mcexec: Disable address space layout randomization

Move the code from mcreboot.sh to mcexec.c.
2017-07-12 14:11:36 +09:00
parent 0f58e9e77d
commit 6415dcfdcc
3 changed files with 46 additions and 19 deletions
--- a/arch/x86/tools/mcreboot-smp-x86.sh.in
+++ b/arch/x86/tools/mcreboot-smp-x86.sh.in
@ -180,11 +180,6 @@ error_exit() {
 			fi
 		fi
 		;&
-	aslr_disabled)
-		if [ -f /tmp/mckernel_randomize_va_space ]; then
-			cat /tmp/mckernel_randomize_va_space > /proc/sys/kernel/randomize_va_space
-		fi
-		;&
 	initial)
 		# Nothing more to revert
 		;;
@ -236,12 +231,6 @@ if [ "$cpus" == "" ]; then
 	fi
 fi

-# Disable address space layout randomization
-if [ -f /proc/sys/kernel/randomize_va_space ] && [ "`cat /proc/sys/kernel/randomize_va_space`" != "0" ]; then
-	cat /proc/sys/kernel/randomize_va_space > /tmp/mckernel_randomize_va_space
-	echo "0" > /proc/sys/kernel/randomize_va_space
-fi
-
 # Remove mcoverlay if loaded
 if [ "$enable_mcoverlay" == "yes" ]; then
 	if grep mcoverlay /proc/modules &>/dev/null; then
@ -252,7 +241,7 @@ if [ "$enable_mcoverlay" == "yes" ]; then
 		if [ -e /tmp/mcos ]; then rm -rf /tmp/mcos; fi
 		if ! rmmod mcoverlay 2>/dev/null; then
 			echo "error: removing mcoverlay" >&2
-			error_exit "aslr_disabled"
+			exit 1
 		fi
 	fi
 fi
@ -262,7 +251,7 @@ if [ "${irqbalance_used}" == "yes" ]; then
    systemctl stop irqbalance_mck.service 2>/dev/null
    if ! systemctl stop irqbalance.service 2>/dev/null ; then
 		echo "error: stopping irqbalance" >&2
-		error_exit "aslr_disabled"
+		exit 1
 	fi;

    if ! etcdir=@ETCDIR@ perl -e 'use File::Copy qw(copy); $etcdir=$ENV{'etcdir'}; @files = grep { -f } glob "/proc/irq/*/smp_affinity"; foreach $file (@files) { $rel = substr($file, 1); $dir=substr($rel, 0, length($rel)-length("/smp_affinity")); if(0) { print "cp $file $etcdir/$rel\n";} if(system("mkdir -p $etcdir/$dir")){ exit 1;} if(!copy($file,"$etcdir/$rel")){ exit 1;} }'; then
--- a/arch/x86/tools/mcstop+release-smp-x86.sh.in
+++ b/arch/x86/tools/mcstop+release-smp-x86.sh.in
@ -121,10 +121,5 @@ if [ "${irqbalance_used}" != "" ]; then
 	fi
 fi

-# Re-enable ASLR
-if [ -f /tmp/mckernel_randomize_va_space ]; then
-	cat /tmp/mckernel_randomize_va_space > /proc/sys/kernel/randomize_va_space
-fi
-
 # Set back default swappiness
 echo 60 > /proc/sys/vm/swappiness
--- a/executer/user/mcexec.c
+++ b/executer/user/mcexec.c
@ -73,6 +73,7 @@
 #include "../../config.h"
 #include <numa.h>
 #include <numaif.h>
+#include <sys/personality.h>

 //#define DEBUG

@ -90,6 +91,25 @@
                                        __VA_ARGS__);fflush(stderr);}
 #endif
 	
+#define CHKANDJUMPF(cond, err, format, ...)								\
+	do {																\
+		if(cond) {														\
+			__eprintf(format, __VA_ARGS__);								\
+			ret = err;													\
+			goto fn_fail;												\
+		}																\
+	} while(0)
+
+#define CHKANDJUMP(cond, err, msg)										\
+	do {																\
+		if(cond) {														\
+			__eprint(msg);												\
+			ret = err;													\
+			goto fn_fail;												\
+		}																\
+	} while(0)
+
+
 #undef DEBUG_UTI

 #ifdef USE_SYSCALL_MOD_CALL
@ -1580,6 +1600,7 @@ opendev()

 int main(int argc, char **argv)
 {
+	int ret = 0;
 	struct program_load_desc *desc;
 	int envs_len;
 	char *envs;
@ -1596,6 +1617,7 @@ int main(int argc, char **argv)
 	char *shell = NULL;
 	char shell_path[1024];
 	int num = 0;
+	int persona;

 #ifdef USE_SYSCALL_MOD_CALL
 	__glob_argc = argc;
@ -1607,6 +1629,26 @@ int main(int argc, char **argv)
 		altroot = "/usr/linux-k1om-4.7/linux-k1om";
 	}

+	/* Disable address space layout randomization */
+	persona = personality(0xffffffff);
+	__dprintf("persona=%08x\n", persona);
+	if ((persona & (PER_LINUX | ADDR_NO_RANDOMIZE)) == 0) {
+		CHKANDJUMP(getenv("MCEXEC_ADDR_NO_RANDOMIZE"), 1, "personality() and then execv() failed\n");
+
+		persona = personality(persona | PER_LINUX | ADDR_NO_RANDOMIZE);
+		CHKANDJUMPF(persona == -1, 1, "personality failed, persona=%08x, strerror=%s\n", persona, strerror(errno));
+
+		error = setenv("MCEXEC_ADDR_NO_RANDOMIZE", "1", 1);
+		CHKANDJUMP(error == -1, 1, "setenv failed\n");
+
+		error = execv("/proc/self/exe", argv);
+		CHKANDJUMPF(error == -1, 1, "execv failed, error=%d,strerror=%s\n", error, strerror(errno));
+	}
+	if (getenv("MCEXEC_ADDR_NO_RANDOMIZE")) {
+		error = unsetenv("MCEXEC_ADDR_NO_RANDOMIZE");
+		CHKANDJUMP(error == -1, 1, "unsetenv failed");
+	}
+
 	rlim_stack.rlim_cur = MCEXEC_DEF_CUR_STACK_SIZE;
 	rlim_stack.rlim_max = MCEXEC_DEF_MAX_STACK_SIZE;

@ -2119,7 +2161,8 @@ int main(int argc, char **argv)

 	join_all_threads();

-	return 0;
+ fn_fail:
+	return ret;
 }