From 39dc533fdf40db727adba3c4aa3c6e88565b3d5b Mon Sep 17 00:00:00 2001 From: deraadt Date: Sun, 16 Oct 2022 16:27:02 +0000 Subject: [PATCH] Rather than marking MAP_STACK on entries for sigaltstack() [2 days ago], go back to the old approach: using a new anon mapping because it removes any potential gadgetry pre-placed in the region (by making it zero). But also bring in a few more validation checks beyond contigious mapping -- it must not be a syscall region, and the protection must be precisely RW. This does allow sigaltstack() to shoot zero'd MAP_STACK non-immutable regions into the main stack area (which will soon be immutable). I am not sure we can keep reinforce immutable on the region after we do stack (like maybe determine this while doing the validation entry walk?) Sadly, continued support for sigaltstack() does require selecting the guessed best compromise. ok kettenis --- sys/kern/kern_sig.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c index 1ee084f7c7d..1b943e139e7 100644 --- a/sys/kern/kern_sig.c +++ b/sys/kern/kern_sig.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_sig.c,v 1.300 2022/10/15 03:23:50 deraadt Exp $ */ +/* $OpenBSD: kern_sig.c,v 1.301 2022/10/16 16:27:02 deraadt Exp $ */ /* $NetBSD: kern_sig.c,v 1.54 1996/04/22 01:38:32 christos Exp $ */ /* @@ -575,7 +575,7 @@ sys_sigaltstack(struct proc *p, void *v, register_t *retval) if (ss.ss_size < MINSIGSTKSZ) return (ENOMEM); - error = uvm_map_make_stack(p, (vaddr_t)ss.ss_sp, (vsize_t)ss.ss_size); + error = uvm_map_remap_as_stack(p, (vaddr_t)ss.ss_sp, ss.ss_size); if (error) return (error); -- 2.20.1