From f4d4d691ec79bfc8aa6d32d80682a8edbe0dbdd5 Mon Sep 17 00:00:00 2001
From: deraadt <deraadt@openbsd.org>
Date: Fri, 7 Oct 2022 15:21:04 +0000
Subject: [PATCH] Add mimmutable(2) libc stub, add & adjust manual pages, and
 crank the minor. ok kettenis

---
 lib/libc/Symbols.list      |  2 +
 lib/libc/hidden/sys/mman.h |  3 +-
 lib/libc/shlib_version     |  2 +-
 lib/libc/sys/Makefile.inc  |  6 +--
 lib/libc/sys/mimmutable.2  | 83 ++++++++++++++++++++++++++++++++++++++
 lib/libc/sys/mmap.2        | 12 +++++-
 lib/libc/sys/mprotect.2    | 11 ++++-
 lib/libc/sys/munmap.2      | 11 ++++-
 8 files changed, 119 insertions(+), 11 deletions(-)
 create mode 100644 lib/libc/sys/mimmutable.2

diff --git a/lib/libc/Symbols.list b/lib/libc/Symbols.list
index 3096857ca39..d95c3f5c769 100644
--- a/lib/libc/Symbols.list
+++ b/lib/libc/Symbols.list
@@ -131,6 +131,7 @@ _thread_sys_lseek
 _thread_sys_lstat
 _thread_sys_madvise
 _thread_sys_minherit
+_thread_sys_mimmutable
 _thread_sys_mkdir
 _thread_sys_mkdirat
 _thread_sys_mkfifo
@@ -327,6 +328,7 @@ listen
 lseek
 lstat
 madvise
+mimmutable
 minherit
 mkdir
 mkdirat
diff --git a/lib/libc/hidden/sys/mman.h b/lib/libc/hidden/sys/mman.h
index 50e250eae31..06f7df93417 100644
--- a/lib/libc/hidden/sys/mman.h
+++ b/lib/libc/hidden/sys/mman.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: mman.h,v 1.4 2019/01/11 18:46:30 deraadt Exp $	*/
+/*	$OpenBSD: mman.h,v 1.5 2022/10/07 15:21:04 deraadt Exp $	*/
 /*
  * Copyright (c) 2015 Philip Guenther <guenther@openbsd.org>
  *
@@ -26,6 +26,7 @@ PROTO_NORMAL(mlock);
 PROTO_NORMAL(mlockall);
 PROTO_NORMAL(mmap);
 PROTO_NORMAL(mprotect);
+PROTO_NORMAL(mimmutable);
 PROTO_NORMAL(mquery);
 PROTO_CANCEL(msync);
 PROTO_NORMAL(munlock);
diff --git a/lib/libc/shlib_version b/lib/libc/shlib_version
index 03589a3f97f..7a1bc8e113e 100644
--- a/lib/libc/shlib_version
+++ b/lib/libc/shlib_version
@@ -1,4 +1,4 @@
 major=96
-minor=2
+minor=3
 # note: If changes were made to include/thread_private.h or if system calls
 # were added/changed then librthread/shlib_version must also be updated.
diff --git a/lib/libc/sys/Makefile.inc b/lib/libc/sys/Makefile.inc
index 50c4af6156b..16817039ee6 100644
--- a/lib/libc/sys/Makefile.inc
+++ b/lib/libc/sys/Makefile.inc
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile.inc,v 1.164 2022/09/09 13:52:59 mbuhl Exp $
+#	$OpenBSD: Makefile.inc,v 1.165 2022/10/07 15:21:04 deraadt Exp $
 #	$NetBSD: Makefile.inc,v 1.35 1995/10/16 23:49:07 jtc Exp $
 #	@(#)Makefile.inc	8.1 (Berkeley) 6/17/93
 
@@ -58,7 +58,7 @@ ASM=	__semctl.o __syscall.o __thrsigdivert.o \
 	getsockopt.o ioctl.o \
 	kevent.o kill.o kqueue.o ktrace.o lchown.o \
 	link.o linkat.o listen.o lseek.o lstat.o \
-	madvise.o minherit.o mkdir.o mkdirat.o mkfifo.o mkfifoat.o \
+	madvise.o mimmutable.o minherit.o mkdir.o mkdirat.o mkfifo.o mkfifoat.o \
 	mknod.o mknodat.o mlock.o mlockall.o mmap.o mount.o mprotect.o \
 	mquery.o msgctl.o msgget.o munlock.o munlockall.o munmap.o \
 	nfssvc.o \
@@ -186,7 +186,7 @@ MAN+=	__get_tcb.2 __thrsigdivert.2 __thrsleep.2 _exit.2 accept.2 \
 	getrtable.2 getrusage.2 getsid.2 getsockname.2 getsockopt.2 \
 	getthrid.2 gettimeofday.2 getuid.2 intro.2 ioctl.2 issetugid.2 \
 	kbind.2 kill.2 kqueue.2 ktrace.2 link.2 listen.2 lseek.2 madvise.2 \
-	minherit.2 mkdir.2 mkfifo.2 mknod.2 mlock.2 \
+	mimmutable.2 minherit.2 mkdir.2 mkfifo.2 mknod.2 mlock.2 \
 	mlockall.2 mmap.2 mount.2 mprotect.2 mquery.2 msyscall.2 msgctl.2 \
 	msgget.2 msgrcv.2 msgsnd.2 msync.2 munmap.2 nanosleep.2 \
 	nfssvc.2 open.2 pathconf.2 pipe.2 pledge.2 poll.2 profil.2 \
diff --git a/lib/libc/sys/mimmutable.2 b/lib/libc/sys/mimmutable.2
new file mode 100644
index 00000000000..fe13dde429c
--- /dev/null
+++ b/lib/libc/sys/mimmutable.2
@@ -0,0 +1,83 @@
+.\"	$OpenBSD: mimmutable.2,v 1.1 2022/10/07 15:21:04 deraadt Exp $
+.\"
+.\" Copyright (c) 1991, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"	@(#)mimmutable.2	8.1 (Berkeley) 6/9/93
+.\"
+.Dd $Mdocdate: October 7 2022 $
+.Dt MIMMUTABLE 2
+.Os
+.Sh NAME
+.Nm mimmutable
+.Nd control the immutability of pages
+.Sh SYNOPSIS
+.In sys/mman.h
+.Ft int
+.Fn mimmutable "void *addr" "size_t len"
+.Sh DESCRIPTION
+The
+.Fn mimmutable
+system call
+changes currently mapped pages in the region to be marked immutable,
+which means their protection or mapping may not be changed in the future.
+.Xr mmap 2 ,
+.Xr mprotect 2 ,
+and
+.Xr munmap 2
+to pages marked immutable will return with error
+.Er EPERM .
+.Pp
+Unmapped pages in the region do not retain immutability, but this
+behaviour should not be relied upon.
+.Pp
+Not all implementations will guarantee that the immutable characteristic
+can be set on a page basis;
+the granularity of changes may be as large as an entire region.
+.Sh RETURN VALUES
+.Rv -std
+.Sh ERRORS
+The
+.Fn mimmutable
+system call will fail if:
+.Bl -tag -width Er
+.It Bq Er EINVAL
+The virtual address range specified by the
+.Fa addr
+and
+.Fa len
+arguments is not valid.
+.El
+.Sh SEE ALSO
+.Xr mmap 2 ,
+.Xr mprotect 2 ,
+.Xr munmap 2
+.Sh HISTORY
+The
+.Fn mimmutable
+function first appeared in
+.Ox 7.3 .
diff --git a/lib/libc/sys/mmap.2 b/lib/libc/sys/mmap.2
index 2fb45c15316..12509846de5 100644
--- a/lib/libc/sys/mmap.2
+++ b/lib/libc/sys/mmap.2
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: mmap.2,v 1.68 2022/03/31 17:27:16 naddy Exp $
+.\"	$OpenBSD: mmap.2,v 1.69 2022/10/07 15:21:04 deraadt Exp $
 .\"	$NetBSD: mmap.2,v 1.5 1995/06/24 10:48:59 cgd Exp $
 .\"
 .\" Copyright (c) 1991, 1993
@@ -30,7 +30,7 @@
 .\"
 .\"	@(#)mmap.2	8.1 (Berkeley) 6/4/93
 .\"
-.Dd $Mdocdate: March 31 2022 $
+.Dd $Mdocdate: October 7 2022 $
 .Dt MMAP 2
 .Os
 .Sh NAME
@@ -300,10 +300,18 @@ and the process is link-time tagged with
 in
 .Xr sysctl 2
 for a method to diagnose failure).
+.It Bq Er EPERM
+The
+.Fa addr
+and
+.Fa len
+parameters
+specify a region which contains at least one page marked immutable.
 .El
 .Sh SEE ALSO
 .Xr madvise 2 ,
 .Xr mlock 2 ,
+.Xr mimmutable 2 ,
 .Xr mprotect 2 ,
 .Xr mquery 2 ,
 .Xr msync 2 ,
diff --git a/lib/libc/sys/mprotect.2 b/lib/libc/sys/mprotect.2
index 59a87b720ea..f8d964f03e1 100644
--- a/lib/libc/sys/mprotect.2
+++ b/lib/libc/sys/mprotect.2
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: mprotect.2,v 1.26 2021/06/30 18:46:49 schwarze Exp $
+.\"	$OpenBSD: mprotect.2,v 1.27 2022/10/07 15:21:04 deraadt Exp $
 .\"	$NetBSD: mprotect.2,v 1.6 1995/10/12 15:41:08 jtc Exp $
 .\"
 .\" Copyright (c) 1991, 1993
@@ -30,7 +30,7 @@
 .\"
 .\"	@(#)mprotect.2	8.1 (Berkeley) 6/9/93
 .\"
-.Dd $Mdocdate: June 30 2021 $
+.Dd $Mdocdate: October 7 2022 $
 .Dt MPROTECT 2
 .Os
 .Sh NAME
@@ -111,6 +111,13 @@ for more information).
 The
 .Fa prot
 argument is invalid or the specified address range would wrap around.
+.It Bq Er EPERM
+The
+.Fa addr
+and
+.Fa len
+parameters
+specify a region which contains at least one page marked immutable.
 .El
 .Sh SEE ALSO
 .Xr madvise 2 ,
diff --git a/lib/libc/sys/munmap.2 b/lib/libc/sys/munmap.2
index cc6cf4d1c39..9b5df765307 100644
--- a/lib/libc/sys/munmap.2
+++ b/lib/libc/sys/munmap.2
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: munmap.2,v 1.19 2019/12/21 05:23:38 jsg Exp $
+.\"	$OpenBSD: munmap.2,v 1.20 2022/10/07 15:21:04 deraadt Exp $
 .\"	$NetBSD: munmap.2,v 1.5 1995/02/27 12:35:03 cgd Exp $
 .\"
 .\" Copyright (c) 1991, 1993
@@ -30,7 +30,7 @@
 .\"
 .\"	@(#)munmap.2	8.2 (Berkeley) 4/15/94
 .\"
-.Dd $Mdocdate: December 21 2019 $
+.Dd $Mdocdate: October 7 2022 $
 .Dt MUNMAP 2
 .Os
 .Sh NAME
@@ -62,6 +62,13 @@ parameters
 specify a region that would extend beyond the end of the address space,
 or some part of the region being unmapped is not part of the currently
 valid address space.
+.It Bq Er EPERM
+The
+.Fa addr
+and
+.Fa len
+parameters
+specify a region which contains at least one page marked immutable.
 .El
 .Sh SEE ALSO
 .Xr madvise 2 ,
-- 
2.20.1