From owner-freebsd-bugs@FreeBSD.ORG  Mon Feb 10 00:40:01 2014
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@smarthost.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 5535F423
 for <freebsd-bugs@smarthost.ysv.freebsd.org>;
 Mon, 10 Feb 2014 00:40:01 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2001:1900:2254:206c::16:87])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 33EB8182D
 for <freebsd-bugs@smarthost.ysv.freebsd.org>;
 Mon, 10 Feb 2014 00:40:01 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
 by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id s1A0e1BZ065165
 for <freebsd-bugs@freefall.freebsd.org>; Mon, 10 Feb 2014 00:40:01 GMT
 (envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
 by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s1A0e0WJ065164;
 Mon, 10 Feb 2014 00:40:00 GMT (envelope-from gnats)
Date: Mon, 10 Feb 2014 00:40:00 GMT
Message-Id: <201402100040.s1A0e0WJ065164@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: Shawn Webb <lattera@gmail.com>
Subject: Re: kern/181497: [kernel] [patch] Add ASLR feature to kernel
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: Shawn Webb <lattera@gmail.com>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Feb 2014 00:40:01 -0000

The following reply was made to PR kern/181497; it has been noted by GNATS.

From: Shawn Webb <lattera@gmail.com>
To: bug-followup@FreeBSD.org,
 steven@roothosts.com
Cc:  
Subject: Re: kern/181497: [kernel] [patch] Add ASLR feature to kernel
Date: Sun, 9 Feb 2014 19:37:03 -0500

 --Apple-Mail=_C84F0573-719D-4AC2-8D2A-DD418EFCAAE8
 Content-Transfer-Encoding: quoted-printable
 Content-Type: text/plain;
 	charset=us-ascii
 
 Attached is a patch that applies on top of the existing patch to fix a =
 few minor bugs.
 
 Thanks,
 
 Shawn
 
 
 --Apple-Mail=_C84F0573-719D-4AC2-8D2A-DD418EFCAAE8
 Content-Disposition: attachment;
 	filename=aslr-2014-02-09.patch.txt
 Content-Type: text/plain;
 	x-unix-mode=0644;
 	name="aslr-2014-02-09.patch.txt"
 Content-Transfer-Encoding: quoted-printable
 
 diff --git a/sys/kern/imgact_elf.c b/sys/kern/imgact_elf.c
 index 3f9487c..3a36f20 100644
 --- a/sys/kern/imgact_elf.c
 +++ b/sys/kern/imgact_elf.c
 @@ -603,7 +603,9 @@ __elfN(load_file)(struct proc *p, const char *file, =
 u_long *addr,
  	u_long rbase;
  	u_long base_addr =3D 0;
  	int error, i, numsegs;
 -    struct prison *pr; /* For ASLR */
 +#ifdef PAX_ASLR
 +    struct prison *pr;
 +#endif
 =20
  #ifdef CAPABILITY_MODE
  	/*
 @@ -659,22 +661,21 @@ __elfN(load_file)(struct proc *p, const char =
 *file, u_long *addr,
  	hdr =3D (const Elf_Ehdr *)imgp->image_header;
  	if ((error =3D __elfN(check_header)(hdr)) !=3D 0)
  		goto fail;
 -	if (hdr->e_type =3D=3D ET_DYN)
 +	if (hdr->e_type =3D=3D ET_DYN) {
  		rbase =3D *addr;
 -	else if (hdr->e_type =3D=3D ET_EXEC)
 +#ifdef PAX_ASLR
 +        pr =3D pax_aslr_get_prison(NULL, imgp->proc);
 +        if (pax_aslr_active(NULL, imgp->proc)) {
 +            rbase +=3D round_page(PAX_ASLR_DELTA(arc4random(), =
 PAX_ASLR_DELTA_EXEC_LSB, pr->pr_pax_aslr_exec_len));
 +        }
 +#endif
 +    } else if (hdr->e_type =3D=3D ET_EXEC) {
  		rbase =3D 0;
 -	else {
 +    } else {
  		error =3D ENOEXEC;
  		goto fail;
  	}
 =20
 -#ifdef PAX_ASLR
 -    pr =3D pax_aslr_get_prison(NULL, imgp->proc);
 -    if (pax_aslr_active(NULL, imgp->proc)) {
 -        rbase +=3D round_page(PAX_ASLR_DELTA(arc4random(), =
 PAX_ASLR_DELTA_EXEC_LSB, pr->pr_pax_aslr_exec_len));
 -    }
 -#endif
 -
  	/* Only support headers that fit within first page for now      =
 */
  	if ((hdr->e_phoff > PAGE_SIZE) ||
  	    (u_int)hdr->e_phentsize * hdr->e_phnum > PAGE_SIZE - =
 hdr->e_phoff) {
 diff --git a/sys/kern/kern_pax.c b/sys/kern/kern_pax.c
 index 9182606..7654e5b 100644
 --- a/sys/kern/kern_pax.c
 +++ b/sys/kern/kern_pax.c
 @@ -528,7 +528,6 @@ pax_aslr_init(struct thread *td, struct image_params =
 *imgp)
      vm->vm_aslr_delta_stack =3D PAX_ASLR_DELTA(arc4random(),
          PAX_ASLR_DELTA_STACK_LSB, (pr !=3D NULL) ? =
 pr->pr_pax_aslr_stack_len : pax_aslr_stack_len);
      vm->vm_aslr_delta_stack =3D ALIGN(vm->vm_aslr_delta_stack);
 -    vm->vm_aslr_delta_exec =3D round_page(PAX_ASLR_DELTA(arc4random(), =
 PAX_ASLR_DELTA_EXEC_LSB, (pr !=3D NULL) ? pr->pr_pax_aslr_exec_len : =
 pax_aslr_exec_len));
  #else /* COMPAT_FREEBSD32 */
      if ((sv_flags & SV_LP64) !=3D 0) {
          vm->vm_aslr_delta_mmap =3D PAX_ASLR_DELTA(arc4random(),
 
 --Apple-Mail=_C84F0573-719D-4AC2-8D2A-DD418EFCAAE8--