The PDE covering the APTE space should not confer exec permissions.

ok deraadt
author: mlarkin <mlarkin@openbsd.org> 2015-08-28 05:00:42 +0000
committer: mlarkin <mlarkin@openbsd.org> 2015-08-28 05:00:42 +0000
commit: 28dd705aa264325c2c1e4a07209d2f98bc09f530 (patch)
tree: 712b4ae8314f4cac1bbec7f6b9ed0e6e40a153d1
parent: Rework the UNIX domain socket garbage collector, including ideas from (diff)
download: wireguard-openbsd-28dd705aa264325c2c1e4a07209d2f98bc09f530.tar.xz
wireguard-openbsd-28dd705aa264325c2c1e4a07209d2f98bc09f530.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/sys/arch/i386/i386/pmapae.c b/sys/arch/i386/i386/pmapae.c
index 69e0b316023..891f9bddf37 100644
--- a/sys/arch/i386/i386/pmapae.c
+++ b/sys/arch/i386/i386/pmapae.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pmapae.c,v 1.44 2015/08/25 20:18:44 mlarkin Exp $	*/
+/*	$OpenBSD: pmapae.c,v 1.45 2015/08/28 05:00:42 mlarkin Exp $	*/
 
 /*
  * Copyright (c) 2006-2008 Michael Shalayeff
@@ -695,6 +695,10 @@ pmap_bootstrap_pae(void)
 		PDE(kpm, pdei(va)) = pte | PG_NX;
 	}
 
+	va = (vaddr_t)APTE_BASE;
+	pte = PDE(kpm, pdei(va));
+	PDE(kpm, pdei(va)) = pte | PG_NX;
+
 	pmap_write_protect(kpm, (vaddr_t)&kernel_text, (vaddr_t)&etext,
 	    PROT_READ | PROT_EXEC);
 	pmap_write_protect(kpm, (vaddr_t)&__rodata_start,
author	mlarkin <mlarkin@openbsd.org>	2015-08-28 05:00:42 +0000
committer	mlarkin <mlarkin@openbsd.org>	2015-08-28 05:00:42 +0000
commit	28dd705aa264325c2c1e4a07209d2f98bc09f530 (patch)
tree	712b4ae8314f4cac1bbec7f6b9ed0e6e40a153d1
parent	Rework the UNIX domain socket garbage collector, including ideas from (diff)
download	wireguard-openbsd-28dd705aa264325c2c1e4a07209d2f98bc09f530.tar.xz wireguard-openbsd-28dd705aa264325c2c1e4a07209d2f98bc09f530.zip