Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

Split Close
Expand all
Collapse all
          --- old/usr/src/uts/sun4/vm/vm_dep.c
          +++ new/usr/src/uts/sun4/vm/vm_dep.c
↓ open down ↓ 29 lines elided ↑ open up ↑
  30   30  #include <sys/vm.h>
  31   31  #include <sys/exec.h>
  32   32  
  33   33  #include <sys/exechdr.h>
  34   34  #include <vm/seg_kmem.h>
  35   35  #include <sys/atomic.h>
  36   36  #include <sys/archsystm.h>
  37   37  #include <sys/machsystm.h>
  38   38  #include <sys/kdi.h>
  39   39  #include <sys/cpu_module.h>
       40 +#include <sys/secflags.h>
  40   41  
  41   42  #include <vm/hat_sfmmu.h>
  42   43  
  43   44  #include <sys/memnode.h>
  44   45  
  45   46  #include <sys/mem_config.h>
  46   47  #include <sys/mem_cage.h>
  47   48  #include <vm/vm_dep.h>
  48   49  #include <vm/page.h>
  49   50  #include <sys/platform_module.h>
↓ open down ↓ 307 lines elided ↑ open up ↑
 357  358   * and *lenp are adjusted to describe the acceptable range.  On failure, 0
 358  359   * is returned.
 359  360   */
 360  361  int
 361  362  valid_va_range(caddr_t *basep, size_t *lenp, size_t minlen, int dir)
 362  363  {
 363  364          return (valid_va_range_aligned(basep, lenp, minlen, dir, 0, 0, 0));
 364  365  }
 365  366  
 366  367  /*
      368 + * Default to forbidding the first 64k of address space.  This protects most
      369 + * reasonably sized structures from dereferences through NULL:
      370 + *     ((foo_t *)0)->bar
      371 + */
      372 +uintptr_t forbidden_null_mapping_sz = 0x10000;
      373 +
      374 +/*
 367  375   * Determine whether [addr, addr+len] with protections `prot' are valid
 368  376   * for a user address space.
 369  377   */
 370  378  /*ARGSUSED*/
 371  379  int
 372  380  valid_usr_range(caddr_t addr, size_t len, uint_t prot, struct as *as,
 373  381      caddr_t userlimit)
 374  382  {
 375  383          caddr_t eaddr = addr + len;
 376  384  
 377  385          if (eaddr <= addr || addr >= userlimit || eaddr > userlimit)
 378  386                  return (RANGE_BADADDR);
 379  387  
      388 +        if ((addr <= (caddr_t)forbidden_null_mapping_sz) &&
      389 +            secflag_enabled(as->a_proc, PROC_SEC_FORBIDNULLMAP))
      390 +                return (RANGE_BADADDR);
      391 +
 380  392          /*
 381  393           * Determine if the address range falls within an illegal
 382  394           * range of the MMU.
 383  395           */
 384  396          if (eaddr > hole_start && addr < hole_end)
 385  397                  return (RANGE_BADADDR);
 386  398  
 387  399  #if defined(SF_ERRATA_57)
 388  400          /*
 389  401           * Make sure USERLIMIT isn't raised too high
↓ open down ↓ 689 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX