From owner-svn-src-head@FreeBSD.ORG Sun Nov 14 17:53:52 2010 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A77D21065673; Sun, 14 Nov 2010 17:53:52 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 7BE308FC18; Sun, 14 Nov 2010 17:53:52 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id oAEHrqTm089024; Sun, 14 Nov 2010 17:53:52 GMT (envelope-from kib@svn.freebsd.org) Received: (from kib@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id oAEHrqYr089022; Sun, 14 Nov 2010 17:53:52 GMT (envelope-from kib@svn.freebsd.org) Message-Id: <201011141753.oAEHrqYr089022@svn.freebsd.org> From: Konstantin Belousov Date: Sun, 14 Nov 2010 17:53:52 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r215307 - head/sys/vm X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Nov 2010 17:53:52 -0000 Author: kib Date: Sun Nov 14 17:53:52 2010 New Revision: 215307 URL: http://svn.freebsd.org/changeset/base/215307 Log: Implement a (soft) stack guard page for auto-growing stack mappings. The unmapped page separates the tip of the stack and possible adjanced segment, making some uses of stack overflow harder. The stack growing code refuses to expand the segment to the last page of the reseved region when sysctl security.bsd.stack_guard_page is set to 1. The default value for sysctl and accompanying tunable is 0. Please note that mmap(MAP_FIXED) still can place a mapping right up to the stack, making continuous region. Reviewed by: alc MFC after: 1 week Modified: head/sys/vm/vm_map.c Modified: head/sys/vm/vm_map.c ============================================================================== --- head/sys/vm/vm_map.c Sun Nov 14 17:24:15 2010 (r215306) +++ head/sys/vm/vm_map.c Sun Nov 14 17:53:52 2010 (r215307) @@ -67,6 +67,7 @@ __FBSDID("$FreeBSD$"); #include #include +#include #include #include #include @@ -76,6 +77,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include @@ -3216,6 +3218,12 @@ vm_map_stack(vm_map_t map, vm_offset_t a return (rv); } +static int stack_guard_page = 0; +TUNABLE_INT("security.bsd.stack_guard_page", &stack_guard_page); +SYSCTL_INT(_security_bsd, OID_AUTO, stack_guard_page, CTLFLAG_RW, + &stack_guard_page, 0, + "Insert stack guard page ahead of the growable segments."); + /* Attempts to grow a vm stack entry. Returns KERN_SUCCESS if the * desired address is already mapped, or if we successfully grow * the stack. Also returns KERN_SUCCESS if addr is outside the @@ -3312,7 +3320,7 @@ Retry: * This also effectively destroys any guard page the user might have * intended by limiting the stack size. */ - if (grow_amount > max_grow) { + if (grow_amount + (stack_guard_page ? PAGE_SIZE : 0) > max_grow) { if (vm_map_lock_upgrade(map)) goto Retry; @@ -3365,6 +3373,8 @@ Retry: if (addr < end) { stack_entry->avail_ssize = max_grow; addr = end; + if (stack_guard_page) + addr += PAGE_SIZE; } rv = vm_map_insert(map, NULL, 0, addr, stack_entry->start, @@ -3397,6 +3407,8 @@ Retry: if (addr > end) { stack_entry->avail_ssize = end - stack_entry->end; addr = end; + if (stack_guard_page) + addr -= PAGE_SIZE; } grow_amount = addr - stack_entry->end;