* [PATCH for 2.6.18-rc2] [2/8] i386/x86-64: Don't randomize stack top when no randomization personality is set
@ 2006-07-16 12:22 Andi Kleen
2006-07-16 20:47 ` Ingo Molnar
0 siblings, 1 reply; 6+ messages in thread
From: Andi Kleen @ 2006-07-16 12:22 UTC (permalink / raw)
To: torvalds; +Cc: akpm, discuss, linux-kernel
Based on patch from Frank van Maarseveen <frankvm@frankvm.com>, but
extended.
Signed-off-by: Andi Kleen <ak@suse.de>
---
arch/i386/kernel/process.c | 3 ++-
arch/x86_64/kernel/process.c | 2 +-
fs/binfmt_elf.c | 3 ++-
3 files changed, 5 insertions(+), 3 deletions(-)
Index: linux/arch/x86_64/kernel/process.c
===================================================================
--- linux.orig/arch/x86_64/kernel/process.c
+++ linux/arch/x86_64/kernel/process.c
@@ -845,7 +845,7 @@ int dump_task_regs(struct task_struct *t
unsigned long arch_align_stack(unsigned long sp)
{
- if (randomize_va_space)
+ if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
sp -= get_random_int() % 8192;
return sp & ~0xf;
}
Index: linux/arch/i386/kernel/process.c
===================================================================
--- linux.orig/arch/i386/kernel/process.c
+++ linux/arch/i386/kernel/process.c
@@ -37,6 +37,7 @@
#include <linux/kallsyms.h>
#include <linux/ptrace.h>
#include <linux/random.h>
+#include <linux/personality.h>
#include <asm/uaccess.h>
#include <asm/pgtable.h>
@@ -905,7 +906,7 @@ asmlinkage int sys_get_thread_area(struc
unsigned long arch_align_stack(unsigned long sp)
{
- if (randomize_va_space)
+ if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
sp -= get_random_int() % 8192;
return sp & ~0xf;
}
Index: linux/fs/binfmt_elf.c
===================================================================
--- linux.orig/fs/binfmt_elf.c
+++ linux/fs/binfmt_elf.c
@@ -515,7 +515,8 @@ static unsigned long randomize_stack_top
{
unsigned int random_variable = 0;
- if (current->flags & PF_RANDOMIZE) {
+ if ((current->flags & PF_RANDOMIZE) &&
+ !(current->personality & ADDR_NO_RANDOMIZE)) {
random_variable = get_random_int() & STACK_RND_MASK;
random_variable <<= PAGE_SHIFT;
}
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [PATCH for 2.6.18-rc2] [2/8] i386/x86-64: Don't randomize stack top when no randomization personality is set
2006-07-16 12:22 [PATCH for 2.6.18-rc2] [2/8] i386/x86-64: Don't randomize stack top when no randomization personality is set Andi Kleen
@ 2006-07-16 20:47 ` Ingo Molnar
2006-07-16 21:14 ` Andi Kleen
0 siblings, 1 reply; 6+ messages in thread
From: Ingo Molnar @ 2006-07-16 20:47 UTC (permalink / raw)
To: Andi Kleen; +Cc: torvalds, akpm, discuss, linux-kernel, Chuck Ebbert
* Andi Kleen <ak@suse.de> wrote:
> unsigned long arch_align_stack(unsigned long sp)
> {
> - if (randomize_va_space)
> + if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
> sp -= get_random_int() % 8192;
> return sp & ~0xf;
i'm not opposing this patch at all, but didnt the performance problems
go away when the 0xf was changed to 0x7f?
looks good otherwise.
Acked-by: Ingo Molnar <mingo@elte.hu>
Ingo
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [PATCH for 2.6.18-rc2] [2/8] i386/x86-64: Don't randomize stack top when no randomization personality is set
2006-07-16 20:47 ` Ingo Molnar
@ 2006-07-16 21:14 ` Andi Kleen
2006-07-16 21:11 ` Ingo Molnar
0 siblings, 1 reply; 6+ messages in thread
From: Andi Kleen @ 2006-07-16 21:14 UTC (permalink / raw)
To: Ingo Molnar; +Cc: torvalds, akpm, discuss, linux-kernel, Chuck Ebbert
On Sunday 16 July 2006 22:47, Ingo Molnar wrote:
> * Andi Kleen <ak@suse.de> wrote:
> > unsigned long arch_align_stack(unsigned long sp)
> > {
> > - if (randomize_va_space)
> > + if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
> > sp -= get_random_int() % 8192;
> > return sp & ~0xf;
>
> i'm not opposing this patch at all, but didnt the performance problems
> go away when the 0xf was changed to 0x7f?
Yes, but i sent the patch before that other patch was available.
I guess it's a separate issue anyways - this patch is just concerned about
disabling randomization consistently. Performance optimization can be done
in another one.
-Andi
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [PATCH for 2.6.18-rc2] [2/8] i386/x86-64: Don't randomize stack top when no randomization personality is set
2006-07-16 21:14 ` Andi Kleen
@ 2006-07-16 21:11 ` Ingo Molnar
2006-07-16 21:27 ` Andi Kleen
2006-07-16 21:33 ` [discuss] Re: [PATCH for 2.6.18-rc2] [2/8] i386/x86-64: Don't randomize stack top when no randomization personality is set II Andi Kleen
0 siblings, 2 replies; 6+ messages in thread
From: Ingo Molnar @ 2006-07-16 21:11 UTC (permalink / raw)
To: Andi Kleen; +Cc: torvalds, akpm, discuss, linux-kernel, Chuck Ebbert
* Andi Kleen <ak@suse.de> wrote:
> On Sunday 16 July 2006 22:47, Ingo Molnar wrote:
> > * Andi Kleen <ak@suse.de> wrote:
> > > unsigned long arch_align_stack(unsigned long sp)
> > > {
> > > - if (randomize_va_space)
> > > + if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
> > > sp -= get_random_int() % 8192;
> > > return sp & ~0xf;
> >
> > i'm not opposing this patch at all, but didnt the performance problems
> > go away when the 0xf was changed to 0x7f?
>
> Yes, but i sent the patch before that other patch was available.
excuses, excuses ;)
> I guess it's a separate issue anyways - this patch is just concerned
> about disabling randomization consistently. Performance optimization
> can be done in another one.
yeah. There's one security issue: the 'dont randomize' flag must be
cleared when we cross a protection domain. When for example suid-ing in
exec().
Ingo
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [PATCH for 2.6.18-rc2] [2/8] i386/x86-64: Don't randomize stack top when no randomization personality is set
2006-07-16 21:11 ` Ingo Molnar
@ 2006-07-16 21:27 ` Andi Kleen
2006-07-16 21:33 ` [discuss] Re: [PATCH for 2.6.18-rc2] [2/8] i386/x86-64: Don't randomize stack top when no randomization personality is set II Andi Kleen
1 sibling, 0 replies; 6+ messages in thread
From: Andi Kleen @ 2006-07-16 21:27 UTC (permalink / raw)
To: Ingo Molnar; +Cc: torvalds, akpm, discuss, linux-kernel, Chuck Ebbert
> yeah. There's one security issue: the 'dont randomize' flag must be
> cleared when we cross a protection domain. When for example suid-ing in
> exec().
Good point.
-Andi
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [discuss] Re: [PATCH for 2.6.18-rc2] [2/8] i386/x86-64: Don't randomize stack top when no randomization personality is set II
2006-07-16 21:11 ` Ingo Molnar
2006-07-16 21:27 ` Andi Kleen
@ 2006-07-16 21:33 ` Andi Kleen
1 sibling, 0 replies; 6+ messages in thread
From: Andi Kleen @ 2006-07-16 21:33 UTC (permalink / raw)
To: discuss; +Cc: Ingo Molnar, torvalds, akpm, linux-kernel, Chuck Ebbert
> yeah. There's one security issue: the 'dont randomize' flag must be
> cleared when we cross a protection domain. When for example suid-ing in
> exec().
Just checked. It should be already done because ADDR_NO_RANDOMIZE
is in PER_CLEAR_ON_SETID which is cleared in exec.
-Andi
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2006-07-16 21:31 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-07-16 12:22 [PATCH for 2.6.18-rc2] [2/8] i386/x86-64: Don't randomize stack top when no randomization personality is set Andi Kleen
2006-07-16 20:47 ` Ingo Molnar
2006-07-16 21:14 ` Andi Kleen
2006-07-16 21:11 ` Ingo Molnar
2006-07-16 21:27 ` Andi Kleen
2006-07-16 21:33 ` [discuss] Re: [PATCH for 2.6.18-rc2] [2/8] i386/x86-64: Don't randomize stack top when no randomization personality is set II Andi Kleen
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.