From c3699e91289a5a02b0c16eec22ee4d6ad7d9602e Mon Sep 17 00:00:00 2001 From: kib Date: Wed, 5 Jul 2017 06:18:00 +0000 Subject: Add MAP_GUARD and use it for stack grow area protection. Bump __FreeBSD_version. MFC r320317: Implement address space guards. MFC r320338: Remove stale part of the comment. MFC r320339: Correctly handle small MAP_STACK requests. MFC r320344: For now, allow mprotect(2) over the guards to succeed regardless of the requested protection. MFC r320430: Treat the addr argument for mmap(2) request without MAP_FIXED flag as a hint. MFC r320560 (by alc): Modify vm_map_growstack() to protect itself from the possibility of the gap entry in the vm map being smaller than the sysctl-derived stack guard size. --- lib/libc/sys/mmap.2 | 40 ++++++++++++++++++++++++++++++++++++++++ lib/libc/sys/munmap.2 | 4 ++-- 2 files changed, 42 insertions(+), 2 deletions(-) (limited to 'lib/libc') diff --git a/lib/libc/sys/mmap.2 b/lib/libc/sys/mmap.2 index 2a3bdba..6d43071 100644 --- a/lib/libc/sys/mmap.2 +++ b/lib/libc/sys/mmap.2 @@ -199,6 +199,21 @@ In contrast, if .Dv MAP_EXCL is specified, the request will fail if a mapping already exists within the range. +.It Dv MAP_GUARD +Instead of a mapping, create a guard of the specified size. +Guards allow a process to create reservations in its address space, +which can later be replaced by actual mappings. +.Pp +.Fa mmap +will not create mappings in the address range of a guard unless +the request specifies +.Dv MAP_FIXED . +Guards can be destroyed with +.Xr munmap 2 . +Any memory access by a thread to the guarded range results +in the delivery of a +.Dv SIGSEGV +signal to that thread. .It Dv MAP_NOCORE Region is not included in a core file. .It Dv MAP_NOSYNC @@ -303,6 +318,7 @@ must include at least .Dv PROT_READ and .Dv PROT_WRITE . +.Pp This option creates a memory region that grows to at most .Fa len @@ -313,6 +329,10 @@ stack top is the starting address returned by the call, plus bytes. The bottom of the stack at maximum growth is the starting address returned by the call. +The system uses guards to prevent the inadvertent use of +regions into which stacks created with +.Dv MAP_STACK +will automatically grow, without mapping the whole stack in advance. .El .Pp The @@ -406,6 +426,7 @@ were specified. .It Bq Er EINVAL None of .Dv MAP_ANON , +.Dv MAP_GUARD , .Dv MAP_PRIVATE , .Dv MAP_SHARED , or @@ -455,6 +476,25 @@ were specified, but the requested region is already used by a mapping. was specified, but .Dv MAP_FIXED was not. +.It Bq Er EINVAL +.Dv MAP_GUARD +was specified, but the +.Fa offset +argument was not zero, the +.Fa fd +argument was not -1, or the +.Fa prot +argument was not +.Dv PROT_NONE . +.It Bq Er EINVAL +.Dv MAP_GUARD +was specified together with one of the flags +.Dv MAP_ANON , +.Dv MAP_PREFAULT , +.Dv MAP_PREFAULT_READ , +.Dv MAP_PRIVATE , +.Dv MAP_SHARED , +.Dv MAP_STACK . .It Bq Er ENODEV .Dv MAP_ANON has not been specified and diff --git a/lib/libc/sys/munmap.2 b/lib/libc/sys/munmap.2 index 6431072..ce54202 100644 --- a/lib/libc/sys/munmap.2 +++ b/lib/libc/sys/munmap.2 @@ -28,7 +28,7 @@ .\" @(#)munmap.2 8.3 (Berkeley) 5/27/94 .\" $FreeBSD$ .\" -.Dd May 27, 1994 +.Dd June 22, 2017 .Dt MUNMAP 2 .Os .Sh NAME @@ -44,7 +44,7 @@ The .Fn munmap system call -deletes the mappings for the specified address range, +deletes the mappings and guards for the specified address range, and causes further references to addresses within the range to generate invalid memory references. .Sh RETURN VALUES -- cgit v1.1