  58  */
  59 struct prof {
  60         void            *pr_base;       /* buffer base */
  61         uintptr_t       pr_off;         /* pc offset */
  62         size_t          pr_size;        /* buffer size */
  63         uint32_t        pr_scale;       /* pc scaling */
  64         long            pr_samples;     /* sample count */
  65 };
  66 
  67 /*
  68  * An lwp directory entry.
  69  * If le_thread != NULL, this is an active lwp.
  70  * If le_thread == NULL, this is an unreaped zombie lwp.


 332         avl_tree_t      p_ct_held;      /* held contracts */
 333         struct ct_equeue **p_ct_equeue; /* process-type event queues */
 334 
 335         struct cont_process *p_ct_process; /* process contract */
 336         list_node_t     p_ct_member;    /* process contract membership */
 337         sigqueue_t      *p_killsqp;     /* sigqueue pointer for SIGKILL */
 338 
 339         int             p_dtrace_probes; /* are there probes for this proc? */
 340         uint64_t        p_dtrace_count; /* number of DTrace tracepoints */
 341                                         /* (protected by P_PR_LOCK) */
 342         void            *p_dtrace_helpers; /* DTrace helpers, if any */
 343         struct pool     *p_pool;        /* pointer to containing pool */
 344         kcondvar_t      p_poolcv;       /* synchronization with pools */
 345         uint_t          p_poolcnt;      /* # threads inside pool barrier */
 346         uint_t          p_poolflag;     /* pool-related flags (see below) */
 347         uintptr_t       p_portcnt;      /* event ports counter */
 348         struct zone     *p_zone;        /* zone in which process lives */
 349         struct vnode    *p_execdir;     /* directory that p_exec came from */
 350         struct brand    *p_brand;       /* process's brand  */
 351         void            *p_brand_data;  /* per-process brand state */

 352 
 353         /* additional lock to protect p_sessp (but not its contents) */
 354         kmutex_t p_splock;
 355         rctl_qty_t      p_locked_mem;   /* locked memory charged to proc */
 356                                         /* protected by p_lock */
 357         rctl_qty_t      p_crypto_mem;   /* /dev/crypto memory charged to proc */
 358                                         /* protected by p_lock */
 359         clock_t p_ttime;                /* buffered task time */
 360 
 361         /*
 362          * The user structure
 363          */
 364         struct user p_user;             /* (see sys/user.h) */
 365 } proc_t;
 366 
 367 #define PROC_T                          /* headers relying on proc_t are OK */
 368 
 369 #ifdef _KERNEL
 370 
 371 /* active process chain */




  31 
  32 #include <sys/time.h>
  33 #include <sys/thread.h>
  34 #include <sys/cred.h>
  35 #include <sys/user.h>
  36 #include <sys/watchpoint.h>
  37 #include <sys/timer.h>
  38 #if defined(__x86)
  39 #include <sys/tss.h>
  40 #include <sys/segments.h>
  41 #endif
  42 #include <sys/utrap.h>
  43 #include <sys/model.h>
  44 #include <sys/refstr.h>
  45 #include <sys/avl.h>
  46 #include <sys/rctl.h>
  47 #include <sys/list.h>
  48 #include <sys/avl.h>
  49 #include <sys/door_impl.h>
  50 #include <sys/signalfd.h>
  51 #include <sys/secflags.h>
  52 
  53 #ifdef  __cplusplus
  54 extern "C" {
  55 #endif
  56 
  57 /*
  58  * Profile arguments.
  59  */
  60 struct prof {
  61         void            *pr_base;       /* buffer base */
  62         uintptr_t       pr_off;         /* pc offset */
  63         size_t          pr_size;        /* buffer size */
  64         uint32_t        pr_scale;       /* pc scaling */
  65         long            pr_samples;     /* sample count */
  66 };
  67 
  68 /*
  69  * An lwp directory entry.
  70  * If le_thread != NULL, this is an active lwp.
  71  * If le_thread == NULL, this is an unreaped zombie lwp.


 333         avl_tree_t      p_ct_held;      /* held contracts */
 334         struct ct_equeue **p_ct_equeue; /* process-type event queues */
 335 
 336         struct cont_process *p_ct_process; /* process contract */
 337         list_node_t     p_ct_member;    /* process contract membership */
 338         sigqueue_t      *p_killsqp;     /* sigqueue pointer for SIGKILL */
 339 
 340         int             p_dtrace_probes; /* are there probes for this proc? */
 341         uint64_t        p_dtrace_count; /* number of DTrace tracepoints */
 342                                         /* (protected by P_PR_LOCK) */
 343         void            *p_dtrace_helpers; /* DTrace helpers, if any */
 344         struct pool     *p_pool;        /* pointer to containing pool */
 345         kcondvar_t      p_poolcv;       /* synchronization with pools */
 346         uint_t          p_poolcnt;      /* # threads inside pool barrier */
 347         uint_t          p_poolflag;     /* pool-related flags (see below) */
 348         uintptr_t       p_portcnt;      /* event ports counter */
 349         struct zone     *p_zone;        /* zone in which process lives */
 350         struct vnode    *p_execdir;     /* directory that p_exec came from */
 351         struct brand    *p_brand;       /* process's brand  */
 352         void            *p_brand_data;  /* per-process brand state */
 353         psecflags_t     p_secflags;     /* per-process security flags */
 354 
 355         /* additional lock to protect p_sessp (but not its contents) */
 356         kmutex_t p_splock;
 357         rctl_qty_t      p_locked_mem;   /* locked memory charged to proc */
 358                                         /* protected by p_lock */
 359         rctl_qty_t      p_crypto_mem;   /* /dev/crypto memory charged to proc */
 360                                         /* protected by p_lock */
 361         clock_t p_ttime;                /* buffered task time */
 362 
 363         /*
 364          * The user structure
 365          */
 366         struct user p_user;             /* (see sys/user.h) */
 367 } proc_t;
 368 
 369 #define PROC_T                          /* headers relying on proc_t are OK */
 370 
 371 #ifdef _KERNEL
 372 
 373 /* active process chain */