[src/trunk]: src/sys/kern Fix issues with stack allocation and pax aslr:

[christos <christos%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/80eb94159bfd
branches:  trunk
changeset: 757287:80eb94159bfd
user:      christos <christos%NetBSD.org@localhost>
date:      Mon Aug 23 20:53:08 2010 +0000

description:
Fix issues with stack allocation and pax aslr:
- since the size is unsigned, don't check just that it is > 0, but limit
  it to the MAXSSIZ
- if the stack size is reduced because of aslr, make sure we reduce the
  actual allocation by the same size so that the size does not wrap around.
NB: Must be pulled up to 5.x!

diffstat:

 sys/kern/exec_subr.c |  10 +++++-----
 sys/kern/kern_pax.c  |   6 ++++--
 2 files changed, 9 insertions(+), 7 deletions(-)

diffs (75 lines):

diff -r 89ffd09d5f56 -r 80eb94159bfd sys/kern/exec_subr.c
--- a/sys/kern/exec_subr.c      Mon Aug 23 20:49:53 2010 +0000
+++ b/sys/kern/exec_subr.c      Mon Aug 23 20:53:08 2010 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: exec_subr.c,v 1.64 2010/06/24 13:03:11 hannken Exp $   */
+/*     $NetBSD: exec_subr.c,v 1.65 2010/08/23 20:53:08 christos Exp $  */
 
 /*
  * Copyright (c) 1993, 1994, 1996 Christopher G. Demetriou
@@ -31,7 +31,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: exec_subr.c,v 1.64 2010/06/24 13:03:11 hannken Exp $");
+__KERNEL_RCSID(0, "$NetBSD: exec_subr.c,v 1.65 2010/08/23 20:53:08 christos Exp $");
 
 #include "opt_pax.h"
 
@@ -388,6 +388,7 @@
                epp->ep_minsaddr = USRSTACK;
                max_stack_size = MAXSSIZ;
        }
+       epp->ep_ssize = l->l_proc->p_rlimit[RLIMIT_STACK].rlim_cur;
 
 #ifdef PAX_ASLR
        pax_aslr_stack(l, epp, &max_stack_size);
@@ -397,7 +398,6 @@
        
        epp->ep_maxsaddr = (vaddr_t)STACK_GROW(epp->ep_minsaddr,
                max_stack_size);
-       epp->ep_ssize = l->l_proc->p_rlimit[RLIMIT_STACK].rlim_cur;
 
        /*
         * set up commands for stack.  note that this takes *two*, one to
@@ -412,11 +412,11 @@
        noaccess_size = max_stack_size - access_size;
        noaccess_linear_min = (vaddr_t)STACK_ALLOC(STACK_GROW(epp->ep_minsaddr,
            access_size), noaccess_size);
-       if (noaccess_size > 0) {
+       if (noaccess_size > 0 && noaccess_size <= MAXSSIZ) {
                NEW_VMCMD2(&epp->ep_vmcmds, vmcmd_map_zero, noaccess_size,
                    noaccess_linear_min, NULL, 0, VM_PROT_NONE, VMCMD_STACK);
        }
-       KASSERT(access_size > 0);
+       KASSERT(access_size > 0 && access_size <= MAXSSIZ);
        NEW_VMCMD2(&epp->ep_vmcmds, vmcmd_map_zero, access_size,
            access_linear_min, NULL, 0, VM_PROT_READ | VM_PROT_WRITE,
            VMCMD_STACK);
diff -r 89ffd09d5f56 -r 80eb94159bfd sys/kern/kern_pax.c
--- a/sys/kern/kern_pax.c       Mon Aug 23 20:49:53 2010 +0000
+++ b/sys/kern/kern_pax.c       Mon Aug 23 20:53:08 2010 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_pax.c,v 1.23 2010/03/15 20:35:20 christos Exp $   */
+/*     $NetBSD: kern_pax.c,v 1.24 2010/08/23 20:53:08 christos Exp $   */
 
 /*-
  * Copyright (c) 2006 Elad Efrat <elad%NetBSD.org@localhost>
@@ -28,7 +28,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_pax.c,v 1.23 2010/03/15 20:35:20 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_pax.c,v 1.24 2010/08/23 20:53:08 christos Exp $");
 
 #include "opt_pax.h"
 
@@ -353,6 +353,8 @@
 #endif
                epp->ep_minsaddr -= d;
                *max_stack_size -= d;
+               if (epp->ep_ssize > *max_stack_size)
+                       epp->ep_ssize = *max_stack_size;
        }
 }
 #endif /* PAX_ASLR */