1 /* $NetBSD: pax.h,v 1.29 2023/11/22 12:15:09 martin Exp $ */
2
3 /*-
4 * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. The name of the author may not be used to endorse or promote products
16 * derived from this software without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 */
29
30 #ifndef _SYS_PAX_H_
31 #define _SYS_PAX_H_
32
33 #include <uvm/uvm_extern.h>
34
35 #define P_PAX_ASLR 0x01 /* Enable ASLR */
36 #define P_PAX_MPROTECT 0x02 /* Enable Mprotect */
37 #define P_PAX_GUARD 0x04 /* Enable Segvguard */
38
39 struct lwp;
40 struct proc;
41 struct exec_package;
42 struct vmspace;
43
44 #ifdef PAX_ASLR
45 /*
46 * We stick this here because we need it in kern/exec_elf.c for now.
47 */
48 #ifndef PAX_ASLR_DELTA_EXEC_LEN
49 #define PAX_ASLR_DELTA_EXEC_LEN 12
50 #endif
51 #endif /* PAX_ASLR */
52 #ifdef PAX_ASLR_DEBUG
53 extern int pax_aslr_debug;
54 #endif
55
56 #if defined(PAX_MPROTECT) || defined(PAX_SEGVGUARD) || defined(PAX_ASLR)
57 void pax_init(void);
58 void pax_set_flags(struct exec_package *, struct proc *);
59 void pax_setup_elf_flags(struct exec_package *, uint32_t);
60 #else
61 static inline void
pax_init(void)62 pax_init(void)
63 {
64 }
65 static inline void
pax_set_flags(struct exec_package * epp,struct proc * p)66 pax_set_flags(struct exec_package *epp, struct proc *p)
67 {
68 }
69 static inline void
pax_setup_elf_flags(struct exec_package * epp,uint32_t flags)70 pax_setup_elf_flags(struct exec_package *epp, uint32_t flags)
71 {
72 }
73 #endif
74
75 #ifdef PAX_MPROTECT
76
77 vm_prot_t pax_mprotect_maxprotect(
78 # ifdef PAX_MPROTECT_DEBUG
79 const char *, size_t,
80 # endif
81 struct lwp *, vm_prot_t, vm_prot_t, vm_prot_t);
82 int pax_mprotect_validate(
83 # ifdef PAX_MPROTECT_DEBUG
84 const char *, size_t,
85 # endif
86 struct lwp *, vm_prot_t);
87 int pax_mprotect_prot(struct lwp *);
88
89 #else
90
91 static inline vm_prot_t
pax_mprotect_maxprotect(struct lwp * l,vm_prot_t prot,vm_prot_t extra,vm_prot_t max)92 pax_mprotect_maxprotect(struct lwp *l, vm_prot_t prot, vm_prot_t extra,
93 vm_prot_t max)
94 {
95 return max;
96 }
97 static inline vm_prot_t
pax_mprotect_validate(struct lwp * l,vm_prot_t prot)98 pax_mprotect_validate(struct lwp *l, vm_prot_t prot)
99 {
100 return 0;
101 }
102 static inline int
pax_mprotect_prot(struct lwp * l)103 pax_mprotect_prot(struct lwp *l)
104 {
105 return 0;
106 }
107
108 #endif
109
110 #if defined(PAX_MPROTECT) && defined(PAX_MPROTECT_DEBUG)
111 # define PAX_MPROTECT_MAXPROTECT(l, active, extra, max) \
112 pax_mprotect_maxprotect(__FILE__, __LINE__, (l), (active), (extra), (max))
113 # define PAX_MPROTECT_VALIDATE(l, prot) \
114 pax_mprotect_validate(__FILE__, __LINE__, (l), (prot))
115 #else
116 # define PAX_MPROTECT_MAXPROTECT(l, active, extra, max) \
117 pax_mprotect_maxprotect((l), (active), (extra), (max))
118 # define PAX_MPROTECT_VALIDATE(l, prot) \
119 pax_mprotect_validate((l), (prot))
120 #endif
121
122 #ifdef PAX_SEGVGUARD
123 int pax_segvguard(struct lwp *, struct vnode *, const char *, bool);
124 void pax_segvguard_cleanup(struct vnode *);
125 #endif
126
127 #ifdef PAX_ASLR
128 #define PAX_ASLR_DELTA(delta, lsb, len) \
129 (((delta) & ((1UL << (len)) - 1)) << (lsb))
130 void pax_aslr_init_vm(struct lwp *, struct vmspace *, struct exec_package *);
131 void pax_aslr_stack(struct exec_package *, vsize_t *);
132 uint32_t pax_aslr_stack_gap(struct exec_package *);
133 vaddr_t pax_aslr_exec_offset(struct exec_package *, vaddr_t);
134 voff_t pax_aslr_rtld_offset(struct exec_package *, vaddr_t, int);
135 void pax_aslr_mmap(struct lwp *, vaddr_t *, vaddr_t, int);
136 #else
137 static inline void
pax_aslr_init_vm(struct lwp * l,struct vmspace * vm,struct exec_package * epp)138 pax_aslr_init_vm(struct lwp *l, struct vmspace *vm, struct exec_package *epp)
139 {
140 }
141 static inline void
pax_aslr_stack(struct exec_package * epp,vsize_t * max_stack_size)142 pax_aslr_stack(struct exec_package *epp, vsize_t *max_stack_size)
143 {
144 }
145 static inline uint32_t
pax_aslr_stack_gap(struct exec_package * epp)146 pax_aslr_stack_gap(struct exec_package *epp)
147 {
148 return 0;
149 }
150 static inline vaddr_t
pax_aslr_exec_offset(struct exec_package * epp,vaddr_t align)151 pax_aslr_exec_offset(struct exec_package *epp, vaddr_t align)
152 {
153 return MAX(align, (vaddr_t)PAGE_SIZE);
154 }
155 static inline voff_t
pax_aslr_rtld_offset(struct exec_package * epp,vaddr_t align,int use_topdown)156 pax_aslr_rtld_offset(struct exec_package *epp, vaddr_t align, int use_topdown)
157 {
158 return 0;
159 }
160 static inline void
pax_aslr_mmap(struct lwp * l,vaddr_t * addr,vaddr_t orig_addr,int flags)161 pax_aslr_mmap(struct lwp *l, vaddr_t *addr, vaddr_t orig_addr, int flags)
162 {
163 }
164 #endif
165
166 #endif /* !_SYS_PAX_H_ */
167