Add stackgap control mode to proccontrol(1). · opnsense2/src@c22994e

Commit

Add stackgap control mode to proccontrol(1).

PR:	239894
Reviewed by:	alc
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D21352

Loading branch information

kostikbel committed Sep 3, 2019

1 parent fe69291 commit c22994e

usr.bin/proccontrol/proccontrol.c

-Original file line number
+Diff line change
@@ Expand Up / @@ -44,6 +44,7 @@ enum { @@
     	MODE_TRACE,
     	MODE_TRAPCAP,
     	MODE_PROTMAX,
+    	MODE_STACKGAP,
     #ifdef PROC_KPTI_CTL
     	MODE_KPTI,
     #endif
@@ Expand Down Expand Up / @@ -73,8 +74,8 @@ static void __dead2 @@
     usage(void)
     {
-    	fprintf(stderr, "Usage: proccontrol -m (aslr|protmax|trace|trapcap"
-    	    KPTI_USAGE") [-q] "
+    	fprintf(stderr, "Usage: proccontrol -m (aslr|protmax|trace|trapcap|"
+    	    "stackgap"KPTI_USAGE") [-q] "
     	    "[-s (enable|disable)] [-p pid | command]\n");
     	exit(1);
     }
@@ Expand All / @@ -101,6 +102,8 @@ main(int argc, char *argv[]) @@
     				mode = MODE_TRACE;
     			else if (strcmp(optarg, "trapcap") == 0)
     				mode = MODE_TRAPCAP;
+    			else if (strcmp(optarg, "stackgap") == 0)
+    				mode = MODE_STACKGAP;
     #ifdef PROC_KPTI_CTL
     			else if (strcmp(optarg, "kpti") == 0)
     				mode = MODE_KPTI;
@@ Expand Down Expand Up / @@ -153,6 +156,9 @@ main(int argc, char *argv[]) @@
     		case MODE_PROTMAX:
     			error = procctl(P_PID, pid, PROC_PROTMAX_STATUS, &arg);
     			break;
+    		case MODE_STACKGAP:
+    			error = procctl(P_PID, pid, PROC_STACKGAP_STATUS, &arg);
+    			break;
     #ifdef PROC_KPTI_CTL
     		case MODE_KPTI:
     			error = procctl(P_PID, pid, PROC_KPTI_STATUS, &arg);
@@ Expand Down Expand Up / @@ -217,6 +223,26 @@ main(int argc, char *argv[]) @@
     			else
     				printf(", not active\n");
     			break;
+    		case MODE_STACKGAP:
+    			switch (arg & (PROC_STACKGAP_ENABLE |
+    			    PROC_STACKGAP_DISABLE)) {
+    			case PROC_STACKGAP_ENABLE:
+    				printf("enabled\n");
+    				break;
+    			case PROC_STACKGAP_DISABLE:
+    				printf("disabled\n");
+    				break;
+    			}
+    			switch (arg & (PROC_STACKGAP_ENABLE_EXEC |
+    			    PROC_STACKGAP_DISABLE_EXEC)) {
+    			case PROC_STACKGAP_ENABLE_EXEC:
+    				printf("enabled after exec\n");
+    				break;
+    			case PROC_STACKGAP_DISABLE_EXEC:
+    				printf("disabled after exec\n");
+    				break;
+    			}
+    			break;
     #ifdef PROC_KPTI_CTL
     		case MODE_KPTI:
     			switch (arg & ~PROC_KPTI_STATUS_ACTIVE) {
@@ Expand Down Expand Up / @@ -256,6 +282,12 @@ main(int argc, char *argv[]) @@
     			    PROC_PROTMAX_FORCE_DISABLE;
     			error = procctl(P_PID, pid, PROC_PROTMAX_CTL, &arg);
     			break;
+    		case MODE_STACKGAP:
+    			arg = enable ? PROC_STACKGAP_ENABLE_EXEC :
+    			    (PROC_STACKGAP_DISABLE |
+    			    PROC_STACKGAP_DISABLE_EXEC);
+    			error = procctl(P_PID, pid, PROC_STACKGAP_CTL, &arg);
+    			break;
     #ifdef PROC_KPTI_CTL
     		case MODE_KPTI:
     			arg = enable ? PROC_KPTI_CTL_ENABLE_ON_EXEC :
@@ Expand Down @@

0 comments on commit `c22994e`

Please sign in to comment.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Commit

There are no files selected for viewing

0 comments on commit `c22994e`

Commit

There are no files selected for viewing

0 comments on commit c22994e

0 comments on commit `c22994e`