From 6553e559e601884f33ae08839a9a69efdcee500c Mon Sep 17 00:00:00 2001 From: guenther Date: Fri, 15 Aug 2025 04:21:00 +0000 Subject: [PATCH] Move the proc.ps_flags PS_* bits that are only changed by sys_execve() and not tested (by name) in userland to a new ps_iflags member. This frees up some ps_flags bits for other uses. ok mpi@ claudio@ --- bin/ps/ps.1 | 6 ++---- sys/arch/amd64/amd64/machdep.c | 4 ++-- sys/kern/kern_exec.c | 19 ++++++------------- sys/kern/subr_prof.c | 4 ++-- sys/sys/proc.h | 21 +++++++++++++-------- sys/uvm/uvm_mmap.c | 4 ++-- 6 files changed, 27 insertions(+), 31 deletions(-) diff --git a/bin/ps/ps.1 b/bin/ps/ps.1 index 723dc7179f7..d500d112861 100644 --- a/bin/ps/ps.1 +++ b/bin/ps/ps.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ps.1,v 1.140 2025/04/29 03:48:10 tedu Exp $ +.\" $OpenBSD: ps.1,v 1.141 2025/08/15 04:21:00 guenther Exp $ .\" $NetBSD: ps.1,v 1.16 1996/03/21 01:36:28 jtc Exp $ .\" .\" Copyright (c) 1980, 1990, 1991, 1993, 1994 @@ -30,7 +30,7 @@ .\" .\" @(#)ps.1 8.3 (Berkeley) 4/18/94 .\" -.Dd $Mdocdate: April 29 2025 $ +.Dd $Mdocdate: August 15 2025 $ .Dt PS 1 .Os .Sh NAME @@ -352,11 +352,9 @@ PS_EMBRYO 0x20000 New process, not yet fledged PS_ZOMBIE 0x40000 Dead and ready to be waited for PS_NOBROADCASTKILL 0x80000 Process excluded from kill -1 PS_PLEDGE 0x100000 process has called pledge(2) -PS_WXNEEDED 0x00200000 process allowed to violate W^X PS_EXECPLEDGE 0x00400000 has exec pledges PS_ORPHAN 0x00800000 process is on an orphan list PS_CHROOT 0x01000000 process is chrooted -PS_NOBTCFI 0x02000000 no Branch Target CFI PS_CONTINUED 0x20000000 process continued from stopped state but has not been waited for yet PS_STOPPED 0x40000000 process is in stopped state diff --git a/sys/arch/amd64/amd64/machdep.c b/sys/arch/amd64/amd64/machdep.c index 991dd2cbeb6..3462ac54559 100644 --- a/sys/arch/amd64/amd64/machdep.c +++ b/sys/arch/amd64/amd64/machdep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: machdep.c,v 1.301 2025/07/13 20:06:54 bluhm Exp $ */ +/* $OpenBSD: machdep.c,v 1.302 2025/08/15 04:21:00 guenther Exp $ */ /* $NetBSD: machdep.c,v 1.3 2003/05/07 22:58:18 fvdl Exp $ */ /*- @@ -580,7 +580,7 @@ maybe_enable_user_cet(struct proc *p) #ifndef SMALL_KERNEL /* Enable indirect-branch tracking if present and not disabled */ if ((xsave_mask & XFEATURE_CET_U) && - (p->p_p->ps_flags & PS_NOBTCFI) == 0) { + (p->p_p->ps_iflags & PSI_NOBTCFI) == 0) { uint64_t msr = rdmsr(MSR_U_CET); wrmsr(MSR_U_CET, msr | MSR_CET_ENDBR_EN | MSR_CET_NO_TRACK_EN); } diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c index bb956f42580..aea11ec296a 100644 --- a/sys/kern/kern_exec.c +++ b/sys/kern/kern_exec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_exec.c,v 1.265 2025/08/04 04:59:31 guenther Exp $ */ +/* $OpenBSD: kern_exec.c,v 1.266 2025/08/15 04:21:00 guenther Exp $ */ /* $NetBSD: kern_exec.c,v 1.75 1996/02/09 18:59:28 christos Exp $ */ /*- @@ -550,15 +550,13 @@ sys_execve(struct proc *p, void *v, register_t *retval) if (otvp) vrele(otvp); + p->p_p->ps_iflags &= ~(PSI_NOBTCFI | PSI_PROFILE | PSI_WXNEEDED); if (pack.ep_flags & EXEC_NOBTCFI) - atomic_setbits_int(&p->p_p->ps_flags, PS_NOBTCFI); - else - atomic_clearbits_int(&p->p_p->ps_flags, PS_NOBTCFI); - + p->p_p->ps_iflags |= PSI_NOBTCFI; if (pack.ep_flags & EXEC_PROFILE) - atomic_setbits_int(&p->p_p->ps_flags, PS_PROFILE); - else - atomic_clearbits_int(&p->p_p->ps_flags, PS_PROFILE); + p->p_p->ps_iflags |= PSI_PROFILE; + if (pack.ep_flags & EXEC_WXNEEDED) + p->p_p->ps_iflags |= PSI_WXNEEDED; atomic_setbits_int(&pr->ps_flags, PS_EXEC); if (pr->ps_flags & PS_PPWAIT) { @@ -753,11 +751,6 @@ sys_execve(struct proc *p, void *v, register_t *retval) if ((pack.ep_flags & EXEC_HASFD) && pack.ep_fd < 255) p->p_descfd = pack.ep_fd; - if (pack.ep_flags & EXEC_WXNEEDED) - atomic_setbits_int(&p->p_p->ps_flags, PS_WXNEEDED); - else - atomic_clearbits_int(&p->p_p->ps_flags, PS_WXNEEDED); - atomic_clearbits_int(&pr->ps_flags, PS_INEXEC); single_thread_clear(p); diff --git a/sys/kern/subr_prof.c b/sys/kern/subr_prof.c index 38e6f7a074d..3322f366e59 100644 --- a/sys/kern/subr_prof.c +++ b/sys/kern/subr_prof.c @@ -1,4 +1,4 @@ -/* $OpenBSD: subr_prof.c,v 1.42 2025/05/24 06:49:16 deraadt Exp $ */ +/* $OpenBSD: subr_prof.c,v 1.43 2025/08/15 04:21:00 guenther Exp $ */ /* $NetBSD: subr_prof.c,v 1.12 1996/04/22 01:38:50 christos Exp $ */ /*- @@ -287,7 +287,7 @@ sys_profil(struct proc *p, void *v, register_t *retval) int s; /* Only binaries linked for profiling can do profil() */ - if ((pr->ps_flags & PS_PROFILE) == 0) + if ((pr->ps_iflags & PSI_PROFILE) == 0) return (EPERM); if (SCARG(uap, scale) > (1 << 16)) diff --git a/sys/sys/proc.h b/sys/sys/proc.h index ccee9549210..3cd7e1d87ee 100644 --- a/sys/sys/proc.h +++ b/sys/sys/proc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: proc.h,v 1.395 2025/08/02 20:44:10 jca Exp $ */ +/* $OpenBSD: proc.h,v 1.396 2025/08/15 04:21:00 guenther Exp $ */ /* $NetBSD: proc.h,v 1.44 1996/04/22 01:23:21 christos Exp $ */ /*- @@ -246,6 +246,12 @@ struct process { vaddr_t ps_sigcoderet; /* [I] User ptr to sigreturn retPC */ u_long ps_sigcookie; /* [I] */ u_int ps_rtableid; /* [a] Process routing table/domain. */ + u_short ps_iflags; /* [I] flags set at exec time */ +# define PSI_WXNEEDED 0x0001 /* Process allowed to violate W^X */ +# define PSI_NOBTCFI 0x0002 /* No Branch Target CFI */ +# define PSI_PROFILE 0x0004 /* linked with -pg: allow profile(2) */ +# define PSI_BITS \ + ("\20" "\001WXNEEDED" "\002NOBTCFI" "\003PROFILE" ) char ps_nice; /* Process "nice" value. */ struct uprof { /* profile arguments */ @@ -312,13 +318,13 @@ struct process { #define PS_ZOMBIE 0x00040000 /* Dead and ready to be waited for */ #define PS_NOBROADCASTKILL 0x00080000 /* Process excluded from kill -1. */ #define PS_PLEDGE 0x00100000 /* Has called pledge(2) */ -#define PS_WXNEEDED 0x00200000 /* Process allowed to violate W^X */ +#define PS_avail2 0x00200000 #define PS_EXECPLEDGE 0x00400000 /* Has exec pledges */ #define PS_ORPHAN 0x00800000 /* Process is on an orphan list */ #define PS_CHROOT 0x01000000 /* Process is chrooted */ -#define PS_NOBTCFI 0x02000000 /* No Branch Target CFI */ +#define PS_avail1 0x02000000 #define PS_ITIMER 0x04000000 /* Virtual interval timers running */ -#define PS_PROFILE 0x08000000 /* linked with -pg: allow profile(2) */ +#define PS_avail0 0x08000000 #define PS_WAITEVENT 0x10000000 /* wait(2) event pending */ #define PS_CONTINUED 0x20000000 /* Continued proc not yet waited for */ #define PS_STOPPED 0x40000000 /* Stopped process */ @@ -329,13 +335,12 @@ struct process { "\06SUGIDEXEC" "\07PPWAIT" "\010ISPWAIT" "\011PROFIL" "\012TRACED" \ "\013WAITED" "\014COREDUMP" "\015SINGLEEXIT" "\016SINGLEUNWIND" \ "\017NOZOMBIE" "\020STOPPING" "\021SYSTEM" "\022EMBRYO" "\023ZOMBIE" \ - "\024NOBROADCASTKILL" "\025PLEDGE" "\026WXNEEDED" "\027EXECPLEDGE" \ - "\030ORPHAN" "\031CHROOT" "\032NOBTCFI" "\033ITIMER" "\034PROFILE" \ + "\024NOBROADCASTKILL" "\025PLEDGE" "\027EXECPLEDGE" \ + "\030ORPHAN" "\031CHROOT" "\033ITIMER" \ "\035WAITEVENT" "\036CONTINUED" "\037STOPPED" "\040TRAPPED") #define PS_FLAGS_INHERITED_ON_FORK \ - (PS_SUGID | PS_SUGIDEXEC | PS_PLEDGE | PS_EXECPLEDGE | \ - PS_NOBTCFI | PS_WXNEEDED | PS_CHROOT | PS_PROFILE) + (PS_SUGID | PS_SUGIDEXEC | PS_PLEDGE | PS_EXECPLEDGE | PS_CHROOT) struct kcov_dev; struct lock_list_entry; diff --git a/sys/uvm/uvm_mmap.c b/sys/uvm/uvm_mmap.c index 8ff4bccb41a..76424493219 100644 --- a/sys/uvm/uvm_mmap.c +++ b/sys/uvm/uvm_mmap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uvm_mmap.c,v 1.202 2025/06/13 10:48:56 mpi Exp $ */ +/* $OpenBSD: uvm_mmap.c,v 1.203 2025/08/15 04:21:00 guenther Exp $ */ /* $NetBSD: uvm_mmap.c,v 1.49 2001/02/18 21:19:08 chs Exp $ */ /* @@ -180,7 +180,7 @@ uvm_wxcheck(struct proc *p, char *call) int wxallowed = (pr->ps_textvp->v_mount && (pr->ps_textvp->v_mount->mnt_flag & MNT_WXALLOWED)); - if (wxallowed && (pr->ps_flags & PS_WXNEEDED)) + if (wxallowed && (pr->ps_iflags & PSI_WXNEEDED)) return 0; if (atomic_load_int(&uvm_wxabort)) {