Date: Fri, 10 Nov 2023 10:06:59 GMT From: Andrew Turner <andrew@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: eb32c1c75ab0 - main - sysent: Add sv_protect Message-ID: <202311101006.3AAA6xxF016748@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by andrew: URL: https://cgit.FreeBSD.org/src/commit/?id=eb32c1c75ab0d8518a04ab18d46e82804b31d055 commit eb32c1c75ab0d8518a04ab18d46e82804b31d055 Author: Andrew Turner <andrew@FreeBSD.org> AuthorDate: 2023-11-02 09:49:27 +0000 Commit: Andrew Turner <andrew@FreeBSD.org> CommitDate: 2023-11-10 09:57:45 +0000 sysent: Add sv_protect To allow for architecture specific protections add sv_protect to struct sysent. This can be used to apply these after the executable is loaded into the new address space. Reviewed by: kib Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D42440 --- sys/kern/imgact_elf.c | 6 ++++++ sys/sys/sysent.h | 5 +++++ 2 files changed, 11 insertions(+) diff --git a/sys/kern/imgact_elf.c b/sys/kern/imgact_elf.c index f361920e16d5..047bde3c250b 100644 --- a/sys/kern/imgact_elf.c +++ b/sys/kern/imgact_elf.c @@ -862,6 +862,9 @@ __elfN(load_file)(struct proc *p, const char *file, u_long *addr, if (error != 0) goto fail; + if (p->p_sysent->sv_protect != NULL) + p->p_sysent->sv_protect(imgp, SVP_INTERP); + *addr = base_addr; *entry = (unsigned long)hdr->e_entry + rbase; @@ -1369,6 +1372,9 @@ __CONCAT(exec_, __elfN(imgact))(struct image_params *imgp) entry = (u_long)hdr->e_entry + imgp->et_dyn_addr; imgp->entry_addr = entry; + if (sv->sv_protect != NULL) + sv->sv_protect(imgp, SVP_IMAGE); + if (interp != NULL) { VOP_UNLOCK(imgp->vp); if ((map->flags & MAP_ASLR) != 0) { diff --git a/sys/sys/sysent.h b/sys/sys/sysent.h index a23c338f9ce2..c582ed494be9 100644 --- a/sys/sys/sysent.h +++ b/sys/sys/sysent.h @@ -149,6 +149,7 @@ struct sysentvec { vm_offset_t sv_fxrng_gen_offset; void (*sv_onexec_old)(struct thread *td); int (*sv_onexec)(struct proc *, struct image_params *); + void (*sv_protect)(struct image_params *, int); void (*sv_onexit)(struct proc *); void (*sv_ontdexit)(struct thread *td); int (*sv_setid_allowed)(struct thread *td, @@ -187,6 +188,10 @@ struct sysentvec { #define SVC_NOCOMPRESS 0x00000002 /* disable compression. */ #define SVC_ALL 0x00000004 /* dump everything */ +/* sv_protect flags */ +#define SVP_IMAGE 0x00000001 +#define SVP_INTERP 0x00000002 + #ifdef _KERNEL extern struct sysentvec aout_sysvec; extern struct sysent sysent[];
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202311101006.3AAA6xxF016748>