[src/trunk]: src/sys/kern Always include a 1MB guard area beyond the end of s...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/sys/kern Always include a 1MB guard area beyond the end of s...
From: joerg <joerg%NetBSD.org@localhost>
Date: Tue, 07 Apr 2020 08:21:01 +0000

details:   https://anonhg.NetBSD.org/src/rev/f0d4f732857a
branches:  trunk
changeset: 824815:f0d4f732857a
user:      joerg <joerg%NetBSD.org@localhost>
date:      Mon Jun 19 15:53:16 2017 +0000

description:
Always include a 1MB guard area beyond the end of stack. While ASLR will
normally create a guard area as well, this provides a deterministic area
for all binaries.

Mitigates the rest of CVE-2017-1000374 and CVE-2017-1000375 from
Qualys.

diffstat:

 sys/kern/exec_subr.c |  17 +++++++++++++++--
 1 files changed, 15 insertions(+), 2 deletions(-)

diffs (45 lines):

diff -r 3c0b7e5b254c -r f0d4f732857a sys/kern/exec_subr.c
--- a/sys/kern/exec_subr.c      Mon Jun 19 15:49:21 2017 +0000
+++ b/sys/kern/exec_subr.c      Mon Jun 19 15:53:16 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: exec_subr.c,v 1.78 2017/05/07 22:54:54 christos Exp $  */
+/*     $NetBSD: exec_subr.c,v 1.79 2017/06/19 15:53:16 joerg Exp $     */
 
 /*
  * Copyright (c) 1993, 1994, 1996 Christopher G. Demetriou
@@ -31,7 +31,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: exec_subr.c,v 1.78 2017/05/07 22:54:54 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: exec_subr.c,v 1.79 2017/06/19 15:53:16 joerg Exp $");
 
 #include "opt_pax.h"
 
@@ -67,6 +67,8 @@
 #define DPRINTF(a)
 #endif
 
+uint32_t user_stack_guard_size = 1024 * 1024;
+
 /*
  * new_vmcmd():
  *     create a new vmcmd structure and fill in its fields based
@@ -440,6 +442,17 @@
            (uintmax_t)access_size, (uintmax_t)access_linear_min,
            (uintmax_t)noaccess_size, (uintmax_t)noaccess_linear_min));
 
+       if (user_stack_guard_size > 0) {
+#ifdef __MACHINE_STACK_GROWS_UP
+               vsize_t guard_size = MIN(VM_MAXUSER_ADDRESS - epp->ep_maxsaddr, user_stack_guard_size);
+               if (guard_size > 0)
+                       NEW_VMCMD(&epp->ep_vmcmds, vmcmd_map_zero, guard_size,
+                           epp->ep_maxsaddr, NULL, 0, VM_PROT_NONE);
+#else
+               NEW_VMCMD(&epp->ep_vmcmds, vmcmd_map_zero, user_stack_guard_size,
+                   epp->ep_maxsaddr - user_stack_guard_size, NULL, 0, VM_PROT_NONE);
+#endif
+       }
        if (noaccess_size > 0 && noaccess_size <= MAXSSIZ) {
                NEW_VMCMD2(&epp->ep_vmcmds, vmcmd_map_zero, noaccess_size,
                    noaccess_linear_min, NULL, 0, VM_PROT_NONE, VMCMD_STACK);

Prev by Date: [src/trunk]: src/usr.bin/make make the code look like to 1.266
Next by Date: [src/trunk]: src/sys/kern Revert for the moment, creates problems on i386.
Previous by Thread: [src/trunk]: src/usr.bin/make make the code look like to 1.266
Next by Thread: [src/trunk]: src/sys/kern Revert for the moment, creates problems on i386.
Indexes:

Home | Main Index | Thread Index | Old Index