From owner-freebsd-arch@freebsd.org Mon Apr 16 19:33:49 2018 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B2282F9FB4A for ; Mon, 16 Apr 2018 19:33:49 +0000 (UTC) (envelope-from tychon@freebsd.org) Received: from pb-smtp2.pobox.com (pb-smtp2.pobox.com [64.147.108.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 64DC57353C for ; Mon, 16 Apr 2018 19:33:49 +0000 (UTC) (envelope-from tychon@freebsd.org) Received: from pb-smtp2.pobox.com (unknown [127.0.0.1]) by pb-smtp2.pobox.com (Postfix) with ESMTP id C645DCFF4F for ; Mon, 16 Apr 2018 15:33:48 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=from :content-type:content-transfer-encoding:mime-version:subject :message-id:date:to; s=sasl; bh=1WcMWxmAcyR13Q0CZ3rc0MbSi9E=; b= Fle0Jjr4MUSWjKJopuQsccimF37d1TOXKZ7nWDWDQ3czOFH155cErfd+tpFCEP8B ReehIDQJJc7D9tiYKmZORxswNSEjd3pBgxpAwuJNlUvN+H6U2H7OnZVTuxrIjvxk L1KAX7p7zs3TpO6XIeO1o0wUyzO7jw3Yf0KaLEfNfa8= Received: from pb-smtp2.nyi.icgroup.com (unknown [127.0.0.1]) by pb-smtp2.pobox.com (Postfix) with ESMTP id BDDFACFF4D for ; Mon, 16 Apr 2018 15:33:48 -0400 (EDT) Received: from [10.0.1.195] (unknown [146.115.68.244]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pb-smtp2.pobox.com (Postfix) with ESMTPSA id 429DCCFF4C for ; Mon, 16 Apr 2018 15:33:48 -0400 (EDT) From: Tycho Nightingale Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\)) Subject: excluding processes from PTI Message-Id: Date: Mon, 16 Apr 2018 15:33:47 -0400 To: freebsd-arch@freebsd.org X-Mailer: Apple Mail (2.3445.6.18) X-Pobox-Relay-ID: 15A5036E-41AD-11E8-B82B-67830C78B957-09779102!pb-smtp2.pobox.com X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Apr 2018 19:33:49 -0000 In D15100, which I just put on Phabricator, it's possible for processes = to be excluded from PTI. What is not in D15100 is policy, nor = implementation of a policy, to select which processes are excluded from = PTI. A trivial implementation of a policy would be something like this: @@ -2656,6 +2657,7 @@ int pmap_pinit_type(pmap_t pmap, enum pmap_type pm_type, int flags) { + struct ucred *cred =3D curthread->td_ucred; vm_page_t pml4pg, pml4pgu; vm_paddr_t pml4phys; int i; @@ -2689,7 +2691,7 @@ if (pm_type =3D=3D PT_X86) { pmap->pm_cr3 =3D pml4phys; pmap_pinit_pml4(pml4pg); - if (pti) { + if (pti && (jailed(cred) || cred->cr_ruid !=3D 0)) { pml4pgu =3D vm_page_alloc(NULL, 0, = VM_ALLOC_NORMAL | VM_ALLOC_NOOBJ | VM_ALLOC_WIRED | = VM_ALLOC_WAITOK); pmap->pm_pml4u =3D (pml4_entry_t *)PHYS_TO_DMAP( which excludes those processes running as superuser and are not in-jail. Another approach, suggested by kib, is to provide finer-grained control. = Perhaps using procctl(2) instead. I'm curious to solicit some feedback on this. Thanks! Tycho