Print this page 
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.


 142                         (pctx->exit_op)(p);
 143 }
 144 
 145 /*
 146  * freepctx is called from proc_exit() to get rid of the actual context ops.
 147  */
 148 void
 149 freepctx(proc_t *p, int isexec)
 150 {
 151         struct pctxop *pctx;
 152 
 153         kpreempt_disable();
 154         while ((pctx = p->p_pctx) != NULL) {
 155                 p->p_pctx = pctx->next;
 156                 if (pctx->free_op != NULL)
 157                         (pctx->free_op)(pctx->arg, isexec);
 158                 kmem_free(pctx, sizeof (struct pctxop));
 159         }
 160         kpreempt_enable();
 161 }















 142                         (pctx->exit_op)(p);
 143 }
 144 
 145 /*
 146  * freepctx is called from proc_exit() to get rid of the actual context ops.
 147  */
 148 void
 149 freepctx(proc_t *p, int isexec)
 150 {
 151         struct pctxop *pctx;
 152 
 153         kpreempt_disable();
 154         while ((pctx = p->p_pctx) != NULL) {
 155                 p->p_pctx = pctx->next;
 156                 if (pctx->free_op != NULL)
 157                         (pctx->free_op)(pctx->arg, isexec);
 158                 kmem_free(pctx, sizeof (struct pctxop));
 159         }
 160         kpreempt_enable();
 161 }
 162 
 163 boolean_t
 164 secflag_enabled(proc_t *p, secflag_t flag)
 165 {
 166         return (secflag_isset(p->p_secflags.psf_effective, flag));
 167 }
 168 
 169 void
 170 secflags_promote(proc_t *p)
 171 {
 172         secflags_copy(&p->p_secflags.psf_effective, &p->p_secflags.psf_inherit);
 173 }