svn commit: r214610 - head/sys/powerpc/aim
Nathan Whitehorn
nwhitehorn at FreeBSD.org
Sun Oct 31 23:04:15 UTC 2010
Author: nwhitehorn
Date: Sun Oct 31 23:04:15 2010
New Revision: 214610
URL: http://svn.freebsd.org/changeset/base/214610
Log:
Add a security nit to recent copyin/out changes: map the user segment
no-execute in case of exploitable kernel bugs.
MFC after: 1 week
Modified:
head/sys/powerpc/aim/copyinout.c
Modified: head/sys/powerpc/aim/copyinout.c
==============================================================================
--- head/sys/powerpc/aim/copyinout.c Sun Oct 31 23:03:11 2010 (r214609)
+++ head/sys/powerpc/aim/copyinout.c Sun Oct 31 23:04:15 2010 (r214610)
@@ -95,6 +95,9 @@ set_user_sr(pmap_t pm, const void *addr)
slbv = slb->slbv;
}
+ /* Mark segment no-execute */
+ slbv |= SLBV_N;
+
/* If we have already set this VSID, we can just return */
if (curthread->td_pcb->pcb_cpu.aim.usr_vsid == slbv)
return;
@@ -117,6 +120,9 @@ set_user_sr(pmap_t pm, const void *addr)
if (curthread->td_pcb->pcb_cpu.aim.usr_vsid == vsid)
return;
+ /* Mark segment no-execute */
+ vsid |= SR_N;
+
__asm __volatile("isync");
curthread->td_pcb->pcb_cpu.aim.usr_vsid = vsid;
__asm __volatile("mtsr %0,%1; isync" :: "n"(USER_SR), "r"(vsid));
More information about the svn-src-head
mailing list