7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

   1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License, Version 1.0 only
   6  * (the "License").  You may not use this file except in compliance
   7  * with the License.
   8  *
   9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  10  * or http://www.opensolaris.org/os/licensing.
  11  * See the License for the specific language governing permissions
  12  * and limitations under the License.
  13  *
  14  * When distributing Covered Code, include this CDDL HEADER in each
  15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  16  * If applicable, add the following below this CDDL HEADER, with the
  17  * fields enclosed by brackets "[]" replaced with your own identifying
  18  * information: Portions Copyright [yyyy] [name of copyright owner]
  19  *
  20  * CDDL HEADER END
  21  */
  22 /*
  23  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
  24  * Use is subject to license terms.
  25  * Copyright (c) 2013, Joyent, Inc.  All rights reserved.
  26  */
  27 
  28 #include <sys/proc.h>
  29 #include <sys/cpuvar.h>
  30 #include <sys/disp.h>
  31 
  32 /*
  33  * Install process context ops for the current process.
  34  */
  35 void
  36 installpctx(
  37         proc_t *p,
  38         void    *arg,
  39         void    (*save)(void *),
  40         void    (*restore)(void *),
  41         void    (*fork)(void *, void *),
  42         void    (*exit)(void *),
  43         void    (*free)(void *, int))
  44 {
  45         struct pctxop *pctx;
  46 
  47         pctx = kmem_alloc(sizeof (struct pctxop), KM_SLEEP);
  48         pctx->save_op = save;
  49         pctx->restore_op = restore;
  50         pctx->fork_op = fork;
  51         pctx->exit_op = exit;
  52         pctx->free_op = free;
  53         pctx->arg = arg;
  54         pctx->next = p->p_pctx;
  55         p->p_pctx = pctx;
  56 }
  57 
  58 /*
  59  * Remove a process context ops from the current process.
  60  */
  61 int
  62 removepctx(
  63         proc_t *p,
  64         void    *arg,
  65         void    (*save)(void *),
  66         void    (*restore)(void *),
  67         void    (*fork)(void *, void *),
  68         void    (*exit)(void *),
  69         void    (*free)(void *, int))
  70 {
  71         struct pctxop *pctx, *prev_pctx;
  72 
  73         prev_pctx = NULL;
  74         kpreempt_disable();
  75         for (pctx = p->p_pctx; pctx != NULL; pctx = pctx->next) {
  76                 if (pctx->save_op == save && pctx->restore_op == restore &&
  77                     pctx->fork_op == fork &&
  78                     pctx->exit_op == exit && pctx->free_op == free &&
  79                     pctx->arg == arg) {
  80                         if (prev_pctx)
  81                                 prev_pctx->next = pctx->next;
  82                         else
  83                                 p->p_pctx = pctx->next;
  84                         if (pctx->free_op != NULL)
  85                                 (pctx->free_op)(pctx->arg, 0);
  86                         kmem_free(pctx, sizeof (struct pctxop));
  87                         kpreempt_enable();
  88                         return (1);
  89                 }
  90                 prev_pctx = pctx;
  91         }
  92         kpreempt_enable();
  93         return (0);
  94 }
  95 
  96 void
  97 savepctx(proc_t *p)
  98 {
  99         struct pctxop *pctx;
 100 
 101         ASSERT(p == curthread->t_procp);
 102         for (pctx = p->p_pctx; pctx != 0; pctx = pctx->next)
 103                 if (pctx->save_op != NULL)
 104                         (pctx->save_op)(pctx->arg);
 105 }
 106 
 107 void
 108 restorepctx(proc_t *p)
 109 {
 110         struct pctxop *pctx;
 111 
 112         ASSERT(p == curthread->t_procp);
 113         for (pctx = p->p_pctx; pctx != 0; pctx = pctx->next)
 114                 if (pctx->restore_op != NULL)
 115                         (pctx->restore_op)(pctx->arg);
 116 }
 117 
 118 void
 119 forkpctx(proc_t *p, proc_t *cp)
 120 {
 121         struct pctxop *pctx;
 122 
 123         for (pctx = p->p_pctx; pctx != NULL; pctx = pctx->next)
 124                 if (pctx->fork_op != NULL)
 125                         (pctx->fork_op)(p, cp);
 126 }
 127 
 128 /*
 129  * exitpctx is called during thread/lwp exit to perform any actions
 130  * needed when an LWP in the process leaves the processor for the last
 131  * time. This routine is not intended to deal with freeing memory; freepctx()
 132  * is used for that purpose during proc_exit(). This routine is provided to
 133  * allow for clean-up that can't wait until thread_free().
 134  */
 135 void
 136 exitpctx(proc_t *p)
 137 {
 138         struct pctxop *pctx;
 139 
 140         for (pctx = p->p_pctx; pctx != NULL; pctx = pctx->next)
 141                 if (pctx->exit_op != NULL)
 142                         (pctx->exit_op)(p);
 143 }
 144 
 145 /*
 146  * freepctx is called from proc_exit() to get rid of the actual context ops.
 147  */
 148 void
 149 freepctx(proc_t *p, int isexec)
 150 {
 151         struct pctxop *pctx;
 152 
 153         kpreempt_disable();
 154         while ((pctx = p->p_pctx) != NULL) {
 155                 p->p_pctx = pctx->next;
 156                 if (pctx->free_op != NULL)
 157                         (pctx->free_op)(pctx->arg, isexec);
 158                 kmem_free(pctx, sizeof (struct pctxop));
 159         }
 160         kpreempt_enable();
 161 }
 162 
 163 boolean_t
 164 secflag_enabled(proc_t *p, secflag_t flag)
 165 {
 166         return (secflag_isset(p->p_secflags.psf_effective, flag));
 167 }
 168 
 169 void
 170 secflags_promote(proc_t *p)
 171 {
 172         secflags_copy(&p->p_secflags.psf_effective, &p->p_secflags.psf_inherit);
 173 }
--- EOF ---