Date: Mon, 16 Apr 2018 15:33:47 -0400 From: Tycho Nightingale <tychon@freebsd.org> To: freebsd-arch@freebsd.org Subject: excluding processes from PTI Message-ID: <F7439969-406B-45F9-B82E-BEDA813654F3@freebsd.org>
next in thread | raw e-mail | index | archive | help
In D15100, which I just put on Phabricator, it's possible for processes to be excluded from PTI. What is not in D15100 is policy, nor implementation of a policy, to select which processes are excluded from PTI.
A trivial implementation of a policy would be something like this:
@@ -2656,6 +2657,7 @@
int
pmap_pinit_type(pmap_t pmap, enum pmap_type pm_type, int flags)
{
+ struct ucred *cred = curthread->td_ucred;
vm_page_t pml4pg, pml4pgu;
vm_paddr_t pml4phys;
int i;
@@ -2689,7 +2691,7 @@
if (pm_type == PT_X86) {
pmap->pm_cr3 = pml4phys;
pmap_pinit_pml4(pml4pg);
- if (pti) {
+ if (pti && (jailed(cred) || cred->cr_ruid != 0)) {
pml4pgu = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL |
VM_ALLOC_NOOBJ | VM_ALLOC_WIRED | VM_ALLOC_WAITOK);
pmap->pm_pml4u = (pml4_entry_t *)PHYS_TO_DMAP(
which excludes those processes running as superuser and are not in-jail.
Another approach, suggested by kib, is to provide finer-grained control. Perhaps using procctl(2) instead.
I'm curious to solicit some feedback on this.
Thanks!
Tycho
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F7439969-406B-45F9-B82E-BEDA813654F3>