1 /* $NetBSD: pax.h,v 1.29 2023/11/22 12:15:09 martin Exp $ */ 2 3 /*- 4 * Copyright (c) 2006 Elad Efrat <elad (at) NetBSD.org> 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. The name of the author may not be used to endorse or promote products 16 * derived from this software without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 20 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 21 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 23 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 */ 29 30 #ifndef _SYS_PAX_H_ 31 #define _SYS_PAX_H_ 32 33 #include <uvm/uvm_extern.h> 34 35 #define P_PAX_ASLR 0x01 /* Enable ASLR */ 36 #define P_PAX_MPROTECT 0x02 /* Enable Mprotect */ 37 #define P_PAX_GUARD 0x04 /* Enable Segvguard */ 38 39 struct lwp; 40 struct proc; 41 struct exec_package; 42 struct vmspace; 43 44 #ifdef PAX_ASLR 45 /* 46 * We stick this here because we need it in kern/exec_elf.c for now. 47 */ 48 #ifndef PAX_ASLR_DELTA_EXEC_LEN 49 #define PAX_ASLR_DELTA_EXEC_LEN 12 50 #endif 51 #endif /* PAX_ASLR */ 52 #ifdef PAX_ASLR_DEBUG 53 extern int pax_aslr_debug; 54 #endif 55 56 #if defined(PAX_MPROTECT) || defined(PAX_SEGVGUARD) || defined(PAX_ASLR) 57 void pax_init(void); 58 void pax_set_flags(struct exec_package *, struct proc *); 59 void pax_setup_elf_flags(struct exec_package *, uint32_t); 60 #else 61 static inline void 62 pax_init(void) 63 { 64 } 65 static inline void 66 pax_set_flags(struct exec_package *epp, struct proc *p) 67 { 68 } 69 static inline void 70 pax_setup_elf_flags(struct exec_package *epp, uint32_t flags) 71 { 72 } 73 #endif 74 75 #ifdef PAX_MPROTECT 76 77 vm_prot_t pax_mprotect_maxprotect( 78 # ifdef PAX_MPROTECT_DEBUG 79 const char *, size_t, 80 # endif 81 struct lwp *, vm_prot_t, vm_prot_t, vm_prot_t); 82 int pax_mprotect_validate( 83 # ifdef PAX_MPROTECT_DEBUG 84 const char *, size_t, 85 # endif 86 struct lwp *, vm_prot_t); 87 int pax_mprotect_prot(struct lwp *); 88 89 #else 90 91 static inline vm_prot_t 92 pax_mprotect_maxprotect(struct lwp *l, vm_prot_t prot, vm_prot_t extra, 93 vm_prot_t max) 94 { 95 return max; 96 } 97 static inline vm_prot_t 98 pax_mprotect_validate(struct lwp *l, vm_prot_t prot) 99 { 100 return 0; 101 } 102 static inline int 103 pax_mprotect_prot(struct lwp *l) 104 { 105 return 0; 106 } 107 108 #endif 109 110 #if defined(PAX_MPROTECT) && defined(PAX_MPROTECT_DEBUG) 111 # define PAX_MPROTECT_MAXPROTECT(l, active, extra, max) \ 112 pax_mprotect_maxprotect(__FILE__, __LINE__, (l), (active), (extra), (max)) 113 # define PAX_MPROTECT_VALIDATE(l, prot) \ 114 pax_mprotect_validate(__FILE__, __LINE__, (l), (prot)) 115 #else 116 # define PAX_MPROTECT_MAXPROTECT(l, active, extra, max) \ 117 pax_mprotect_maxprotect((l), (active), (extra), (max)) 118 # define PAX_MPROTECT_VALIDATE(l, prot) \ 119 pax_mprotect_validate((l), (prot)) 120 #endif 121 122 #ifdef PAX_SEGVGUARD 123 int pax_segvguard(struct lwp *, struct vnode *, const char *, bool); 124 void pax_segvguard_cleanup(struct vnode *); 125 #endif 126 127 #ifdef PAX_ASLR 128 #define PAX_ASLR_DELTA(delta, lsb, len) \ 129 (((delta) & ((1UL << (len)) - 1)) << (lsb)) 130 void pax_aslr_init_vm(struct lwp *, struct vmspace *, struct exec_package *); 131 void pax_aslr_stack(struct exec_package *, vsize_t *); 132 uint32_t pax_aslr_stack_gap(struct exec_package *); 133 vaddr_t pax_aslr_exec_offset(struct exec_package *, vaddr_t); 134 voff_t pax_aslr_rtld_offset(struct exec_package *, vaddr_t, int); 135 void pax_aslr_mmap(struct lwp *, vaddr_t *, vaddr_t, int); 136 #else 137 static inline void 138 pax_aslr_init_vm(struct lwp *l, struct vmspace *vm, struct exec_package *epp) 139 { 140 } 141 static inline void 142 pax_aslr_stack(struct exec_package *epp, vsize_t *max_stack_size) 143 { 144 } 145 static inline uint32_t 146 pax_aslr_stack_gap(struct exec_package *epp) 147 { 148 return 0; 149 } 150 static inline vaddr_t 151 pax_aslr_exec_offset(struct exec_package *epp, vaddr_t align) 152 { 153 return MAX(align, (vaddr_t)PAGE_SIZE); 154 } 155 static inline voff_t 156 pax_aslr_rtld_offset(struct exec_package *epp, vaddr_t align, int use_topdown) 157 { 158 return 0; 159 } 160 static inline void 161 pax_aslr_mmap(struct lwp *l, vaddr_t *addr, vaddr_t orig_addr, int flags) 162 { 163 } 164 #endif 165 166 #endif /* !_SYS_PAX_H_ */ 167