Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys Allow enabling and disabling PaX ASLR debug
details: https://anonhg.NetBSD.org/src/rev/7469c11d20a7
branches: trunk
changeset: 344280:7469c11d20a7
user: christos <christos%NetBSD.org@localhost>
date: Sat Mar 19 18:56:37 2016 +0000
description:
Allow enabling and disabling PaX ASLR debug
diffstat:
sys/kern/exec_elf.c | 15 ++++++++-------
sys/kern/kern_pax.c | 43 +++++++++++++++++++++++++++++++++----------
sys/sys/pax.h | 5 ++++-
3 files changed, 45 insertions(+), 18 deletions(-)
diffs (168 lines):
diff -r cf765a5ff574 -r 7469c11d20a7 sys/kern/exec_elf.c
--- a/sys/kern/exec_elf.c Sat Mar 19 18:50:25 2016 +0000
+++ b/sys/kern/exec_elf.c Sat Mar 19 18:56:37 2016 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: exec_elf.c,v 1.81 2015/11/26 13:15:34 martin Exp $ */
+/* $NetBSD: exec_elf.c,v 1.82 2016/03/19 18:56:37 christos Exp $ */
/*-
* Copyright (c) 1994, 2000, 2005, 2015 The NetBSD Foundation, Inc.
@@ -57,7 +57,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(1, "$NetBSD: exec_elf.c,v 1.81 2015/11/26 13:15:34 martin Exp $");
+__KERNEL_RCSID(1, "$NetBSD: exec_elf.c,v 1.82 2016/03/19 18:56:37 christos Exp $");
#ifdef _KERNEL_OPT
#include "opt_pax.h"
@@ -140,11 +140,12 @@
delta = PAX_ASLR_DELTA(r, l2, PAX_ASLR_DELTA_EXEC_LEN);
offset = ELF_TRUNC(delta, pax_align) + PAGE_SIZE;
#ifdef PAX_ASLR_DEBUG
- uprintf("r=0x%x l2=0x%zx PGSHIFT=0x%x Delta=0x%zx\n", r, l2,
- PGSHIFT, delta);
- uprintf("pax offset=0x%llx entry=0x%llx\n",
- (unsigned long long)offset,
- (unsigned long long)eh->e_entry);
+ if (pax_aslr_debug) {
+ uprintf("%s: r=%#x l2=%#zx pax_align=%#zx delta=%#zx\n",
+ __func__, r, l2, pax_align, delta);
+ uprintf("%s: pax offset=%#jx entry=%#jx\n", __func__,
+ (uintmax_t)offset, (uintmax_t)eh->e_entry);
+ }
#endif /* PAX_ASLR_DEBUG */
} else
#endif /* PAX_ASLR */
diff -r cf765a5ff574 -r 7469c11d20a7 sys/kern/kern_pax.c
--- a/sys/kern/kern_pax.c Sat Mar 19 18:50:25 2016 +0000
+++ b/sys/kern/kern_pax.c Sat Mar 19 18:56:37 2016 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_pax.c,v 1.33 2015/10/09 02:00:59 christos Exp $ */
+/* $NetBSD: kern_pax.c,v 1.34 2016/03/19 18:56:37 christos Exp $ */
/*
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -57,7 +57,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_pax.c,v 1.33 2015/10/09 02:00:59 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_pax.c,v 1.34 2016/03/19 18:56:37 christos Exp $");
#include "opt_pax.h"
@@ -68,6 +68,7 @@
#include <sys/pax.h>
#include <sys/sysctl.h>
#include <sys/kmem.h>
+#include <sys/mman.h>
#include <sys/fileassoc.h>
#include <sys/syslog.h>
#include <sys/vnode.h>
@@ -76,7 +77,9 @@
#include <sys/cprng.h>
#ifdef PAX_ASLR_DEBUG
-#define PAX_DPRINTF(_fmt, args...) uprintf("%s: " _fmt "\n", __func__, ##args)
+#define PAX_DPRINTF(_fmt, args...) \
+ do if (pax_aslr_debug) uprintf("%s: " _fmt "\n", __func__, ##args); \
+ while (/*CONSTCOND*/0)
#else
#define PAX_DPRINTF(_fmt, args...) do {} while (/*CONSTCOND*/0)
#endif
@@ -120,6 +123,10 @@
#define PAX_SEGVGUARD_MAXCRASHES 5
#endif
+#ifdef PAX_ASLR_DEBUG
+int pax_aslr_debug;
+#endif
+
static int pax_segvguard_enabled = 1;
static int pax_segvguard_global = PAX_SEGVGUARD;
static int pax_segvguard_expiry = PAX_SEGVGUARD_EXPIRY;
@@ -242,6 +249,14 @@
"specified, apply to all processes."),
NULL, 0, &pax_aslr_global, 0,
CTL_CREATE, CTL_EOL);
+#ifdef PAX_ASLR_DEBUG
+ sysctl_createv(clog, 0, &rnode, NULL,
+ CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+ CTLTYPE_INT, "debug",
+ SYSCTL_DESCR("Pring ASLR selected addresses."),
+ NULL, 0, &pax_aslr_debug, 0,
+ CTL_CREATE, CTL_EOL);
+#endif
sysctl_createv(clog, 0, &rnode, NULL,
CTLFLAG_PERMANENT|CTLFLAG_IMMEDIATE,
CTLTYPE_INT, "mmap_len",
@@ -391,6 +406,7 @@
vm->vm_aslr_delta_mmap = PAX_ASLR_DELTA(cprng_fast32(),
PAX_ASLR_DELTA_MMAP_LSB, PAX_ASLR_DELTA_MMAP_LEN);
+ PAX_DPRINTF("delta_mmap=%#jx", vm->vm_aslr_delta_mmap);
}
void
@@ -398,18 +414,25 @@
{
if (!pax_aslr_active(l))
return;
+#ifdef PAX_ASLR_DEBUG
+ char buf[256];
+ if (pax_aslr_debug)
+ snprintb(buf, sizeof(buf), MAP_FMT, f);
+ else
+ buf[0] = '\0';
+#endif
if (!(f & MAP_FIXED) && ((orig_addr == 0) || !(f & MAP_ANON))) {
- PAX_DPRINTF("applying to 0x%lx orig_addr=0x%lx f=%x",
- (unsigned long)*addr, (unsigned long)orig_addr, f);
+ PAX_DPRINTF("applying to %#jx orig_addr=%#jx f=%s",
+ (uintmax_t)*addr, (uintmax_t)orig_addr, buf);
if (!(l->l_proc->p_vmspace->vm_map.flags & VM_MAP_TOPDOWN))
*addr += l->l_proc->p_vmspace->vm_aslr_delta_mmap;
else
*addr -= l->l_proc->p_vmspace->vm_aslr_delta_mmap;
- PAX_DPRINTF("result 0x%lx", *addr);
+ PAX_DPRINTF("result %#jx", (uintmax_t)*addr);
} else {
- PAX_DPRINTF("not applying to 0x%lx orig_addr=0x%lx f=%x",
- (unsigned long)*addr, (unsigned long)orig_addr, f);
+ PAX_DPRINTF("not applying to %#jx orig_addr=%#jx f=%s",
+ (uintmax_t)*addr, (uintmax_t)orig_addr, buf);
}
}
@@ -422,8 +445,8 @@
u_long d = PAX_ASLR_DELTA(cprng_fast32(),
PAX_ASLR_DELTA_STACK_LSB,
PAX_ASLR_DELTA_STACK_LEN);
- PAX_DPRINTF("stack 0x%lx d=0x%lx 0x%lx",
- epp->ep_minsaddr, d, epp->ep_minsaddr - d);
+ PAX_DPRINTF("stack %#jx delta=%#lx diff=%lx",
+ (uintmax_t)epp->ep_minsaddr, d, epp->ep_minsaddr - d);
epp->ep_minsaddr -= d;
*max_stack_size -= d;
if (epp->ep_ssize > *max_stack_size)
diff -r cf765a5ff574 -r 7469c11d20a7 sys/sys/pax.h
--- a/sys/sys/pax.h Sat Mar 19 18:50:25 2016 +0000
+++ b/sys/sys/pax.h Sat Mar 19 18:56:37 2016 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: pax.h,v 1.16 2015/09/26 16:12:24 maxv Exp $ */
+/* $NetBSD: pax.h,v 1.17 2016/03/19 18:56:37 christos Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat <elad%NetBSD.org@localhost>
@@ -48,6 +48,9 @@
#define PAX_ASLR_DELTA_EXEC_LEN 12
#endif
#endif /* PAX_ASLR */
+#ifdef PAX_ASLR_DEBUG
+extern int pax_aslr_debug;
+#endif
void pax_init(void);
void pax_setup_elf_flags(struct exec_package *, uint32_t);
Home |
Main Index |
Thread Index |
Old Index