diff options
author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2018-04-12 17:13:45 +0000 |
---|---|---|
committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2018-04-12 17:13:45 +0000 |
commit | 9e91f96d779c665c5377cfd5667ee7e276f4c6eb (patch) | |
tree | fe187bb093929803715228a98ffc99028915fbad /lib | |
parent | 0f04bf0af32f3ceff2d723822807131626fbff5d (diff) |
Implement MAP_STACK option for mmap(). Synchronous faults (pagefault and
syscall) confirm the stack register points at MAP_STACK memory, otherwise
SIGSEGV is delivered. sigaltstack() and pthread_attr_setstack() are modified
to create a MAP_STACK sub-region which satisfies alignment requirements.
Observe that MAP_STACK can only be set/cleared by mmap(), which zeroes the
contents of the region -- there is no mprotect() equivalent operation, so
there is no MAP_STACK-adding gadget.
This opportunistic software-emulation of a stack protection bit makes
stack-pivot operations during ROPchain fragile (kind of like removing a
tool from the toolbox).
original discussion with tedu, uvm work by stefan, testing by mortimer
ok kettenis
Diffstat (limited to 'lib')
-rw-r--r-- | lib/libpthread/man/pthread_attr_setstack.3 | 16 | ||||
-rw-r--r-- | lib/libpthread/man/pthread_attr_setstackaddr.3 | 15 |
2 files changed, 27 insertions, 4 deletions
diff --git a/lib/libpthread/man/pthread_attr_setstack.3 b/lib/libpthread/man/pthread_attr_setstack.3 index 306dbdae8fd..ea622633cfb 100644 --- a/lib/libpthread/man/pthread_attr_setstack.3 +++ b/lib/libpthread/man/pthread_attr_setstack.3 @@ -1,9 +1,9 @@ -.\" $OpenBSD: pthread_attr_setstack.3,v 1.4 2013/06/05 03:44:50 tedu Exp $ +.\" $OpenBSD: pthread_attr_setstack.3,v 1.5 2018/04/12 17:13:34 deraadt Exp $ .\" Manual page derived from TOG's UNIX98 documentation. .\" .\" David Leonard, 2000. Public Domain. .\" -.Dd $Mdocdate: June 5 2013 $ +.Dd $Mdocdate: April 12 2018 $ .Dt PTHREAD_ATTR_SETSTACK 3 .Os .Sh NAME @@ -39,6 +39,18 @@ and the size of the storage shall be bytes. The stacksize shall be at least .Dv PTHREAD_STACK_MIN . +.Pp +On +.Ox +the provided stack must be page-aligned. +It will be replaced (meaning zeroed) with a new +.Ar MAP_ANON | Ar MAP_STACK +mapping. +It is recommended that the initial mapping be allocated using +an allocator which has a matching deallocator that discards whole +pages, to clear the +.Ar MAP_STACK +attribute afterwards. .Sh RETURN VALUES Upon successful completion, .Fn pthread_attr_setstack diff --git a/lib/libpthread/man/pthread_attr_setstackaddr.3 b/lib/libpthread/man/pthread_attr_setstackaddr.3 index 18b8db4b580..0c464bbf429 100644 --- a/lib/libpthread/man/pthread_attr_setstackaddr.3 +++ b/lib/libpthread/man/pthread_attr_setstackaddr.3 @@ -1,9 +1,9 @@ -.\" $OpenBSD: pthread_attr_setstackaddr.3,v 1.11 2013/06/05 03:44:50 tedu Exp $ +.\" $OpenBSD: pthread_attr_setstackaddr.3,v 1.12 2018/04/12 17:13:34 deraadt Exp $ .\" Manual page derived from TOG's UNIX98 documentation. .\" .\" David Leonard, 2000. Public Domain. .\" -.Dd $Mdocdate: June 5 2013 $ +.Dd $Mdocdate: April 12 2018 $ .Dt PTHREAD_ATTR_SETSTACKADDR 3 .Os .Sh NAME @@ -34,6 +34,17 @@ attribute specifies the location of storage to be used for the created thread's stack. The size of the storage is at least .Dv PTHREAD_STACK_MIN . +.Pp +On +.Ox +the stack must have been allocated using +.Xr mmap +with the +.Va MAP_STACK +attribute. +Otherwise, use of the stack will cause SIGABRT faults. +.Xr pthread_attr_setstack 3 +can avoid this problem because it knows the size of the stack to remap. .Sh RETURN VALUES Upon successful completion, .Fn pthread_attr_setstackaddr |