From: dcashman@android.com (Daniel Cashman)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH 2/2] arm: mm: support ARCH_MMAP_RND_BITS.
Date: Wed, 28 Oct 2015 14:25:20 -0700 [thread overview]
Message-ID: <1446067520-31806-2-git-send-email-dcashman@android.com> (raw)
In-Reply-To: <1446067520-31806-1-git-send-email-dcashman@android.com>
From: dcashman <dcashman@google.com>
arm: arch_mmap_rnd() uses a hard-code value of 8 to generate the
random offset for the mmap base address. This value represents a
compromise between increased ASLR effectiveness and avoiding
address-space fragmentation. Replace it with a Kconfig option, which
is sensibly bounded, so that platform developers may choose where to
place this compromise. Keep 8 as the minimum acceptable value.
Signed-off-by: Daniel Cashman <dcashman@google.com>
---
arch/arm/Kconfig | 24 ++++++++++++++++++++++++
arch/arm/mm/mmap.c | 7 +++++--
2 files changed, 29 insertions(+), 2 deletions(-)
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 639411f..d61e7e2 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -306,6 +306,30 @@ config MMU
Select if you want MMU-based virtualised addressing space
support by paged memory management. If unsure, say 'Y'.
+config ARCH_MMAP_RND_BITS_MIN
+ int
+ default 8
+
+config ARCH_MMAP_RND_BITS_MAX
+ int
+ default 14 if MMU && PAGE_OFFSET=0x40000000
+ default 15 if MMU && PAGE_OFFSET=0x80000000
+ default 16 if MMU
+ default 8
+
+config ARCH_MMAP_RND_BITS
+ int "Number of bits to use for ASLR of mmap base address" if EXPERT
+ range ARCH_MMAP_RND_BITS_MIN ARCH_MMAP_RND_BITS_MAX
+ default ARCH_MMAP_RND_BITS_MIN
+ help
+ This value can be used to select the number of bits to use to
+ determine the random offset to the base address of vma regions
+ resulting from mmap allocations. This value will be bounded
+ by the architecture's minimum and maximum supported values.
+
+ This value can be changed after boot using the
+ /proc/sys/kernel/mmap_rnd_bits tunable
+
#
# The "ARM system type" choice list is ordered alphabetically by option
# text. Please add new entries in the option alphabetic order.
diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c
index 407dc78..73ca3a7 100644
--- a/arch/arm/mm/mmap.c
+++ b/arch/arm/mm/mmap.c
@@ -11,6 +11,10 @@
#include <linux/random.h>
#include <asm/cachetype.h>
+int mmap_rnd_bits_min = CONFIG_ARCH_MMAP_RND_BITS_MIN;
+int mmap_rnd_bits_max = CONFIG_ARCH_MMAP_RND_BITS_MAX;
+int mmap_rnd_bits = CONFIG_ARCH_MMAP_RND_BITS;
+
#define COLOUR_ALIGN(addr,pgoff) \
((((addr)+SHMLBA-1)&~(SHMLBA-1)) + \
(((pgoff)<<PAGE_SHIFT) & (SHMLBA-1)))
@@ -173,8 +177,7 @@ unsigned long arch_mmap_rnd(void)
{
unsigned long rnd;
- /* 8 bits of randomness in 20 address space bits */
- rnd = (unsigned long)get_random_int() % (1 << 8);
+ rnd = (unsigned long)get_random_int() % (1 << mmap_rnd_bits);
return rnd << PAGE_SHIFT;
}
--
2.6.0.rc2.230.g3dd15c0
WARNING: multiple messages have this Message-ID (diff)
From: Daniel Cashman <dcashman@android.com>
To: linux-kernel@vger.kernel.org
Cc: linux@arm.linux.org.uk, akpm@linux-foundation.org,
keescook@chromium.org, mingo@kernel.org,
linux-arm-kernel@lists.infradead.org, corbet@lwn.net,
dzickus@redhat.com, ebiederm@xmission.com, xypron.glpk@gmx.de,
jpoimboe@redhat.com, kirill.shutemov@linux.intel.com,
n-horiguchi@ah.jp.nec.com, aarcange@redhat.com, mgorman@suse.de,
tglx@linutronix.de, rientjes@google.com, linux-mm@kvack.org,
linux-doc@vger.kernel.org, salyzyn@android.com, jeffv@google.com,
nnk@google.com, dcashman <dcashman@google.com>
Subject: [PATCH 2/2] arm: mm: support ARCH_MMAP_RND_BITS.
Date: Wed, 28 Oct 2015 14:25:20 -0700 [thread overview]
Message-ID: <1446067520-31806-2-git-send-email-dcashman@android.com> (raw)
In-Reply-To: <1446067520-31806-1-git-send-email-dcashman@android.com>
From: dcashman <dcashman@google.com>
arm: arch_mmap_rnd() uses a hard-code value of 8 to generate the
random offset for the mmap base address. This value represents a
compromise between increased ASLR effectiveness and avoiding
address-space fragmentation. Replace it with a Kconfig option, which
is sensibly bounded, so that platform developers may choose where to
place this compromise. Keep 8 as the minimum acceptable value.
Signed-off-by: Daniel Cashman <dcashman@google.com>
---
arch/arm/Kconfig | 24 ++++++++++++++++++++++++
arch/arm/mm/mmap.c | 7 +++++--
2 files changed, 29 insertions(+), 2 deletions(-)
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 639411f..d61e7e2 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -306,6 +306,30 @@ config MMU
Select if you want MMU-based virtualised addressing space
support by paged memory management. If unsure, say 'Y'.
+config ARCH_MMAP_RND_BITS_MIN
+ int
+ default 8
+
+config ARCH_MMAP_RND_BITS_MAX
+ int
+ default 14 if MMU && PAGE_OFFSET=0x40000000
+ default 15 if MMU && PAGE_OFFSET=0x80000000
+ default 16 if MMU
+ default 8
+
+config ARCH_MMAP_RND_BITS
+ int "Number of bits to use for ASLR of mmap base address" if EXPERT
+ range ARCH_MMAP_RND_BITS_MIN ARCH_MMAP_RND_BITS_MAX
+ default ARCH_MMAP_RND_BITS_MIN
+ help
+ This value can be used to select the number of bits to use to
+ determine the random offset to the base address of vma regions
+ resulting from mmap allocations. This value will be bounded
+ by the architecture's minimum and maximum supported values.
+
+ This value can be changed after boot using the
+ /proc/sys/kernel/mmap_rnd_bits tunable
+
#
# The "ARM system type" choice list is ordered alphabetically by option
# text. Please add new entries in the option alphabetic order.
diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c
index 407dc78..73ca3a7 100644
--- a/arch/arm/mm/mmap.c
+++ b/arch/arm/mm/mmap.c
@@ -11,6 +11,10 @@
#include <linux/random.h>
#include <asm/cachetype.h>
+int mmap_rnd_bits_min = CONFIG_ARCH_MMAP_RND_BITS_MIN;
+int mmap_rnd_bits_max = CONFIG_ARCH_MMAP_RND_BITS_MAX;
+int mmap_rnd_bits = CONFIG_ARCH_MMAP_RND_BITS;
+
#define COLOUR_ALIGN(addr,pgoff) \
((((addr)+SHMLBA-1)&~(SHMLBA-1)) + \
(((pgoff)<<PAGE_SHIFT) & (SHMLBA-1)))
@@ -173,8 +177,7 @@ unsigned long arch_mmap_rnd(void)
{
unsigned long rnd;
- /* 8 bits of randomness in 20 address space bits */
- rnd = (unsigned long)get_random_int() % (1 << 8);
+ rnd = (unsigned long)get_random_int() % (1 << mmap_rnd_bits);
return rnd << PAGE_SHIFT;
}
--
2.6.0.rc2.230.g3dd15c0
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Daniel Cashman <dcashman@android.com>
To: linux-kernel@vger.kernel.org
Cc: linux@arm.linux.org.uk, akpm@linux-foundation.org,
keescook@chromium.org, mingo@kernel.org,
linux-arm-kernel@lists.infradead.org, corbet@lwn.net,
dzickus@redhat.com, ebiederm@xmission.com, xypron.glpk@gmx.de,
jpoimboe@redhat.com, kirill.shutemov@linux.intel.com,
n-horiguchi@ah.jp.nec.com, aarcange@redhat.com, mgorman@suse.de,
tglx@linutronix.de, rientjes@google.com, linux-mm@kvack.org,
linux-doc@vger.kernel.org, salyzyn@android.com, jeffv@google.com,
nnk@google.com, dcashman <dcashman@google.com>
Subject: [PATCH 2/2] arm: mm: support ARCH_MMAP_RND_BITS.
Date: Wed, 28 Oct 2015 14:25:20 -0700 [thread overview]
Message-ID: <1446067520-31806-2-git-send-email-dcashman@android.com> (raw)
In-Reply-To: <1446067520-31806-1-git-send-email-dcashman@android.com>
From: dcashman <dcashman@google.com>
arm: arch_mmap_rnd() uses a hard-code value of 8 to generate the
random offset for the mmap base address. This value represents a
compromise between increased ASLR effectiveness and avoiding
address-space fragmentation. Replace it with a Kconfig option, which
is sensibly bounded, so that platform developers may choose where to
place this compromise. Keep 8 as the minimum acceptable value.
Signed-off-by: Daniel Cashman <dcashman@google.com>
---
arch/arm/Kconfig | 24 ++++++++++++++++++++++++
arch/arm/mm/mmap.c | 7 +++++--
2 files changed, 29 insertions(+), 2 deletions(-)
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 639411f..d61e7e2 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -306,6 +306,30 @@ config MMU
Select if you want MMU-based virtualised addressing space
support by paged memory management. If unsure, say 'Y'.
+config ARCH_MMAP_RND_BITS_MIN
+ int
+ default 8
+
+config ARCH_MMAP_RND_BITS_MAX
+ int
+ default 14 if MMU && PAGE_OFFSET=0x40000000
+ default 15 if MMU && PAGE_OFFSET=0x80000000
+ default 16 if MMU
+ default 8
+
+config ARCH_MMAP_RND_BITS
+ int "Number of bits to use for ASLR of mmap base address" if EXPERT
+ range ARCH_MMAP_RND_BITS_MIN ARCH_MMAP_RND_BITS_MAX
+ default ARCH_MMAP_RND_BITS_MIN
+ help
+ This value can be used to select the number of bits to use to
+ determine the random offset to the base address of vma regions
+ resulting from mmap allocations. This value will be bounded
+ by the architecture's minimum and maximum supported values.
+
+ This value can be changed after boot using the
+ /proc/sys/kernel/mmap_rnd_bits tunable
+
#
# The "ARM system type" choice list is ordered alphabetically by option
# text. Please add new entries in the option alphabetic order.
diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c
index 407dc78..73ca3a7 100644
--- a/arch/arm/mm/mmap.c
+++ b/arch/arm/mm/mmap.c
@@ -11,6 +11,10 @@
#include <linux/random.h>
#include <asm/cachetype.h>
+int mmap_rnd_bits_min = CONFIG_ARCH_MMAP_RND_BITS_MIN;
+int mmap_rnd_bits_max = CONFIG_ARCH_MMAP_RND_BITS_MAX;
+int mmap_rnd_bits = CONFIG_ARCH_MMAP_RND_BITS;
+
#define COLOUR_ALIGN(addr,pgoff) \
((((addr)+SHMLBA-1)&~(SHMLBA-1)) + \
(((pgoff)<<PAGE_SHIFT) & (SHMLBA-1)))
@@ -173,8 +177,7 @@ unsigned long arch_mmap_rnd(void)
{
unsigned long rnd;
- /* 8 bits of randomness in 20 address space bits */
- rnd = (unsigned long)get_random_int() % (1 << 8);
+ rnd = (unsigned long)get_random_int() % (1 << mmap_rnd_bits);
return rnd << PAGE_SHIFT;
}
--
2.6.0.rc2.230.g3dd15c0
next prev parent reply other threads:[~2015-10-28 21:25 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-28 21:25 [PATCH 1/2] mm: mmap: Add new /proc tunable for mmap_base ASLR Daniel Cashman
2015-10-28 21:25 ` Daniel Cashman
2015-10-28 21:25 ` Daniel Cashman
2015-10-28 21:25 ` Daniel Cashman [this message]
2015-10-28 21:25 ` [PATCH 2/2] arm: mm: support ARCH_MMAP_RND_BITS Daniel Cashman
2015-10-28 21:25 ` Daniel Cashman
2015-10-28 23:34 ` [PATCH 1/2] mm: mmap: Add new /proc tunable for mmap_base ASLR Eric W. Biederman
2015-10-28 23:34 ` Eric W. Biederman
2015-10-28 23:34 ` Eric W. Biederman
2015-10-28 23:59 ` Jeffrey Vander Stoep
2015-10-29 0:01 ` Jeffrey Vander Stoep
2015-10-29 0:01 ` Jeffrey Vander Stoep
2015-10-29 0:01 ` Jeffrey Vander Stoep
2015-10-29 0:39 ` Dan Cashman
2015-10-29 0:39 ` Dan Cashman
2015-10-29 0:39 ` Dan Cashman
2015-10-29 3:41 ` Eric W. Biederman
2015-10-29 3:41 ` Eric W. Biederman
2015-10-29 3:41 ` Eric W. Biederman
2015-10-29 22:06 ` Daniel Cashman
2015-10-29 22:06 ` Daniel Cashman
2015-10-29 22:06 ` Daniel Cashman
2015-11-01 21:50 ` Eric W. Biederman
2015-11-01 21:50 ` Eric W. Biederman
2015-11-01 21:50 ` Eric W. Biederman
2015-11-03 18:21 ` Daniel Cashman
2015-11-03 18:21 ` Daniel Cashman
2015-11-03 18:21 ` Daniel Cashman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1446067520-31806-2-git-send-email-dcashman@android.com \
--to=dcashman@android.com \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.