From owner-svn-src-all@FreeBSD.ORG Sun May 24 16:24:26 2015 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id AA2FAC09; Sun, 24 May 2015 16:24:26 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9650D13BA; Sun, 24 May 2015 16:24:26 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t4OGOQMw083920; Sun, 24 May 2015 16:24:26 GMT (envelope-from dchagin@FreeBSD.org) Received: (from dchagin@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t4OGOORC083913; Sun, 24 May 2015 16:24:24 GMT (envelope-from dchagin@FreeBSD.org) Message-Id: <201505241624.t4OGOORC083913@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: dchagin set sender to dchagin@FreeBSD.org using -f From: Dmitry Chagin Date: Sun, 24 May 2015 16:24:24 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r283431 - in head/sys: amd64/linux amd64/linux32 compat/linux i386/linux X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 May 2015 16:24:26 -0000 Author: dchagin Date: Sun May 24 16:24:24 2015 New Revision: 283431 URL: https://svnweb.freebsd.org/changeset/base/283431 Log: Add AT_RANDOM and AT_EXECFN auxiliary vector entries which are used by glibc. At list since glibc version 2.16 using AT_RANDOM is mandatory. Differential Revision: https://reviews.freebsd.org/D1080 Modified: head/sys/amd64/linux/linux.h head/sys/amd64/linux/linux_sysvec.c head/sys/amd64/linux32/linux.h head/sys/amd64/linux32/linux32_sysvec.c head/sys/compat/linux/linux_misc.h head/sys/i386/linux/linux.h head/sys/i386/linux/linux_sysvec.c Modified: head/sys/amd64/linux/linux.h ============================================================================== --- head/sys/amd64/linux/linux.h Sun May 24 16:22:03 2015 (r283430) +++ head/sys/amd64/linux/linux.h Sun May 24 16:24:24 2015 (r283431) @@ -100,7 +100,7 @@ typedef struct { #define LINUX_NAME_MAX 255 #define LINUX_CTL_MAXNAME 10 -#define LINUX_AT_COUNT 17 /* Count of used aux entry types. */ +#define LINUX_AT_COUNT 19 /* Count of used aux entry types. */ struct l___sysctl_args { Modified: head/sys/amd64/linux/linux_sysvec.c ============================================================================== --- head/sys/amd64/linux/linux_sysvec.c Sun May 24 16:22:03 2015 (r283430) +++ head/sys/amd64/linux/linux_sysvec.c Sun May 24 16:24:24 2015 (r283431) @@ -319,6 +319,9 @@ elf_linux_fixup(register_t **stack_base, AUXARGS_ENTRY(pos, AT_EGID, imgp->proc->p_ucred->cr_svgid); AUXARGS_ENTRY(pos, LINUX_AT_SECURE, 0); AUXARGS_ENTRY(pos, LINUX_AT_PLATFORM, PTROUT(linux_platform)); + AUXARGS_ENTRY(pos, LINUX_AT_RANDOM, imgp->canary); + if (imgp->execpathp != 0) + AUXARGS_ENTRY(pos, LINUX_AT_EXECFN, imgp->execpathp); if (args->execfd != -1) AUXARGS_ENTRY(pos, AT_EXECFD, args->execfd); AUXARGS_ENTRY(pos, AT_NULL, 0); @@ -345,16 +348,39 @@ linux_copyout_strings(struct image_param char *stringp, *destp; register_t *stack_base; struct ps_strings *arginfo; + char canary[LINUX_AT_RANDOM_LEN]; + size_t execpath_len; struct proc *p; /* * Calculate string base and vector table pointers. */ + if (imgp->execpath != NULL && imgp->auxargs != NULL) + execpath_len = strlen(imgp->execpath) + 1; + else + execpath_len = 0; + p = imgp->proc; arginfo = (struct ps_strings *)p->p_sysent->sv_psstrings; destp = (caddr_t)arginfo - SPARE_USRSPACE - + roundup(sizeof(canary), sizeof(char *)) - + roundup(execpath_len, sizeof(char *)) - roundup((ARG_MAX - imgp->args->stringspace), sizeof(char *)); + if (execpath_len != 0) { + imgp->execpathp = (uintptr_t)arginfo - execpath_len; + copyout(imgp->execpath, (void *)imgp->execpathp, execpath_len); + } + + /* + * Prepare the canary for SSP. + */ + arc4rand(canary, sizeof(canary), 0); + imgp->canary = (uintptr_t)arginfo - + roundup(execpath_len, sizeof(char *)) - + roundup(sizeof(canary), sizeof(char *)); + copyout(canary, (void *)imgp->canary, sizeof(canary)); + /* * If we have a valid auxargs ptr, prepare some room * on the stack. Modified: head/sys/amd64/linux32/linux.h ============================================================================== --- head/sys/amd64/linux32/linux.h Sun May 24 16:22:03 2015 (r283430) +++ head/sys/amd64/linux32/linux.h Sun May 24 16:24:24 2015 (r283431) @@ -110,7 +110,7 @@ typedef struct { /* * Miscellaneous */ -#define LINUX_AT_COUNT 18 /* Count of used aux entry types. +#define LINUX_AT_COUNT 20 /* Count of used aux entry types. * Keep this synchronized with * elf_linux_fixup() code. */ Modified: head/sys/amd64/linux32/linux32_sysvec.c ============================================================================== --- head/sys/amd64/linux32/linux32_sysvec.c Sun May 24 16:22:03 2015 (r283430) +++ head/sys/amd64/linux32/linux32_sysvec.c Sun May 24 16:24:24 2015 (r283431) @@ -289,6 +289,9 @@ elf_linux_fixup(register_t **stack_base, AUXARGS_ENTRY_32(pos, AT_GID, imgp->proc->p_ucred->cr_rgid); AUXARGS_ENTRY_32(pos, AT_EGID, imgp->proc->p_ucred->cr_svgid); AUXARGS_ENTRY_32(pos, LINUX_AT_PLATFORM, PTROUT(linux_platform)); + AUXARGS_ENTRY(pos, LINUX_AT_RANDOM, PTROUT(imgp->canary)); + if (imgp->execpathp != 0) + AUXARGS_ENTRY(pos, LINUX_AT_EXECFN, PTROUT(imgp->execpathp)); if (args->execfd != -1) AUXARGS_ENTRY_32(pos, AT_EXECFD, args->execfd); AUXARGS_ENTRY_32(pos, AT_NULL, 0); @@ -869,14 +872,37 @@ linux_copyout_strings(struct image_param char *stringp, *destp; u_int32_t *stack_base; struct linux32_ps_strings *arginfo; + char canary[LINUX_AT_RANDOM_LEN]; + size_t execpath_len; /* * Calculate string base and vector table pointers. */ + if (imgp->execpath != NULL && imgp->auxargs != NULL) + execpath_len = strlen(imgp->execpath) + 1; + else + execpath_len = 0; + arginfo = (struct linux32_ps_strings *)LINUX32_PS_STRINGS; destp = (caddr_t)arginfo - SPARE_USRSPACE - + roundup(sizeof(canary), sizeof(char *)) - + roundup(execpath_len, sizeof(char *)) - roundup((ARG_MAX - imgp->args->stringspace), sizeof(char *)); + if (execpath_len != 0) { + imgp->execpathp = (uintptr_t)arginfo - execpath_len; + copyout(imgp->execpath, (void *)imgp->execpathp, execpath_len); + } + + /* + * Prepare the canary for SSP. + */ + arc4rand(canary, sizeof(canary), 0); + imgp->canary = (uintptr_t)arginfo - + roundup(execpath_len, sizeof(char *)) - + roundup(sizeof(canary), sizeof(char *)); + copyout(canary, (void *)imgp->canary, sizeof(canary)); + /* * If we have a valid auxargs ptr, prepare some room * on the stack. Modified: head/sys/compat/linux/linux_misc.h ============================================================================== --- head/sys/compat/linux/linux_misc.h Sun May 24 16:22:03 2015 (r283430) +++ head/sys/compat/linux/linux_misc.h Sun May 24 16:24:24 2015 (r283431) @@ -72,10 +72,13 @@ extern const char *linux_kplatform; #define LINUX_AT_BASE_PLATFORM 24 /* string identifying real platform, may * differ from AT_PLATFORM. */ +#define LINUX_AT_RANDOM 25 /* address of random bytes */ #define LINUX_AT_EXECFN 31 /* filename of program */ #define LINUX_AT_SYSINFO 32 /* vsyscall */ #define LINUX_AT_SYSINFO_EHDR 33 /* vdso header */ +#define LINUX_AT_RANDOM_LEN 16 /* size of random bytes */ + /* Linux sets the i387 to extended precision. */ #if defined(__i386__) || defined(__amd64__) #define __LINUX_NPXCW__ 0x37f Modified: head/sys/i386/linux/linux.h ============================================================================== --- head/sys/i386/linux/linux.h Sun May 24 16:22:03 2015 (r283430) +++ head/sys/i386/linux/linux.h Sun May 24 16:24:24 2015 (r283431) @@ -104,7 +104,7 @@ typedef struct { /* * Miscellaneous */ -#define LINUX_AT_COUNT 18 /* Count of used aux entry types. +#define LINUX_AT_COUNT 20 /* Count of used aux entry types. * Keep this synchronized with * elf_linux_fixup() code. */ Modified: head/sys/i386/linux/linux_sysvec.c ============================================================================== --- head/sys/i386/linux/linux_sysvec.c Sun May 24 16:22:03 2015 (r283430) +++ head/sys/i386/linux/linux_sysvec.c Sun May 24 16:24:24 2015 (r283431) @@ -298,6 +298,9 @@ elf_linux_fixup(register_t **stack_base, AUXARGS_ENTRY(pos, AT_GID, imgp->proc->p_ucred->cr_rgid); AUXARGS_ENTRY(pos, AT_EGID, imgp->proc->p_ucred->cr_svgid); AUXARGS_ENTRY(pos, LINUX_AT_PLATFORM, PTROUT(uplatform)); + AUXARGS_ENTRY(pos, LINUX_AT_RANDOM, imgp->canary); + if (imgp->execpathp != 0) + AUXARGS_ENTRY(pos, LINUX_AT_EXECFN, imgp->execpathp); if (args->execfd != -1) AUXARGS_ENTRY(pos, AT_EXECFD, args->execfd); AUXARGS_ENTRY(pos, AT_NULL, 0); @@ -321,14 +324,22 @@ linux_copyout_strings(struct image_param char *stringp, *destp; register_t *stack_base; struct ps_strings *arginfo; + char canary[LINUX_AT_RANDOM_LEN]; + size_t execpath_len; struct proc *p; /* * Calculate string base and vector table pointers. */ p = imgp->proc; + if (imgp->execpath != NULL && imgp->auxargs != NULL) + execpath_len = strlen(imgp->execpath) + 1; + else + execpath_len = 0; arginfo = (struct ps_strings *)p->p_sysent->sv_psstrings; destp = (caddr_t)arginfo - SPARE_USRSPACE - linux_szplatform - + roundup(sizeof(canary), sizeof(char *)) - + roundup(execpath_len, sizeof(char *)) - roundup((ARG_MAX - imgp->args->stringspace), sizeof(char *)); /* @@ -337,6 +348,21 @@ linux_copyout_strings(struct image_param copyout(linux_kplatform, ((caddr_t)arginfo - linux_szplatform), linux_szplatform); + if (execpath_len != 0) { + imgp->execpathp = (uintptr_t)arginfo - + linux_szplatform - execpath_len; + copyout(imgp->execpath, (void *)imgp->execpathp, execpath_len); + } + + /* + * Prepare the canary for SSP. + */ + arc4rand(canary, sizeof(canary), 0); + imgp->canary = (uintptr_t)arginfo - linux_szplatform - + roundup(execpath_len, sizeof(char *)) - + roundup(sizeof(canary), sizeof(char *)); + copyout(canary, (void *)imgp->canary, sizeof(canary)); + /* * If we have a valid auxargs ptr, prepare some room * on the stack.