upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-11 01:30:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

HBSD: Randomize top of per-thread stacks

Browse source 
The per-thread stack implementation in libthr supplies a hint to
mmap(2). ASLR will get applied to it, it could be hardened still.
Provide additional hardening by randomizing the size of the per-thread
stack guard provided by libthr. This will effectively randomize the top
of the per-thread stack at a page-level granularity. Additional entropy
could be provided by introducing a random-sized gap, thus getting better
than page-level granularity.

Signed-off-by:	Shawn Webb <shawn.webb@hardenedbsd.org>
Sponsored-by:	SoldierX
This commit is contained in:
Shawn Webb 2017-06-24 11:11:46 -04:00 committed by Franco Fichtner
parent 7e16dbbf12
commit ff0cec6dcb
2 changed files with 26 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
lib/libthr/thread/thr_init.c
View file

@ -439,6 +439,7 @@ init_private(void)
size_t len;
int mib[2];
char *env, *env_bigstack, *env_splitstack;
unsigned int npages;
_thr_umutex_init(&_mutex_static_lock);
_thr_umutex_init(&_cond_static_lock);
@ -477,7 +478,6 @@ init_private(void)
sysctlbyname("kern.smp.cpus", &_thr_is_smp, &len, NULL, 0);
_thr_is_smp = (_thr_is_smp > 1);
_thr_page_size = getpagesize();
_thr_guard_default = (2 * 1024 * 1024);
_pthread_attr_default.guardsize_attr = _thr_guard_default;
_pthread_attr_default.stacksize_attr = _thr_stack_default;
env = getenv("LIBPTHREAD_SPINLOOPS");
@ -490,6 +490,19 @@ init_private(void)
if (env)
_thr_queuefifo = atoi(env);
TAILQ_INIT(&_thr_atfork_list);
/*
* Initialize the random-sized stack guard
* conservatively.
*/
mib[0] = CTL_KERN;
mib[1] = KERN_ARND;
len = sizeof(npages);
npages = 0;
sysctl(mib, 2, &npages, &len, NULL, 0);
npages %= GUARD_MAX_PAGES;
if (npages < GUARD_MIN_PAGES)
npages = GUARD_DEFAULT_SIZE;
_thr_guard_default = npages * PAGE_SIZE;
}
init_once = 1;
}

12
lib/libthr/thread/thr_private.h
View file

@ -101,6 +101,18 @@ TAILQ_HEAD(mutex_queue, pthread_mutex);
#define THR_ASSERT(cond, msg)
#endif
#ifndef GUARD_DEFAULT_SIZE
#define GUARD_DEFAULT_SIZE 512
#endif
#ifndef GUARD_MIN_PAGES
#define GUARD_MIN_PAGES 256
#endif
#ifndef GUARD_MAX_PAGES
#define GUARD_MAX_PAGES 1024
#endif
#ifdef PIC
# define STATIC_LIB_REQUIRE(name)
#else