git: eb32c1c75ab0 - main - sysent: Add sv_protect

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Andrew Turner <andrew_at_FreeBSD.org>
Date: Fri, 10 Nov 2023 10:06:59 UTC
The branch main has been updated by andrew:

URL: https://cgit.FreeBSD.org/src/commit/?id=eb32c1c75ab0d8518a04ab18d46e82804b31d055

commit eb32c1c75ab0d8518a04ab18d46e82804b31d055
Author:     Andrew Turner <andrew@FreeBSD.org>
AuthorDate: 2023-11-02 09:49:27 +0000
Commit:     Andrew Turner <andrew@FreeBSD.org>
CommitDate: 2023-11-10 09:57:45 +0000

    sysent: Add sv_protect
    
    To allow for architecture specific protections add sv_protect to struct
    sysent. This can be used to apply these after the executable is loaded
    into the new address space.
    
    Reviewed by:    kib
    Sponsored by:   Arm Ltd
    Differential Revision:  https://reviews.freebsd.org/D42440
---
 sys/kern/imgact_elf.c | 6 ++++++
 sys/sys/sysent.h      | 5 +++++
 2 files changed, 11 insertions(+)

diff --git a/sys/kern/imgact_elf.c b/sys/kern/imgact_elf.c
index f361920e16d5..047bde3c250b 100644
--- a/sys/kern/imgact_elf.c
+++ b/sys/kern/imgact_elf.c
@@ -862,6 +862,9 @@ __elfN(load_file)(struct proc *p, const char *file, u_long *addr,
 	if (error != 0)
 		goto fail;
 
+	if (p->p_sysent->sv_protect != NULL)
+		p->p_sysent->sv_protect(imgp, SVP_INTERP);
+
 	*addr = base_addr;
 	*entry = (unsigned long)hdr->e_entry + rbase;
 
@@ -1369,6 +1372,9 @@ __CONCAT(exec_, __elfN(imgact))(struct image_params *imgp)
 	entry = (u_long)hdr->e_entry + imgp->et_dyn_addr;
 	imgp->entry_addr = entry;
 
+	if (sv->sv_protect != NULL)
+		sv->sv_protect(imgp, SVP_IMAGE);
+
 	if (interp != NULL) {
 		VOP_UNLOCK(imgp->vp);
 		if ((map->flags & MAP_ASLR) != 0) {
diff --git a/sys/sys/sysent.h b/sys/sys/sysent.h
index a23c338f9ce2..c582ed494be9 100644
--- a/sys/sys/sysent.h
+++ b/sys/sys/sysent.h
@@ -149,6 +149,7 @@ struct sysentvec {
 	vm_offset_t	sv_fxrng_gen_offset;
 	void		(*sv_onexec_old)(struct thread *td);
 	int		(*sv_onexec)(struct proc *, struct image_params *);
+	void		(*sv_protect)(struct image_params *, int);
 	void		(*sv_onexit)(struct proc *);
 	void		(*sv_ontdexit)(struct thread *td);
 	int		(*sv_setid_allowed)(struct thread *td,
@@ -187,6 +188,10 @@ struct sysentvec {
 #define	SVC_NOCOMPRESS	0x00000002	/* disable compression. */
 #define	SVC_ALL		0x00000004	/* dump everything */
 
+/* sv_protect flags */
+#define	SVP_IMAGE	0x00000001
+#define	SVP_INTERP	0x00000002
+
 #ifdef _KERNEL
 extern struct sysentvec aout_sysvec;
 extern struct sysent sysent[];