Print this page
Code review comments from pmooney (sundry), and igork (screwups in zonecfg refactoring)
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.


  46 #include <sys/timex.h>
  47 #include <sys/socket.h>
  48 #include <sys/sendfile.h>
  49 
  50 struct hrtsysa;
  51 struct mmaplf32a;
  52 
  53 /*
  54  * This table is the switch used to transfer to the appropriate
  55  * routine for processing a system call.  Each row contains the
  56  * number of arguments expected, a switch that tells systrap()
  57  * in trap.c whether a setjmp() is not necessary, and a pointer
  58  * to the routine.
  59  */
  60 
  61 int     access(char *, int);
  62 int     alarm(int);
  63 int     auditsys(struct auditcalls *, rval_t *);
  64 int64_t brandsys(int, uintptr_t, uintptr_t, uintptr_t, uintptr_t, uintptr_t,
  65     uintptr_t);
  66 int     brk(caddr_t);
  67 int     chdir(char *);
  68 int     chmod(char *, int);
  69 int     chown(char *, uid_t, gid_t);
  70 int     chroot(char *);
  71 int     cladm(int, int, void *);
  72 int     close(int);
  73 int     exece(const char *, const char **, const char **);
  74 int     faccessat(int, char *, int, int);
  75 int     fchmodat(int, char *, int, int);
  76 int     fchownat(int, char *, uid_t, gid_t, int);
  77 int     fcntl(int, int, intptr_t);
  78 int64_t vfork();
  79 int64_t forksys(int, int);
  80 int     fstat(int, struct stat *);
  81 int     fdsync(int, int);
  82 int64_t getgid();
  83 int     ucredsys(int, int, void *);
  84 int64_t getpid();
  85 int64_t getuid();
  86 time_t  gtime();


  95 int     kill();
  96 int     labelsys(int, void *, void *, void *, void *, void *);
  97 int     link(char *, char *);
  98 int     linkat(int, char *, int, char *, int);
  99 off32_t lseek32(int32_t, off32_t, int32_t);
 100 off_t   lseek64(int, off_t, int);
 101 int     lgrpsys(int, long, void *);
 102 int     mmapobjsys(int, uint_t, mmapobj_result_t *, uint_t *, void *);
 103 int     mknod(char *, mode_t, dev_t);
 104 int     mknodat(int, char *, mode_t, dev_t);
 105 int     mount(long *, rval_t *);
 106 int     nice(int);
 107 int     nullsys();
 108 int     open(char *, int, int);
 109 int     openat(int, char *, int, int);
 110 int     pause();
 111 long    pcsample(void *, long);
 112 int     privsys(int, priv_op_t, priv_ptype_t, void *, size_t, int);
 113 int     profil(unsigned short *, size_t, ulong_t, uint_t);
 114 ssize_t pread(int, void *, size_t, off_t);

 115 ssize_t pwrite(int, void *, size_t, off_t);
 116 ssize_t read(int, void *, size_t);
 117 int     rename(char *, char *);
 118 int     renameat(int, char *, int, char *);
 119 void    rexit(int);
 120 int     semsys();
 121 int     setgid(gid_t);
 122 int     setpgrp(int, int, int);
 123 int     setuid(uid_t);
 124 uintptr_t       shmsys();
 125 uint64_t        sidsys(int, int, int, int);
 126 int     sigprocmask(int, sigset_t *, sigset_t *);
 127 int     sigsuspend(sigset_t);
 128 int     sigaltstack(struct sigaltstack *, struct sigaltstack *);
 129 int     sigaction(int, struct sigaction *, struct sigaction *);
 130 int     sigpending(int, sigset_t *);
 131 int     sigresend(int, siginfo_t *, sigset_t *);
 132 int     sigtimedwait(sigset_t *, siginfo_t *, timespec_t *);
 133 int     getsetcontext(int, void *);
 134 int     stat(char *, struct stat *);


 422         { 0, SE_LOADABLE, (int (*)())nosys, NULL, loadable_syscall }
 423 
 424 /*
 425  * Initialization macro for loadable 32-bit compatibility system calls.
 426  */
 427 #define SYSENT_LOADABLE32()     SYSENT_LOADABLE()
 428 
 429 #define SYSENT_NOSYS()          SYSENT_C("nosys", nosys, 0)
 430 
 431 struct sysent nosys_ent = SYSENT_NOSYS();
 432 
 433 /*
 434  * Native sysent table.
 435  */
 436 struct sysent sysent[NSYSCALL] =
 437 {
 438         /*  0 */ IF_LP64(
 439                         SYSENT_NOSYS(),
 440                         SYSENT_C("indir",       indir,          1)),
 441         /*  1 */ SYSENT_CI("exit",              rexit,          1),
 442         /*  2 */ SYSENT_LOADABLE(),                     /* (was forkall) */
 443         /*  3 */ SYSENT_CL("read",              read,           3),
 444         /*  4 */ SYSENT_CL("write",             write,          3),
 445         /*  5 */ SYSENT_CI("open",              open,           3),
 446         /*  6 */ SYSENT_CI("close",             close,          1),
 447         /*  7 */ SYSENT_CI("linkat",            linkat,         5),
 448         /*  8 */ SYSENT_LOADABLE(),                     /* (was creat) */
 449         /*  9 */ SYSENT_CI("link",              link,           2),
 450         /* 10 */ SYSENT_CI("unlink",            unlink,         1),
 451         /* 11 */ SYSENT_CI("symlinkat",         symlinkat,      3),
 452         /* 12 */ SYSENT_CI("chdir",             chdir,          1),
 453         /* 13 */ SYSENT_CL("time",              gtime,          0),
 454         /* 14 */ SYSENT_CI("mknod",             mknod,          3),
 455         /* 15 */ SYSENT_CI("chmod",             chmod,          2),
 456         /* 16 */ SYSENT_CI("chown",             chown,          3),
 457         /* 17 */ SYSENT_CI("brk",               brk,            1),
 458         /* 18 */ SYSENT_CI("stat",              stat,           2),
 459         /* 19 */ IF_LP64(
 460                         SYSENT_CL("lseek",      lseek64,        3),
 461                         SYSENT_CL("lseek",      lseek32,        3)),
 462         /* 20 */ SYSENT_2CI("getpid",           getpid,         0),


 803 extern int waitsys32(idtype_t, id_t, siginfo_t *, int);
 804 
 805 extern ssize_t recv32(int32_t, caddr32_t, size32_t, int32_t);
 806 extern ssize_t recvfrom32(int32_t, caddr32_t, size32_t, int32_t, caddr32_t,
 807     caddr32_t);
 808 extern ssize_t send32(int32_t, caddr32_t, size32_t, int32_t);
 809 extern ssize_t sendto32(int32_t, caddr32_t, size32_t, int32_t, caddr32_t,
 810     socklen_t);
 811 
 812 extern int privsys32(int, priv_op_t, priv_ptype_t, caddr32_t, size32_t, int);
 813 extern int ucredsys32(int, int, caddr32_t);
 814 
 815 /*
 816  * sysent table for ILP32 processes running on
 817  * a LP64 kernel.
 818  */
 819 struct sysent sysent32[NSYSCALL] =
 820 {
 821         /*  0 */ SYSENT_C("indir",              indir,          1),
 822         /*  1 */ SYSENT_CI("exit",      (int (*)())rexit,       1),
 823         /*  2 */ SYSENT_LOADABLE32(),                   /* (was forkall) */
 824         /*  3 */ SYSENT_CI("read",              read32,         3),
 825         /*  4 */ SYSENT_CI("write",             write32,        3),
 826         /*  5 */ SYSENT_CI("open",              open32,         3),
 827         /*  6 */ SYSENT_CI("close",             close,          1),
 828         /*  7 */ SYSENT_CI("linkat",            linkat,         5),
 829         /*  8 */ SYSENT_LOADABLE32(),                   /* (was creat32) */
 830         /*  9 */ SYSENT_CI("link",              link,           2),
 831         /* 10 */ SYSENT_CI("unlink",            unlink,         1),
 832         /* 11 */ SYSENT_CI("symlinkat",         symlinkat,      3),
 833         /* 12 */ SYSENT_CI("chdir",             chdir,          1),
 834         /* 13 */ SYSENT_CI("time",              gtime,          0),
 835         /* 14 */ SYSENT_CI("mknod",             mknod,          3),
 836         /* 15 */ SYSENT_CI("chmod",             chmod,          2),
 837         /* 16 */ SYSENT_CI("chown",             chown,          3),
 838         /* 17 */ SYSENT_CI("brk",               brk,            1),
 839         /* 18 */ SYSENT_CI("stat",              stat32,         2),
 840         /* 19 */ SYSENT_CI("lseek",             lseek32,        3),
 841         /* 20 */ SYSENT_2CI("getpid",           getpid,         0),
 842         /* 21 */ SYSENT_AP("mount",             mount,          8),
 843         /* 22 */ SYSENT_CI("readlinkat",        readlinkat32,   4),




  46 #include <sys/timex.h>
  47 #include <sys/socket.h>
  48 #include <sys/sendfile.h>
  49 
  50 struct hrtsysa;
  51 struct mmaplf32a;
  52 
  53 /*
  54  * This table is the switch used to transfer to the appropriate
  55  * routine for processing a system call.  Each row contains the
  56  * number of arguments expected, a switch that tells systrap()
  57  * in trap.c whether a setjmp() is not necessary, and a pointer
  58  * to the routine.
  59  */
  60 
  61 int     access(char *, int);
  62 int     alarm(int);
  63 int     auditsys(struct auditcalls *, rval_t *);
  64 int64_t brandsys(int, uintptr_t, uintptr_t, uintptr_t, uintptr_t, uintptr_t,
  65     uintptr_t);
  66 intptr_t        brk(caddr_t);
  67 int     chdir(char *);
  68 int     chmod(char *, int);
  69 int     chown(char *, uid_t, gid_t);
  70 int     chroot(char *);
  71 int     cladm(int, int, void *);
  72 int     close(int);
  73 int     exece(const char *, const char **, const char **);
  74 int     faccessat(int, char *, int, int);
  75 int     fchmodat(int, char *, int, int);
  76 int     fchownat(int, char *, uid_t, gid_t, int);
  77 int     fcntl(int, int, intptr_t);
  78 int64_t vfork();
  79 int64_t forksys(int, int);
  80 int     fstat(int, struct stat *);
  81 int     fdsync(int, int);
  82 int64_t getgid();
  83 int     ucredsys(int, int, void *);
  84 int64_t getpid();
  85 int64_t getuid();
  86 time_t  gtime();


  95 int     kill();
  96 int     labelsys(int, void *, void *, void *, void *, void *);
  97 int     link(char *, char *);
  98 int     linkat(int, char *, int, char *, int);
  99 off32_t lseek32(int32_t, off32_t, int32_t);
 100 off_t   lseek64(int, off_t, int);
 101 int     lgrpsys(int, long, void *);
 102 int     mmapobjsys(int, uint_t, mmapobj_result_t *, uint_t *, void *);
 103 int     mknod(char *, mode_t, dev_t);
 104 int     mknodat(int, char *, mode_t, dev_t);
 105 int     mount(long *, rval_t *);
 106 int     nice(int);
 107 int     nullsys();
 108 int     open(char *, int, int);
 109 int     openat(int, char *, int, int);
 110 int     pause();
 111 long    pcsample(void *, long);
 112 int     privsys(int, priv_op_t, priv_ptype_t, void *, size_t, int);
 113 int     profil(unsigned short *, size_t, ulong_t, uint_t);
 114 ssize_t pread(int, void *, size_t, off_t);
 115 int     psecflags(procset_t *, psecflagwhich_t, secflagdelta_t *);
 116 ssize_t pwrite(int, void *, size_t, off_t);
 117 ssize_t read(int, void *, size_t);
 118 int     rename(char *, char *);
 119 int     renameat(int, char *, int, char *);
 120 void    rexit(int);
 121 int     semsys();
 122 int     setgid(gid_t);
 123 int     setpgrp(int, int, int);
 124 int     setuid(uid_t);
 125 uintptr_t       shmsys();
 126 uint64_t        sidsys(int, int, int, int);
 127 int     sigprocmask(int, sigset_t *, sigset_t *);
 128 int     sigsuspend(sigset_t);
 129 int     sigaltstack(struct sigaltstack *, struct sigaltstack *);
 130 int     sigaction(int, struct sigaction *, struct sigaction *);
 131 int     sigpending(int, sigset_t *);
 132 int     sigresend(int, siginfo_t *, sigset_t *);
 133 int     sigtimedwait(sigset_t *, siginfo_t *, timespec_t *);
 134 int     getsetcontext(int, void *);
 135 int     stat(char *, struct stat *);


 423         { 0, SE_LOADABLE, (int (*)())nosys, NULL, loadable_syscall }
 424 
 425 /*
 426  * Initialization macro for loadable 32-bit compatibility system calls.
 427  */
 428 #define SYSENT_LOADABLE32()     SYSENT_LOADABLE()
 429 
 430 #define SYSENT_NOSYS()          SYSENT_C("nosys", nosys, 0)
 431 
 432 struct sysent nosys_ent = SYSENT_NOSYS();
 433 
 434 /*
 435  * Native sysent table.
 436  */
 437 struct sysent sysent[NSYSCALL] =
 438 {
 439         /*  0 */ IF_LP64(
 440                         SYSENT_NOSYS(),
 441                         SYSENT_C("indir",       indir,          1)),
 442         /*  1 */ SYSENT_CI("exit",              rexit,          1),
 443         /*  2 */ SYSENT_CI("psecflags",         psecflags,      3),
 444         /*  3 */ SYSENT_CL("read",              read,           3),
 445         /*  4 */ SYSENT_CL("write",             write,          3),
 446         /*  5 */ SYSENT_CI("open",              open,           3),
 447         /*  6 */ SYSENT_CI("close",             close,          1),
 448         /*  7 */ SYSENT_CI("linkat",            linkat,         5),
 449         /*  8 */ SYSENT_LOADABLE(),                     /* (was creat) */
 450         /*  9 */ SYSENT_CI("link",              link,           2),
 451         /* 10 */ SYSENT_CI("unlink",            unlink,         1),
 452         /* 11 */ SYSENT_CI("symlinkat",         symlinkat,      3),
 453         /* 12 */ SYSENT_CI("chdir",             chdir,          1),
 454         /* 13 */ SYSENT_CL("time",              gtime,          0),
 455         /* 14 */ SYSENT_CI("mknod",             mknod,          3),
 456         /* 15 */ SYSENT_CI("chmod",             chmod,          2),
 457         /* 16 */ SYSENT_CI("chown",             chown,          3),
 458         /* 17 */ SYSENT_CI("brk",               brk,            1),
 459         /* 18 */ SYSENT_CI("stat",              stat,           2),
 460         /* 19 */ IF_LP64(
 461                         SYSENT_CL("lseek",      lseek64,        3),
 462                         SYSENT_CL("lseek",      lseek32,        3)),
 463         /* 20 */ SYSENT_2CI("getpid",           getpid,         0),


 804 extern int waitsys32(idtype_t, id_t, siginfo_t *, int);
 805 
 806 extern ssize_t recv32(int32_t, caddr32_t, size32_t, int32_t);
 807 extern ssize_t recvfrom32(int32_t, caddr32_t, size32_t, int32_t, caddr32_t,
 808     caddr32_t);
 809 extern ssize_t send32(int32_t, caddr32_t, size32_t, int32_t);
 810 extern ssize_t sendto32(int32_t, caddr32_t, size32_t, int32_t, caddr32_t,
 811     socklen_t);
 812 
 813 extern int privsys32(int, priv_op_t, priv_ptype_t, caddr32_t, size32_t, int);
 814 extern int ucredsys32(int, int, caddr32_t);
 815 
 816 /*
 817  * sysent table for ILP32 processes running on
 818  * a LP64 kernel.
 819  */
 820 struct sysent sysent32[NSYSCALL] =
 821 {
 822         /*  0 */ SYSENT_C("indir",              indir,          1),
 823         /*  1 */ SYSENT_CI("exit",      (int (*)())rexit,       1),
 824         /*  2 */ SYSENT_CI("psecflags",         psecflags,      3),
 825         /*  3 */ SYSENT_CI("read",              read32,         3),
 826         /*  4 */ SYSENT_CI("write",             write32,        3),
 827         /*  5 */ SYSENT_CI("open",              open32,         3),
 828         /*  6 */ SYSENT_CI("close",             close,          1),
 829         /*  7 */ SYSENT_CI("linkat",            linkat,         5),
 830         /*  8 */ SYSENT_LOADABLE32(),                   /* (was creat32) */
 831         /*  9 */ SYSENT_CI("link",              link,           2),
 832         /* 10 */ SYSENT_CI("unlink",            unlink,         1),
 833         /* 11 */ SYSENT_CI("symlinkat",         symlinkat,      3),
 834         /* 12 */ SYSENT_CI("chdir",             chdir,          1),
 835         /* 13 */ SYSENT_CI("time",              gtime,          0),
 836         /* 14 */ SYSENT_CI("mknod",             mknod,          3),
 837         /* 15 */ SYSENT_CI("chmod",             chmod,          2),
 838         /* 16 */ SYSENT_CI("chown",             chown,          3),
 839         /* 17 */ SYSENT_CI("brk",               brk,            1),
 840         /* 18 */ SYSENT_CI("stat",              stat32,         2),
 841         /* 19 */ SYSENT_CI("lseek",             lseek32,        3),
 842         /* 20 */ SYSENT_2CI("getpid",           getpid,         0),
 843         /* 21 */ SYSENT_AP("mount",             mount,          8),
 844         /* 22 */ SYSENT_CI("readlinkat",        readlinkat32,   4),