excluding processes from PTI
Tycho Nightingale
tychon at freebsd.org
Mon Apr 16 19:33:49 UTC 2018
In D15100, which I just put on Phabricator, it's possible for processes to be excluded from PTI. What is not in D15100 is policy, nor implementation of a policy, to select which processes are excluded from PTI.
A trivial implementation of a policy would be something like this:
@@ -2656,6 +2657,7 @@
int
pmap_pinit_type(pmap_t pmap, enum pmap_type pm_type, int flags)
{
+ struct ucred *cred = curthread->td_ucred;
vm_page_t pml4pg, pml4pgu;
vm_paddr_t pml4phys;
int i;
@@ -2689,7 +2691,7 @@
if (pm_type == PT_X86) {
pmap->pm_cr3 = pml4phys;
pmap_pinit_pml4(pml4pg);
- if (pti) {
+ if (pti && (jailed(cred) || cred->cr_ruid != 0)) {
pml4pgu = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL |
VM_ALLOC_NOOBJ | VM_ALLOC_WIRED | VM_ALLOC_WAITOK);
pmap->pm_pml4u = (pml4_entry_t *)PHYS_TO_DMAP(
which excludes those processes running as superuser and are not in-jail.
Another approach, suggested by kib, is to provide finer-grained control. Perhaps using procctl(2) instead.
I'm curious to solicit some feedback on this.
Thanks!
Tycho
More information about the freebsd-arch
mailing list