diff options
| author | nwhitehorn <nwhitehorn@FreeBSD.org> | 2010-10-31 23:04:15 +0000 |
|---|---|---|
| committer | nwhitehorn <nwhitehorn@FreeBSD.org> | 2010-10-31 23:04:15 +0000 |
| commit | c108d430e633c3faca1a9c7c2ed97f2bf3468f5f (patch) | |
| tree | 4b86f41f19f9138974a736d6034cbca3c85fb7bb | |
| parent | 26a6f9d45c2842cb22dab8775fdf61335ca283e3 (diff) | |
| download | FreeBSD-src-c108d430e633c3faca1a9c7c2ed97f2bf3468f5f.zip FreeBSD-src-c108d430e633c3faca1a9c7c2ed97f2bf3468f5f.tar.gz | |
Add a security nit to recent copyin/out changes: map the user segment
no-execute in case of exploitable kernel bugs.
MFC after: 1 week
| -rw-r--r-- | sys/powerpc/aim/copyinout.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/sys/powerpc/aim/copyinout.c b/sys/powerpc/aim/copyinout.c index 8451f80..15623ed 100644 --- a/sys/powerpc/aim/copyinout.c +++ b/sys/powerpc/aim/copyinout.c @@ -95,6 +95,9 @@ set_user_sr(pmap_t pm, const void *addr) slbv = slb->slbv; } + /* Mark segment no-execute */ + slbv |= SLBV_N; + /* If we have already set this VSID, we can just return */ if (curthread->td_pcb->pcb_cpu.aim.usr_vsid == slbv) return; @@ -117,6 +120,9 @@ set_user_sr(pmap_t pm, const void *addr) if (curthread->td_pcb->pcb_cpu.aim.usr_vsid == vsid) return; + /* Mark segment no-execute */ + vsid |= SR_N; + __asm __volatile("isync"); curthread->td_pcb->pcb_cpu.aim.usr_vsid = vsid; __asm __volatile("mtsr %0,%1; isync" :: "n"(USER_SR), "r"(vsid)); |
