d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

procctl(8): usermode bits to force LA58/LA57 on exec.

Browse Source 
Sponsored by:	The FreeBSD Foundation
Differential revision:	https://reviews.freebsd.org/D25273
This commit is contained in:
kib 2020-08-23 20:44:15 +00:00
parent 94cc06b8c6
commit 66df603545
2 changed files with 58 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
usr.bin/proccontrol/proccontrol.1
View File

@ -71,6 +71,9 @@ Controls the implicit PROT_MAX application for
.Xr mmap 2 . .Xr mmap 2 .
.It Ar kpti .It Ar kpti
Controls the KPTI enable, AMD64 only. Controls the KPTI enable, AMD64 only.
.It Ar la48
Control limiting usermode process address space to 48 bits of address,
AMD64 only, on machines capable of 57-bit addressing.
.El .El
.Pp .Pp
The The

56
usr.bin/proccontrol/proccontrol.c
View File

@ -48,6 +48,10 @@ enum {
#ifdef PROC_KPTI_CTL #ifdef PROC_KPTI_CTL
MODE_KPTI, MODE_KPTI,
#endif #endif
#ifdef PROC_LA_CTL
MODE_LA57,
MODE_LA48,
#endif
}; };
static pid_t static pid_t
@ -69,13 +73,18 @@ str2pid(const char *str)
#else #else
#define KPTI_USAGE #define KPTI_USAGE
#endif #endif
#ifdef PROC_LA_CTL
#define LA_USAGE "|la48|la57"
#else
#define LA_USAGE
#endif
static void __dead2 static void __dead2
usage(void) usage(void)
{ {
fprintf(stderr, "Usage: proccontrol -m (aslr|protmax|trace|trapcap|" fprintf(stderr, "Usage: proccontrol -m (aslr|protmax|trace|trapcap|"
"stackgap"KPTI_USAGE") [-q] " "stackgap"KPTI_USAGE LA_USAGE") [-q] "
"[-s (enable|disable)] [-p pid | command]\n"); "[-s (enable|disable)] [-p pid | command]\n");
exit(1); exit(1);
} }
@ -107,6 +116,12 @@ main(int argc, char *argv[])
#ifdef PROC_KPTI_CTL #ifdef PROC_KPTI_CTL
else if (strcmp(optarg, "kpti") == 0) else if (strcmp(optarg, "kpti") == 0)
mode = MODE_KPTI; mode = MODE_KPTI;
#endif
#ifdef PROC_LA_CTL
else if (strcmp(optarg, "la57") == 0)
mode = MODE_LA57;
else if (strcmp(optarg, "la48") == 0)
mode = MODE_LA48;
#endif #endif
else else
usage(); usage();
@ -163,6 +178,12 @@ main(int argc, char *argv[])
case MODE_KPTI: case MODE_KPTI:
error = procctl(P_PID, pid, PROC_KPTI_STATUS, &arg); error = procctl(P_PID, pid, PROC_KPTI_STATUS, &arg);
break; break;
#endif
#ifdef PROC_LA_CTL
case MODE_LA57:
case MODE_LA48:
error = procctl(P_PID, pid, PROC_LA_STATUS, &arg);
break;
#endif #endif
default: default:
usage(); usage();
@ -258,6 +279,27 @@ main(int argc, char *argv[])
else else
printf(", not active\n"); printf(", not active\n");
break; break;
#endif
#ifdef PROC_LA_CTL
case MODE_LA57:
case MODE_LA48:
switch (arg & ~(PROC_LA_STATUS_LA48 |
PROC_LA_STATUS_LA57)) {
case PROC_LA_CTL_LA48_ON_EXEC:
printf("la48 on exec");
break;
case PROC_LA_CTL_LA57_ON_EXEC:
printf("la57 on exec");
break;
case PROC_LA_CTL_DEFAULT_ON_EXEC:
printf("default on exec");
break;
}
if ((arg & PROC_LA_STATUS_LA48) != 0)
printf(", la48 active\n");
else if ((arg & PROC_LA_STATUS_LA57) != 0)
printf(", la57 active\n");
break;
#endif #endif
} }
} else { } else {
@ -294,6 +336,18 @@ main(int argc, char *argv[])
PROC_KPTI_CTL_DISABLE_ON_EXEC; PROC_KPTI_CTL_DISABLE_ON_EXEC;
error = procctl(P_PID, pid, PROC_KPTI_CTL, &arg); error = procctl(P_PID, pid, PROC_KPTI_CTL, &arg);
break; break;
#endif
#ifdef PROC_LA_CTL
case MODE_LA57:
arg = enable ? PROC_LA_CTL_LA57_ON_EXEC :
PROC_LA_CTL_DEFAULT_ON_EXEC;
error = procctl(P_PID, pid, PROC_LA_CTL, &arg);
break;
case MODE_LA48:
arg = enable ? PROC_LA_CTL_LA48_ON_EXEC :
PROC_LA_CTL_DEFAULT_ON_EXEC;
error = procctl(P_PID, pid, PROC_LA_CTL, &arg);
break;
#endif #endif
default: default:
usage(); usage();