mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2025-01-04 12:20:49 -05:00
96 lines
3.5 KiB
Diff
96 lines
3.5 KiB
Diff
|
From d6dee0ccda11e6d9f8b47acd112b399d8afd34bc Mon Sep 17 00:00:00 2001
|
||
|
From: Hector Marco-Gisbert <hecmargi@upv.es>
|
||
|
Date: Thu, 10 Mar 2016 20:51:00 +0100
|
||
|
Subject: [PATCH] UPSTREAM: x86/mm/32: Enable full randomization on i386 and
|
||
|
X86_32
|
||
|
|
||
|
Currently on i386 and on X86_64 when emulating X86_32 in legacy mode, only
|
||
|
the stack and the executable are randomized but not other mmapped files
|
||
|
|
||
|
libraries, vDSO and mmap requests on i386 and in X86_32 in legacy mode.
|
||
|
|
||
|
By default on i386 there are 8 bits for the randomization of the libraries,
|
||
|
vDSO and mmaps which only uses 1MB of VA.
|
||
|
|
||
|
This patch preserves the original randomness, using 1MB of VA out of 3GB or
|
||
|
4GB. We think that 1MB out of 3GB is not a big cost for having the ASLR.
|
||
|
|
||
|
The first obvious security benefit is that all objects are randomized (not
|
||
|
only the stack and the executable) in legacy mode which highly increases
|
||
|
the ASLR effectiveness, otherwise the attackers may use these
|
||
|
non-randomized areas. But also sensitive setuid/setgid applications are
|
||
|
more secure because currently, attackers can disable the randomization of
|
||
|
these applications by setting the ulimit stack to "unlimited". This is a
|
||
|
very old and widely known trick to disable the ASLR in i386 which has been
|
||
|
allowed for too long.
|
||
|
|
||
|
Another trick used to disable the ASLR was to set the ADDR_NO_RANDOMIZE
|
||
|
personality flag, but fortunately this doesn't work on setuid/setgid
|
||
|
applications because there is security checks which clear Security-relevant
|
||
|
flags.
|
||
|
|
||
|
This patch always randomizes the mmap_legacy_base address, removing the
|
||
|
possibility to disable the ASLR by setting the stack to "unlimited".
|
||
|
|
||
|
Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
|
||
|
Acked-by: Ismael Ripoll Ripoll <iripoll@upv.es>
|
||
|
Acked-by: Kees Cook <keescook@chromium.org>
|
||
|
Acked-by: Arjan van de Ven <arjan@linux.intel.com>
|
||
|
Cc: Linus Torvalds <torvalds@linux-foundation.org>
|
||
|
Cc: Peter Zijlstra <peterz@infradead.org>
|
||
|
Cc: Thomas Gleixner <tglx@linutronix.de>
|
||
|
Cc: akpm@linux-foundation.org
|
||
|
Cc: kees Cook <keescook@chromium.org>
|
||
|
Link: http://lkml.kernel.org/r/1457639460-5242-1-git-send-email-hecmargi@upv.es
|
||
|
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
||
|
|
||
|
Bug: 28763575
|
||
|
Change-Id: Icd128489c3c196ade64f79d4ea898d29f8471baf
|
||
|
(cherry picked from commit 8b8addf891de8a00e4d39fc32f93f7c5eb8feceb)
|
||
|
---
|
||
|
arch/x86/mm/mmap.c | 21 +++++++--------------
|
||
|
1 file changed, 7 insertions(+), 14 deletions(-)
|
||
|
|
||
|
diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c
|
||
|
index 084c36f6b4e3..47287ea3f080 100644
|
||
|
--- a/arch/x86/mm/mmap.c
|
||
|
+++ b/arch/x86/mm/mmap.c
|
||
|
@@ -95,30 +95,23 @@ static unsigned long mmap_base(void)
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
- * Bottom-up (legacy) layout on X86_32 did not support randomization, X86_64
|
||
|
- * does, but not when emulating X86_32
|
||
|
- */
|
||
|
-static unsigned long mmap_legacy_base(void)
|
||
|
-{
|
||
|
- if (mmap_is_ia32())
|
||
|
- return TASK_UNMAPPED_BASE;
|
||
|
- else
|
||
|
- return TASK_UNMAPPED_BASE + mmap_rnd();
|
||
|
-}
|
||
|
-
|
||
|
-/*
|
||
|
* This function, called very early during the creation of a new
|
||
|
* process VM image, sets up which VM layout function to use:
|
||
|
*/
|
||
|
void arch_pick_mmap_layout(struct mm_struct *mm)
|
||
|
{
|
||
|
- mm->mmap_legacy_base = mmap_legacy_base();
|
||
|
- mm->mmap_base = mmap_base();
|
||
|
+ unsigned long random_factor = 0UL;
|
||
|
+
|
||
|
+ if (current->flags & PF_RANDOMIZE)
|
||
|
+ random_factor = mmap_rnd();
|
||
|
+
|
||
|
+ mm->mmap_legacy_base = TASK_UNMAPPED_BASE + random_factor;
|
||
|
|
||
|
if (mmap_is_legacy()) {
|
||
|
mm->mmap_base = mm->mmap_legacy_base;
|
||
|
mm->get_unmapped_area = arch_get_unmapped_area;
|
||
|
} else {
|
||
|
+ mm->mmap_base = mmap_base();
|
||
|
mm->get_unmapped_area = arch_get_unmapped_area_topdown;
|
||
|
}
|
||
|
}
|