[src/trunk]: src/sys/kern Add a flags sysctl for ASLR to disable particular f...

[christos <christos%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/8e3d70b6dde5
branches:  trunk
changeset: 344655:8e3d70b6dde5
user:      christos <christos%NetBSD.org@localhost>
date:      Sun Apr 10 15:02:17 2016 +0000

description:
Add a flags sysctl for ASLR to disable particular features. We seem to be
having issues with stack setup.

diffstat:

 sys/kern/kern_pax.c |  28 ++++++++++++++++++++++++++--
 1 files changed, 26 insertions(+), 2 deletions(-)

diffs (77 lines):

diff -r 2dbabacd05a1 -r 8e3d70b6dde5 sys/kern/kern_pax.c
--- a/sys/kern/kern_pax.c       Sun Apr 10 09:49:14 2016 +0000
+++ b/sys/kern/kern_pax.c       Sun Apr 10 15:02:17 2016 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_pax.c,v 1.38 2016/04/07 03:31:12 christos Exp $   */
+/*     $NetBSD: kern_pax.c,v 1.39 2016/04/10 15:02:17 christos Exp $   */
 
 /*
  * Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -57,7 +57,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_pax.c,v 1.38 2016/04/07 03:31:12 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_pax.c,v 1.39 2016/04/10 15:02:17 christos Exp $");
 
 #include "opt_pax.h"
 
@@ -131,6 +131,11 @@
 
 #ifdef PAX_ASLR_DEBUG
 int pax_aslr_debug;
+/* flag set means disable */
+int pax_aslr_flags;
+#define PAX_ASLR_STACK 1
+#define PAX_ASLR_EXEC  2
+#define PAX_ASLR_MMAP  4
 #endif
 
 static int pax_segvguard_enabled = 1;
@@ -270,6 +275,12 @@
                       SYSCTL_DESCR("Pring ASLR selected addresses."),
                       NULL, 0, &pax_aslr_debug, 0,
                       CTL_CREATE, CTL_EOL);
+       sysctl_createv(clog, 0, &rnode, NULL,
+                      CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+                      CTLTYPE_INT, "flags",
+                      SYSCTL_DESCR("Disable/Enable select ASLR features."),
+                      NULL, 0, &pax_aslr_flags, 0,
+                      CTL_CREATE, CTL_EOL);
 #endif
        sysctl_createv(clog, 0, &rnode, NULL,
                       CTLFLAG_PERMANENT|CTLFLAG_IMMEDIATE,
@@ -438,6 +449,11 @@
        if (!pax_aslr_active(l))
                return;
 
+#ifdef PAX_ASLR_DEBUG
+       if (pax_aslr_flags & PAX_ASLR_MMAP)
+               return;
+#endif
+
        uint32_t len = (ep->ep_flags & EXEC_32) ?
            PAX_ASLR_DELTA_MMAP_LEN32 : PAX_ASLR_DELTA_MMAP_LEN;
 
@@ -454,6 +470,10 @@
                return;
 #ifdef PAX_ASLR_DEBUG
        char buf[256];
+
+       if (pax_aslr_flags & PAX_ASLR_MMAP)
+               return;
+
        if (pax_aslr_debug)
                snprintb(buf, sizeof(buf), MAP_FMT, f);
        else
@@ -479,6 +499,10 @@
 {
        if (!pax_aslr_epp_active(epp))
                return;
+#ifdef PAX_ASLR_DEBUG
+       if (pax_aslr_flags & PAX_ASLR_STACK)
+               return;
+#endif
 
        u_long d = PAX_ASLR_DELTA(cprng_fast32(),
            PAX_ASLR_DELTA_STACK_LSB,