1/* $NetBSD: pax.h,v 1.25 2016/09/03 12:20:58 christos Exp $ */
2
3/*-
4 * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. The name of the author may not be used to endorse or promote products
16 * derived from this software without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 */
29
30#ifndef _SYS_PAX_H_
31#define _SYS_PAX_H_
32
33#include <uvm/uvm_extern.h>
34
35#define P_PAX_ASLR 0x01 /* Enable ASLR */
36#define P_PAX_MPROTECT 0x02 /* Enable Mprotect */
37#define P_PAX_GUARD 0x04 /* Enable Segvguard */
38
39struct lwp;
40struct proc;
41struct exec_package;
42struct vmspace;
43
44#ifdef PAX_ASLR
45/*
46 * We stick this here because we need it in kern/exec_elf.c for now.
47 */
48#ifndef PAX_ASLR_DELTA_EXEC_LEN
49#define PAX_ASLR_DELTA_EXEC_LEN 12
50#endif
51#endif /* PAX_ASLR */
52#ifdef PAX_ASLR_DEBUG
53extern int pax_aslr_debug;
54#endif
55
56#if defined(PAX_MPROTECT) || defined(PAX_SEGVGUARD) || defined(PAX_ASLR)
57void pax_init(void);
58void pax_set_flags(struct exec_package *, struct proc *);
59void pax_setup_elf_flags(struct exec_package *, uint32_t);
60#else
61# define pax_init()
62# define pax_set_flags(e, p)
63# define pax_setup_elf_flags(e, flags) __USE(flags)
64#endif
65
66void pax_mprotect_adjust(
67#ifdef PAX_MPROTECT_DEBUG
68 const char *, size_t,
69#endif
70 struct lwp *, vm_prot_t *, vm_prot_t *);
71#ifndef PAX_MPROTECT
72# define PAX_MPROTECT_ADJUST(a, b, c)
73# define pax_mprotect_prot(l) 0
74#else
75# ifdef PAX_MPROTECT_DEBUG
76# define PAX_MPROTECT_ADJUST(a, b, c) \
77 pax_mprotect_adjust(__FILE__, __LINE__, (a), (b), (c))
78# else
79# define PAX_MPROTECT_ADJUST(a, b, c) \
80 pax_mprotect_adjust((a), (b), (c))
81# endif
82extern int pax_mprotect_prot(struct lwp *);
83#endif
84int pax_segvguard(struct lwp *, struct vnode *, const char *, bool);
85
86#define PAX_ASLR_DELTA(delta, lsb, len) \
87 (((delta) & ((1UL << (len)) - 1)) << (lsb))
88
89#ifdef PAX_ASLR
90void pax_aslr_init_vm(struct lwp *, struct vmspace *, struct exec_package *);
91void pax_aslr_stack(struct exec_package *, vsize_t *);
92uint32_t pax_aslr_stack_gap(struct exec_package *);
93vaddr_t pax_aslr_exec_offset(struct exec_package *, vaddr_t);
94voff_t pax_aslr_rtld_offset(struct exec_package *, vaddr_t, int);
95void pax_aslr_mmap(struct lwp *, vaddr_t *, vaddr_t, int);
96#else
97# define pax_aslr_init_vm(l, v, e)
98# define pax_aslr_stack(e, o)
99# define pax_aslr_stack_gap(e) 0
100# define pax_aslr_exec_offset(e, a) MAX(a, PAGE_SIZE)
101# define pax_aslr_rtld_offset(e, a, u) 0
102# define pax_aslr_mmap(l, a, b, c)
103#endif
104
105#endif /* !_SYS_PAX_H_ */
106