svn commit: r197715 - releng/6.3 releng/6.3/sys/conf
releng/6.3/sys/fs/devfs releng/6.3/sys/kern
releng/6.3/sys/sys releng/6.4 releng/6.4/sys/conf
releng/6.4/sys/fs/devfs releng/6.4/sys/kern releng...
Simon L. Nielsen
simon at FreeBSD.org
Fri Oct 2 18:09:57 UTC 2009
Author: simon
Date: Fri Oct 2 18:09:56 2009
New Revision: 197715
URL: http://svn.freebsd.org/changeset/base/197715
Log:
MFC r197711 (partial) to 6.x and 7.x:
- Add no zero mapping feature, disabled by default. [EN-09:05]
MFC 178913,178914,179242,179243,180336,180340 to 6.x:
- Fix kqueue pipe race conditions. [SA-09:13]
MFC r192301 to 7.x; 6.x has slightly different fix:
- Fix devfs / VFS NULL pointer race condition. [SA-09:14]
Security: FreeBSD-SA-09:13.pipe
Security: FreeBSD-SA-09:14.devfs
Errata: FreeBSD-EN-09:05.null
Submitted by: kib [SA-09:13] [SA-09:14]
Submitted by: bz [EN-09:05]
In collaboration with: jhb, kib, alc [EN-09:05]
Approved by: so (simon)
Modified:
stable/7/sys/kern/kern_exec.c
Changes in other areas also in this revision:
Modified:
releng/6.3/UPDATING
releng/6.3/sys/conf/newvers.sh
releng/6.3/sys/fs/devfs/devfs_vnops.c
releng/6.3/sys/kern/kern_event.c
releng/6.3/sys/kern/kern_exec.c
releng/6.3/sys/kern/kern_fork.c
releng/6.3/sys/kern/sys_pipe.c
releng/6.3/sys/sys/event.h
releng/6.3/sys/sys/pipe.h
releng/6.4/UPDATING
releng/6.4/sys/conf/newvers.sh
releng/6.4/sys/fs/devfs/devfs_vnops.c
releng/6.4/sys/kern/kern_event.c
releng/6.4/sys/kern/kern_exec.c
releng/6.4/sys/kern/kern_fork.c
releng/6.4/sys/kern/sys_pipe.c
releng/6.4/sys/sys/event.h
releng/6.4/sys/sys/pipe.h
releng/7.1/UPDATING
releng/7.1/sys/conf/newvers.sh
releng/7.1/sys/fs/devfs/devfs_vnops.c
releng/7.1/sys/kern/kern_exec.c
releng/7.2/UPDATING
releng/7.2/sys/conf/newvers.sh
releng/7.2/sys/fs/devfs/devfs_vnops.c
releng/7.2/sys/kern/kern_exec.c
stable/6/sys/fs/devfs/devfs_vnops.c
stable/6/sys/kern/kern_event.c
stable/6/sys/kern/kern_exec.c
stable/6/sys/kern/kern_fork.c
stable/6/sys/kern/sys_pipe.c
stable/6/sys/sys/event.h
stable/6/sys/sys/pipe.h
Modified: stable/7/sys/kern/kern_exec.c
==============================================================================
--- stable/7/sys/kern/kern_exec.c Fri Oct 2 17:58:47 2009 (r197714)
+++ stable/7/sys/kern/kern_exec.c Fri Oct 2 18:09:56 2009 (r197715)
@@ -122,6 +122,11 @@ u_long ps_arg_cache_limit = PAGE_SIZE /
SYSCTL_ULONG(_kern, OID_AUTO, ps_arg_cache_limit, CTLFLAG_RW,
&ps_arg_cache_limit, 0, "");
+static int map_at_zero = 1;
+TUNABLE_INT("security.bsd.map_at_zero", &map_at_zero);
+SYSCTL_INT(_security_bsd, OID_AUTO, map_at_zero, CTLFLAG_RW, &map_at_zero, 0,
+ "Permit processes to map an object at virtual address 0.");
+
static int
sysctl_kern_ps_strings(SYSCTL_HANDLER_ARGS)
{
@@ -939,7 +944,7 @@ exec_new_vmspace(imgp, sv)
int error;
struct proc *p = imgp->proc;
struct vmspace *vmspace = p->p_vmspace;
- vm_offset_t stack_addr;
+ vm_offset_t sv_minuser, stack_addr;
vm_map_t map;
u_long ssiz;
@@ -955,13 +960,17 @@ exec_new_vmspace(imgp, sv)
* not disrupted
*/
map = &vmspace->vm_map;
- if (vmspace->vm_refcnt == 1 && vm_map_min(map) == sv->sv_minuser &&
+ if (map_at_zero)
+ sv_minuser = sv->sv_minuser;
+ else
+ sv_minuser = MAX(sv->sv_minuser, PAGE_SIZE);
+ if (vmspace->vm_refcnt == 1 && vm_map_min(map) == sv_minuser &&
vm_map_max(map) == sv->sv_maxuser) {
shmexit(vmspace);
pmap_remove_pages(vmspace_pmap(vmspace));
vm_map_remove(map, vm_map_min(map), vm_map_max(map));
} else {
- error = vmspace_exec(p, sv->sv_minuser, sv->sv_maxuser);
+ error = vmspace_exec(p, sv_minuser, sv->sv_maxuser);
if (error)
return (error);
vmspace = p->p_vmspace;
More information about the svn-src-stable
mailing list