diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2016-05-23 20:11:50 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2016-05-23 20:11:50 +0000 |
| commit | 752aff3e3eb2f7df5d3721d7b719f21604e3d2a5 (patch) | |
| tree | 6631b65cbe40db911dc30d6281e982dc4e925456 /sys | |
| parent | f374e960d0262f2b918a1fbee13f24da17c6cdc5 (diff) | |
Place a cpu-dependent trap/illegal instruction over the remainder of the
sigtramp page, so that it will generate a nice kernel fault if touched.
While here, move most of the sigtramps to the .rodata segment, because
they are not executed in the kernel.
Also some preparation for sliding the actual sigtramp forward (will need
some gdb changes)
ok mlarkin kettenis
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/arch/alpha/alpha/locore.s | 14 | ||||
| -rw-r--r-- | sys/arch/amd64/amd64/locore.S | 17 | ||||
| -rw-r--r-- | sys/arch/arm/arm/sigcode.S | 20 | ||||
| -rw-r--r-- | sys/arch/hppa/hppa/locore.S | 22 | ||||
| -rw-r--r-- | sys/arch/i386/i386/locore.s | 20 | ||||
| -rw-r--r-- | sys/arch/macppc/macppc/locore.S | 13 | ||||
| -rw-r--r-- | sys/arch/mips64/mips64/lcore_access.S | 14 | ||||
| -rw-r--r-- | sys/arch/sh/sh/locore_subr.S | 14 | ||||
| -rw-r--r-- | sys/arch/socppc/socppc/locore.S | 13 | ||||
| -rw-r--r-- | sys/arch/sparc/sparc/locore.s | 15 | ||||
| -rw-r--r-- | sys/arch/sparc64/sparc64/locore.s | 15 | ||||
| -rw-r--r-- | sys/kern/kern_exec.c | 10 |
12 files changed, 166 insertions, 21 deletions
diff --git a/sys/arch/alpha/alpha/locore.s b/sys/arch/alpha/alpha/locore.s index 6d6354f079f..61445b260d6 100644 --- a/sys/arch/alpha/alpha/locore.s +++ b/sys/arch/alpha/alpha/locore.s @@ -1,4 +1,4 @@ -/* $OpenBSD: locore.s,v 1.44 2016/05/10 18:39:40 deraadt Exp $ */ +/* $OpenBSD: locore.s,v 1.45 2016/05/23 20:11:48 deraadt Exp $ */ /* $NetBSD: locore.s,v 1.94 2001/04/26 03:10:44 ross Exp $ */ /*- @@ -266,6 +266,7 @@ backtolocore1: * scp+0 beginning of signal context frame */ + .section .rodata NESTED(sigcode,0,0,ra,0,0) lda sp, -16(sp) /* save the sigcontext pointer */ stq a2, 0(sp) @@ -280,6 +281,17 @@ sigcoderet: XNESTED(esigcode,0) END(sigcode) + .globl sigfill +sigfill: + halt +esigfill: + + .globl sigfillsiz +sigfillsiz: + .quad esigfill - sigfill + + .text + /**************************************************************************/ /* diff --git a/sys/arch/amd64/amd64/locore.S b/sys/arch/amd64/amd64/locore.S index bad043377b4..11b886740d1 100644 --- a/sys/arch/amd64/amd64/locore.S +++ b/sys/arch/amd64/amd64/locore.S @@ -1,4 +1,4 @@ -/* $OpenBSD: locore.S,v 1.78 2016/05/10 18:39:42 deraadt Exp $ */ +/* $OpenBSD: locore.S,v 1.79 2016/05/23 20:11:49 deraadt Exp $ */ /* $NetBSD: locore.S,v 1.13 2004/03/25 18:33:17 drochner Exp $ */ /* @@ -756,20 +756,31 @@ longmode_hi: * Signal trampoline; copied to top of user stack. * gdb's backtrace logic matches against the instructions in this. */ -NENTRY(sigcode) + .section .rodata + .globl _C_LABEL(sigcode) +_C_LABEL(sigcode): call *%rax movq %rsp,%rdi pushq %rdi /* fake return address */ movq $SYS_sigreturn,%rax syscall - .globl _C_LABEL(sigcoderet) + .globl _C_LABEL(sigcoderet) _C_LABEL(sigcoderet): movq $SYS_exit,%rax syscall .globl _C_LABEL(esigcode) _C_LABEL(esigcode): + .globl _C_LABEL(sigfill) +_C_LABEL(sigfill): + int3 +_C_LABEL(esigfill): + .globl _C_LABEL(sigfillsiz) +_C_LABEL(sigfillsiz): + .long _C_LABEL(esigfill) - _C_LABEL(sigfill) + + .text /* * void lgdt(struct region_descriptor *rdp); * Change the global descriptor table. diff --git a/sys/arch/arm/arm/sigcode.S b/sys/arch/arm/arm/sigcode.S index dc38068e482..2e0cfef9aa7 100644 --- a/sys/arch/arm/arm/sigcode.S +++ b/sys/arch/arm/arm/sigcode.S @@ -1,4 +1,4 @@ -/* $OpenBSD: sigcode.S,v 1.3 2016/05/10 18:39:43 deraadt Exp $ */ +/* $OpenBSD: sigcode.S,v 1.4 2016/05/23 20:11:49 deraadt Exp $ */ /* $NetBSD: sigcode.S,v 1.6 2003/10/05 19:44:58 matt Exp $ */ /* @@ -41,7 +41,11 @@ * Signal trampoline; */ -ENTRY_NP(sigcode) + .section .rodata + .align 0 + .globl sigcode + .type x,_ASM_TYPE_FUNCTION +sigcode: /* * The kernel arranges for the handler to be invoked directly. This * trampoline is used only to return from the signal. @@ -63,3 +67,15 @@ _C_LABEL(sigcoderet): .align 0 .global _C_LABEL(esigcode) _C_LABEL(esigcode): + + .globl sigfill +sigfill: + .word 0xa000f7f0 /* illegal on all cpus? */ +esigfill: + + .data + .globl sigfillsiz +sigfillsiz: + .word esigfill - sigfill + + .text diff --git a/sys/arch/hppa/hppa/locore.S b/sys/arch/hppa/hppa/locore.S index 037e3b8e72a..785da2d1daf 100644 --- a/sys/arch/hppa/hppa/locore.S +++ b/sys/arch/hppa/hppa/locore.S @@ -1,4 +1,4 @@ -/* $OpenBSD: locore.S,v 1.194 2016/05/10 18:39:44 deraadt Exp $ */ +/* $OpenBSD: locore.S,v 1.195 2016/05/23 20:11:49 deraadt Exp $ */ /* * Copyright (c) 1998-2004 Michael Shalayeff @@ -3027,7 +3027,14 @@ EXIT(hw_cpu_spinup_trampoline) /* * Signal "trampoline" code. Invoked from RTE setup by sendsig(). */ -ENTRY(sigcode,0) + .section .rodata + .align 4 + .export sigcode, entry + .label sigcode + .proc + .callinfo frame=0,calls, save_rp, save_sp + .entry +sigcode: bb,>=,n arg3, 30, sigcode_call dep r0, 31, 2, arg3 ldw 4(arg3), r19 @@ -3053,4 +3060,15 @@ sigcoderet: ALTENTRY(esigcode) EXIT(sigcode) + .globl sigfill +sigfill: + break 0,0 +esigfill: + .align 4 + .globl sigfillsiz +sigfillsiz: + .word esigfill - sigfill + + .text + .end diff --git a/sys/arch/i386/i386/locore.s b/sys/arch/i386/i386/locore.s index f143d75008d..73221f8d86d 100644 --- a/sys/arch/i386/i386/locore.s +++ b/sys/arch/i386/i386/locore.s @@ -1,4 +1,4 @@ -/* $OpenBSD: locore.s,v 1.168 2016/05/10 18:39:45 deraadt Exp $ */ +/* $OpenBSD: locore.s,v 1.169 2016/05/23 20:11:49 deraadt Exp $ */ /* $NetBSD: locore.s,v 1.145 1996/05/03 19:41:19 christos Exp $ */ /*- @@ -689,7 +689,9 @@ _C_LABEL(codepatch_end): /* * Signal trampoline; copied to top of user stack. */ -NENTRY(sigcode) + .section .rodata + .globl _C_LABEL(sigcode) +_C_LABEL(sigcode): call *SIGF_HANDLER(%esp) leal SIGF_SC(%esp),%eax # scp (the call may have clobbered the # copy at SIGF_SCP(%esp)) @@ -697,13 +699,25 @@ NENTRY(sigcode) pushl %eax # junk to fake return address movl $SYS_sigreturn,%eax int $0x80 # enter kernel with args on stack - .globl _C_LABEL(sigcoderet) + .globl _C_LABEL(sigcoderet) _C_LABEL(sigcoderet): movl $SYS_exit,%eax int $0x80 # exit if sigreturn fails .globl _C_LABEL(esigcode) _C_LABEL(esigcode): + .globl _C_LABEL(sigfill) +_C_LABEL(sigfill): + int3 +_C_LABEL(esigfill): + + .data + .globl _C_LABEL(sigfillsiz) +_C_LABEL(sigfillsiz): + .long _C_LABEL(esigfill) - _C_LABEL(sigfill) + + .text + /*****************************************************************************/ /* diff --git a/sys/arch/macppc/macppc/locore.S b/sys/arch/macppc/macppc/locore.S index f042f47acc6..ce18aaf1f2b 100644 --- a/sys/arch/macppc/macppc/locore.S +++ b/sys/arch/macppc/macppc/locore.S @@ -1,4 +1,4 @@ -/* $OpenBSD: locore.S,v 1.54 2016/05/10 18:39:46 deraadt Exp $ */ +/* $OpenBSD: locore.S,v 1.55 2016/05/23 20:11:49 deraadt Exp $ */ /* $NetBSD: locore.S,v 1.2 1996/10/16 19:33:09 ws Exp $ */ /* @@ -1206,6 +1206,7 @@ _C_LABEL(setfault): * On entry r1 points to a struct sigframe at bottom of current stack. * All other registers are unchanged. */ + .section .rodata .globl _C_LABEL(sigcode),_C_LABEL(esigcode) .type _C_LABEL(sigcode),@function .type _C_LABEL(esigcode),@function @@ -1256,6 +1257,16 @@ _C_LABEL(sigcoderet): sc /* exit(errno) */ _C_LABEL(esigcode): + .globl _C_LABEL(sigfill) +_C_LABEL(sigfill): + .long 0 # illegal +_C_LABEL(esigfill): + .align 4 + .globl _C_LABEL(sigfillsiz) +_C_LABEL(sigfillsiz): + .long _C_LABEL(esigfill) - _C_LABEL(sigfill) + + .text #ifdef DDB /* diff --git a/sys/arch/mips64/mips64/lcore_access.S b/sys/arch/mips64/mips64/lcore_access.S index e6c9a53143e..cbc8aa7bcb8 100644 --- a/sys/arch/mips64/mips64/lcore_access.S +++ b/sys/arch/mips64/mips64/lcore_access.S @@ -1,4 +1,4 @@ -/* $OpenBSD: lcore_access.S,v 1.25 2016/05/10 18:39:47 deraadt Exp $ */ +/* $OpenBSD: lcore_access.S,v 1.26 2016/05/23 20:11:49 deraadt Exp $ */ /* * Copyright (c) 2001-2003 Opsycon AB (www.opsycon.se / www.opsycon.com) @@ -83,6 +83,18 @@ _C_LABEL(sigcoderet): .globl esigcode esigcode: + .globl sigfill +sigfill: + break 0 +esigfill: + + .data + .globl sigfillsiz +sigfillsiz: + .long esigfill - sigfill + + .text + /* * Copy a null terminated string within the kernel address space. * Maxlength may be null if count not wanted. diff --git a/sys/arch/sh/sh/locore_subr.S b/sys/arch/sh/sh/locore_subr.S index ec1d1e6b87f..616a11e7f6a 100644 --- a/sys/arch/sh/sh/locore_subr.S +++ b/sys/arch/sh/sh/locore_subr.S @@ -1,4 +1,4 @@ -/* $OpenBSD: locore_subr.S,v 1.11 2016/05/10 18:39:47 deraadt Exp $ */ +/* $OpenBSD: locore_subr.S,v 1.12 2016/05/23 20:11:49 deraadt Exp $ */ /* $NetBSD: locore_subr.S,v 1.28 2006/01/23 22:52:09 uwe Exp $ */ /* @@ -508,6 +508,18 @@ _C_LABEL(sigcoderet): _C_LABEL(esigcode): SET_ENTRY_SIZE(sigcode) + .globl sigfill +sigfill: + sleep /* priviledged -> illegal? */ +esigfill: + + .data + .globl sigfillsiz +sigfillsiz: + .word esigfill - sigfill + + .text + /* * LINTSTUB: Func: void savectx(struct pcb *pcb) * save struct switchframe. diff --git a/sys/arch/socppc/socppc/locore.S b/sys/arch/socppc/socppc/locore.S index 38a5bb01731..eb70347517c 100644 --- a/sys/arch/socppc/socppc/locore.S +++ b/sys/arch/socppc/socppc/locore.S @@ -1,4 +1,4 @@ -/* $OpenBSD: locore.S,v 1.21 2016/05/10 18:39:48 deraadt Exp $ */ +/* $OpenBSD: locore.S,v 1.22 2016/05/23 20:11:49 deraadt Exp $ */ /* $NetBSD: locore.S,v 1.2 1996/10/16 19:33:09 ws Exp $ */ /* @@ -1225,6 +1225,7 @@ _C_LABEL(setfault): * On entry r1 points to a struct sigframe at bottom of current stack. * All other registers are unchanged. */ + .section .rodata .globl _C_LABEL(sigcode),_C_LABEL(esigcode) .type _C_LABEL(sigcode),@function .type _C_LABEL(esigcode),@function @@ -1275,6 +1276,16 @@ _C_LABEL(sigcoderet): sc /* exit(errno) */ _C_LABEL(esigcode): + .globl _C_LABEL(sigfill) +_C_LABEL(sigfill): + .long 0 # illegal +_C_LABEL(esigfill): + .align 4 + .globl _C_LABEL(sigfillsiz) +_C_LABEL(sigfillsiz): + .long _C_LABEL(esigfill) - _C_LABEL(sigfill) + + .text #ifdef DDB /* diff --git a/sys/arch/sparc/sparc/locore.s b/sys/arch/sparc/sparc/locore.s index 7a4556a59df..d6de7c3f28a 100644 --- a/sys/arch/sparc/sparc/locore.s +++ b/sys/arch/sparc/sparc/locore.s @@ -1,4 +1,4 @@ -/* $OpenBSD: locore.s,v 1.100 2016/05/11 20:21:26 phessler Exp $ */ +/* $OpenBSD: locore.s,v 1.101 2016/05/23 20:11:49 deraadt Exp $ */ /* $NetBSD: locore.s,v 1.73 1997/09/13 20:36:48 pk Exp $ */ /* @@ -3916,7 +3916,6 @@ Lgandul: nop * work out. */ .globl _C_LABEL(sigcode) - .globl _C_LABEL(esigcode) _C_LABEL(sigcode): /* * XXX the `save' and `restore' below are unnecessary: should @@ -4022,8 +4021,20 @@ _C_LABEL(suicide): mov 139, %g1 ! obsolete syscall, puke... t ST_SYSCALL #endif + .globl _C_LABEL(esigcode) _C_LABEL(esigcode): + .globl _C_LABEL(sigfill) +_C_LABEL(sigfill): + unimp +_C_LABEL(esigfill): + + .globl _C_LABEL(sigfillsiz) +_C_LABEL(sigfillsiz): + .word _C_LABEL(esigfill) - _C_LABEL(sigfill) + + .text + /* * Primitives */ diff --git a/sys/arch/sparc64/sparc64/locore.s b/sys/arch/sparc64/sparc64/locore.s index b1a8a1d9dca..729bb1a8fe4 100644 --- a/sys/arch/sparc64/sparc64/locore.s +++ b/sys/arch/sparc64/sparc64/locore.s @@ -1,4 +1,4 @@ -/* $OpenBSD: locore.s,v 1.182 2016/05/10 18:39:49 deraadt Exp $ */ +/* $OpenBSD: locore.s,v 1.183 2016/05/23 20:11:49 deraadt Exp $ */ /* $NetBSD: locore.s,v 1.137 2001/08/13 06:10:10 jdolecek Exp $ */ /* @@ -5338,8 +5338,8 @@ dlflush4: * will eventually be removed, with a hole left in its place, if things * work out. */ + .section .rodata .globl _C_LABEL(sigcode) - .globl _C_LABEL(esigcode) _C_LABEL(sigcode): /* * XXX the `save' and `restore' below are unnecessary: should @@ -5435,8 +5435,19 @@ _C_LABEL(sigcoderet): ! sigreturn does not return unless it fails mov SYS_exit, %g1 ! exit(errno) t ST_SYSCALL + .globl _C_LABEL(esigcode) _C_LABEL(esigcode): + .globl _C_LABEL(sigfill) +_C_LABEL(sigfill): + unimp +_C_LABEL(esigfill): + + .globl _C_LABEL(sigfillsiz) +_C_LABEL(sigfillsiz): + .word _C_LABEL(esigfill) - _C_LABEL(sigfill) + + .text /* * Primitives diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c index ced0bb86c51..d7b1f3e360a 100644 --- a/sys/kern/kern_exec.c +++ b/sys/kern/kern_exec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_exec.c,v 1.177 2016/05/10 18:39:51 deraadt Exp $ */ +/* $OpenBSD: kern_exec.c,v 1.178 2016/05/23 20:11:47 deraadt Exp $ */ /* $NetBSD: kern_exec.c,v 1.75 1996/02/09 18:59:28 christos Exp $ */ /*- @@ -843,6 +843,9 @@ exec_sigcode_map(struct process *pr, struct emul *e) * the way sys_mmap would map it. */ if (e->e_sigobject == NULL) { + extern int sigfillsiz; + extern u_char sigfill[]; + size_t off; vaddr_t va; int r; @@ -855,7 +858,10 @@ exec_sigcode_map(struct process *pr, struct emul *e) uao_detach(e->e_sigobject); return (ENOMEM); } - memcpy((void *)va, e->e_sigcode, sz); + + for (off = 0; off < round_page(sz); off += sigfillsiz) + memcpy((caddr_t)va + off, sigfill, sigfillsiz); + memcpy((caddr_t)va, e->e_sigcode, sz); uvm_unmap(kernel_map, va, va + round_page(sz)); } |