Add implicit PROT_MAX() knob to proccontrol(1).

Reviewed by: emaste, markj (previous version) Discussed with: brooks Sponsored by: The FreeBSD Foundation Differential revision: https://reviews.freebsd.org/D20795
svn path=/head/; revision=349610
2025-01-29 16:44:03 +00:00 · 2019-07-02 19:12:02 +00:00 · 2019-07-02 19:12:02 +00:00 · 469220742e · 2020-12-20 02:59:44 +00:00
commit 469220742e
parent 5dc7e31a09
2 changed files with 32 additions and 1 deletions
--- a/usr.bin/proccontrol/proccontrol.1
+++ b/usr.bin/proccontrol/proccontrol.1
@ -66,6 +66,9 @@ Note that process is only allowed to enable tracing for itself,
 not for any other process.
 .It Ar trapcap
 Controls the signalling of capability mode access violations.
+.It Ar protmax
+Controls the implicit PROT_MAX application for
+.Xr mmap 2 .
 .It Ar kpti
 Controls the KPTI enable, AMD64 only.
 .El
--- a/usr.bin/proccontrol/proccontrol.c
+++ b/usr.bin/proccontrol/proccontrol.c
@ -43,6 +43,7 @@ enum {
 	MODE_INVALID,
 	MODE_TRACE,
 	MODE_TRAPCAP,
+	MODE_PROTMAX,
 #ifdef PROC_KPTI_CTL
 	MODE_KPTI,
 #endif
@ -72,7 +73,7 @@ static void __dead2
 usage(void)
 {

-	fprintf(stderr, "Usage: proccontrol -m (aslr|trace|trapcap"
+	fprintf(stderr, "Usage: proccontrol -m (aslr|protmax|trace|trapcap"
 	    KPTI_USAGE") [-q] "
 	    "[-s (enable|disable)] [-p pid | command]\n");
 	exit(1);
@ -94,6 +95,8 @@ main(int argc, char *argv[])
 		case 'm':
 			if (strcmp(optarg, "aslr") == 0)
 				mode = MODE_ASLR;
+			else if (strcmp(optarg, "protmax") == 0)
+				mode = MODE_PROTMAX;
 			else if (strcmp(optarg, "trace") == 0)
 				mode = MODE_TRACE;
 			else if (strcmp(optarg, "trapcap") == 0)
@ -147,6 +150,9 @@ main(int argc, char *argv[])
 		case MODE_TRAPCAP:
 			error = procctl(P_PID, pid, PROC_TRAPCAP_STATUS, &arg);
 			break;
+		case MODE_PROTMAX:
+			error = procctl(P_PID, pid, PROC_PROTMAX_STATUS, &arg);
+			break;
 #ifdef PROC_KPTI_CTL
 		case MODE_KPTI:
 			error = procctl(P_PID, pid, PROC_KPTI_STATUS, &arg);
@ -194,6 +200,23 @@ main(int argc, char *argv[])
 				break;
 			}
 			break;
+		case MODE_PROTMAX:
+			switch (arg & ~PROC_PROTMAX_ACTIVE) {
+			case PROC_PROTMAX_FORCE_ENABLE:
+				printf("force enabled");
+				break;
+			case PROC_PROTMAX_FORCE_DISABLE:
+				printf("force disabled");
+				break;
+			case PROC_PROTMAX_NOFORCE:
+				printf("not forced");
+				break;
+			}
+			if ((arg & PROC_PROTMAX_ACTIVE) != 0)
+				printf(", active\n");
+			else
+				printf(", not active\n");
+			break;
 #ifdef PROC_KPTI_CTL
 		case MODE_KPTI:
 			switch (arg & ~PROC_KPTI_STATUS_ACTIVE) {
@ -228,6 +251,11 @@ main(int argc, char *argv[])
 			    PROC_TRAPCAP_CTL_DISABLE;
 			error = procctl(P_PID, pid, PROC_TRAPCAP_CTL, &arg);
 			break;
+		case MODE_PROTMAX:
+			arg = enable ? PROC_PROTMAX_FORCE_ENABLE :
+			    PROC_PROTMAX_FORCE_DISABLE;
+			error = procctl(P_PID, pid, PROC_PROTMAX_CTL, &arg);
+			break;
 #ifdef PROC_KPTI_CTL
 		case MODE_KPTI:
 			arg = enable ? PROC_KPTI_CTL_ENABLE_ON_EXEC :