Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 26 Feb 2017 11:02:14 +0000 (UTC)
From:      Konstantin Belousov <kib@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject:   svn commit: r314298 - in stable/11/sys: fs/devfs kern
Message-ID:  <201702261102.v1QB2Eqd064574@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: kib
Date: Sun Feb 26 11:02:14 2017
New Revision: 314298
URL: https://svnweb.freebsd.org/changeset/base/314298

Log:
  MFC r313967:
  Apply noexec mount option for mmap(PROT_EXEC).
  
  PR:	217062

Modified:
  stable/11/sys/fs/devfs/devfs_vnops.c
  stable/11/sys/kern/vfs_vnops.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/fs/devfs/devfs_vnops.c
==============================================================================
--- stable/11/sys/fs/devfs/devfs_vnops.c	Sun Feb 26 10:58:01 2017	(r314297)
+++ stable/11/sys/fs/devfs/devfs_vnops.c	Sun Feb 26 11:02:14 2017	(r314298)
@@ -1789,9 +1789,11 @@ devfs_mmap_f(struct file *fp, vm_map_t m
 	 * compatible.
 	 */
 	mp = vp->v_mount;
-	if (mp != NULL && (mp->mnt_flag & MNT_NOEXEC) != 0)
+	if (mp != NULL && (mp->mnt_flag & MNT_NOEXEC) != 0) {
 		maxprot = VM_PROT_NONE;
-	else
+		if ((prot & VM_PROT_EXECUTE) != 0)
+			return (EACCES);
+	} else
 		maxprot = VM_PROT_EXECUTE;
 	if ((fp->f_flag & FREAD) != 0)
 		maxprot |= VM_PROT_READ;

Modified: stable/11/sys/kern/vfs_vnops.c
==============================================================================
--- stable/11/sys/kern/vfs_vnops.c	Sun Feb 26 10:58:01 2017	(r314297)
+++ stable/11/sys/kern/vfs_vnops.c	Sun Feb 26 11:02:14 2017	(r314298)
@@ -2434,9 +2434,11 @@ vn_mmap(struct file *fp, vm_map_t map, v
 	 * proc does a setuid?
 	 */
 	mp = vp->v_mount;
-	if (mp != NULL && (mp->mnt_flag & MNT_NOEXEC) != 0)
+	if (mp != NULL && (mp->mnt_flag & MNT_NOEXEC) != 0) {
 		maxprot = VM_PROT_NONE;
-	else
+		if ((prot & VM_PROT_EXECUTE) != 0)
+			return (EACCES);
+	} else
 		maxprot = VM_PROT_EXECUTE;
 	if ((fp->f_flag & FREAD) != 0)
 		maxprot |= VM_PROT_READ;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201702261102.v1QB2Eqd064574>