Add stackgap control mode to proccontrol(1).

PR:	239894
Reviewed by:	alc
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D21352
This commit is contained in:
kib 2019-09-03 18:58:48 +00:00
parent a788c25f19
commit 0c63ce7cba

View File

@ -44,6 +44,7 @@ enum {
MODE_TRACE,
MODE_TRAPCAP,
MODE_PROTMAX,
MODE_STACKGAP,
#ifdef PROC_KPTI_CTL
MODE_KPTI,
#endif
@ -73,8 +74,8 @@ static void __dead2
usage(void)
{
fprintf(stderr, "Usage: proccontrol -m (aslr|protmax|trace|trapcap"
KPTI_USAGE") [-q] "
fprintf(stderr, "Usage: proccontrol -m (aslr|protmax|trace|trapcap|"
"stackgap"KPTI_USAGE") [-q] "
"[-s (enable|disable)] [-p pid | command]\n");
exit(1);
}
@ -101,6 +102,8 @@ main(int argc, char *argv[])
mode = MODE_TRACE;
else if (strcmp(optarg, "trapcap") == 0)
mode = MODE_TRAPCAP;
else if (strcmp(optarg, "stackgap") == 0)
mode = MODE_STACKGAP;
#ifdef PROC_KPTI_CTL
else if (strcmp(optarg, "kpti") == 0)
mode = MODE_KPTI;
@ -153,6 +156,9 @@ main(int argc, char *argv[])
case MODE_PROTMAX:
error = procctl(P_PID, pid, PROC_PROTMAX_STATUS, &arg);
break;
case MODE_STACKGAP:
error = procctl(P_PID, pid, PROC_STACKGAP_STATUS, &arg);
break;
#ifdef PROC_KPTI_CTL
case MODE_KPTI:
error = procctl(P_PID, pid, PROC_KPTI_STATUS, &arg);
@ -217,6 +223,26 @@ main(int argc, char *argv[])
else
printf(", not active\n");
break;
case MODE_STACKGAP:
switch (arg & (PROC_STACKGAP_ENABLE |
PROC_STACKGAP_DISABLE)) {
case PROC_STACKGAP_ENABLE:
printf("enabled\n");
break;
case PROC_STACKGAP_DISABLE:
printf("disabled\n");
break;
}
switch (arg & (PROC_STACKGAP_ENABLE_EXEC |
PROC_STACKGAP_DISABLE_EXEC)) {
case PROC_STACKGAP_ENABLE_EXEC:
printf("enabled after exec\n");
break;
case PROC_STACKGAP_DISABLE_EXEC:
printf("disabled after exec\n");
break;
}
break;
#ifdef PROC_KPTI_CTL
case MODE_KPTI:
switch (arg & ~PROC_KPTI_STATUS_ACTIVE) {
@ -256,6 +282,12 @@ main(int argc, char *argv[])
PROC_PROTMAX_FORCE_DISABLE;
error = procctl(P_PID, pid, PROC_PROTMAX_CTL, &arg);
break;
case MODE_STACKGAP:
arg = enable ? PROC_STACKGAP_ENABLE_EXEC :
(PROC_STACKGAP_DISABLE |
PROC_STACKGAP_DISABLE_EXEC);
error = procctl(P_PID, pid, PROC_STACKGAP_CTL, &arg);
break;
#ifdef PROC_KPTI_CTL
case MODE_KPTI:
arg = enable ? PROC_KPTI_CTL_ENABLE_ON_EXEC :