[PATCH 1/2] mm: mmap: Add new /proc tunable for mmap_base ASLR.

All of lore.kernel.org
 help / color / mirror / Atom feed

From: dcashman@android.com (Daniel Cashman)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH 1/2] mm: mmap: Add new /proc tunable for mmap_base ASLR.
Date: Thu, 29 Oct 2015 15:06:56 -0700	[thread overview]
Message-ID: <56329880.4080103@android.com> (raw)
In-Reply-To: <87oafiuys0.fsf@x220.int.ebiederm.org>

On 10/28/2015 08:41 PM, Eric W. Biederman wrote:
> Dan Cashman <dcashman@android.com> writes:
> 
>>>> This all would be much cleaner if the arm architecture code were just to
>>>> register the sysctl itself.
>>>>
>>>> As it sits this looks like a patchset that does not meaninfully bisect,
>>>> and would result in code that is hard to trace and understand.
>>>
>>> I believe the intent is to follow up with more architecture specific
>>> patches to allow each architecture to define the number of bits to use
>>
>> Yes.  I included these patches together because they provide mutual
>> context, but each has a different outcome and they could be taken
>> separately.
> 
> They can not.  The first patch is incomplete by itself.

Could you be more specific in what makes the first patch incomplete?  Is
it because it is essentially a no-op without additional architecture
changes (e.g. the second patch) or is it specifically because it
introduces and uses the three "mmap_rnd_bits*" variables without
defining them?  If the former, I'd like to avoid combining the general
procfs change with any architecture-specific one(s).  If the latter, I
hope the proposal below addresses that.

>> The arm architecture-specific portion allows the changing
>> of the number of bits used for mmap ASLR, useful even without the
>> sysctl.  The sysctl patch (patch 1) provides another way of setting
>> this value, and the hope is that this will be adopted across multiple
>> architectures, with the arm changes (patch 2) providing an example.  I
>> hope to follow this with changes to arm64 and x86, for example.
> 
> If you want to make the code generic.  Please maximize the sharing.
> That is please define the variables in a generic location, as well
> as the Kconfig variables (if possible).
> 
> As it is you have an architecture specific piece of code that can not be
> reused without duplicating code, and that is just begging for problems.

I think it would make sense to move the variable definitions into
mm/mmap.c, included conditionally based on the presence of
CONFIG_ARCH_MMAP_RND_BITS.

As for the Kconfigs, I am open to suggestions.  I considered declaring
and documenting ARCH_MMAP_RND_BITS in arch/Kconfig, but I would like it
to be bounded in range by the _MIN and _MAX values, which necessarily
must be defined in the arch-specific Kconfigs.  Thus, we'd have
ARCH_MMAP_RND_BITS declared in arch/Kconfig as it currently is in
arch/arm/Kconfig defaulting to _MIN, and would declare both the _MIN and
_MAX in arch/Kconfig, while specifying default values in
arch/${ARCH}/Kconfig.

Would these changes be more acceptable?

Thank You,
Dan

WARNING: multiple messages have this Message-ID (diff)

From: Daniel Cashman <dcashman@android.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Jeffrey Vander Stoep <jeffv@google.com>,
	linux-kernel@vger.kernel.org, linux@arm.linux.org.uk,
	Andrew Morton <akpm@linux-foundation.org>,
	Kees Cook <keescook@chromium.org>,
	mingo@kernel.org, linux-arm-kernel@lists.infradead.org,
	Jonathan Corbet <corbet@lwn.net>,
	dzickus@redhat.com, xypron.glpk@gmx.de, jpoimboe@redhat.com,
	kirill.shutemov@linux.intel.com, n-horiguchi@ah.jp.nec.com,
	aarcange@redhat.com, Mel Gorman <mgorman@suse.de>,
	tglx@linutronix.de, rientjes@google.com, linux-mm@kvack.org,
	linux-doc@vger.kernel.org, Mark Salyzyn <salyzyn@android.com>,
	Nick Kralevich <nnk@google.com>, dcashman <dcashman@google.com>
Subject: Re: [PATCH 1/2] mm: mmap: Add new /proc tunable for mmap_base ASLR.
Date: Thu, 29 Oct 2015 15:06:56 -0700	[thread overview]
Message-ID: <56329880.4080103@android.com> (raw)
In-Reply-To: <87oafiuys0.fsf@x220.int.ebiederm.org>

On 10/28/2015 08:41 PM, Eric W. Biederman wrote:
> Dan Cashman <dcashman@android.com> writes:
> 
>>>> This all would be much cleaner if the arm architecture code were just to
>>>> register the sysctl itself.
>>>>
>>>> As it sits this looks like a patchset that does not meaninfully bisect,
>>>> and would result in code that is hard to trace and understand.
>>>
>>> I believe the intent is to follow up with more architecture specific
>>> patches to allow each architecture to define the number of bits to use
>>
>> Yes.  I included these patches together because they provide mutual
>> context, but each has a different outcome and they could be taken
>> separately.
> 
> They can not.  The first patch is incomplete by itself.

Could you be more specific in what makes the first patch incomplete?  Is
it because it is essentially a no-op without additional architecture
changes (e.g. the second patch) or is it specifically because it
introduces and uses the three "mmap_rnd_bits*" variables without
defining them?  If the former, I'd like to avoid combining the general
procfs change with any architecture-specific one(s).  If the latter, I
hope the proposal below addresses that.

>> The arm architecture-specific portion allows the changing
>> of the number of bits used for mmap ASLR, useful even without the
>> sysctl.  The sysctl patch (patch 1) provides another way of setting
>> this value, and the hope is that this will be adopted across multiple
>> architectures, with the arm changes (patch 2) providing an example.  I
>> hope to follow this with changes to arm64 and x86, for example.
> 
> If you want to make the code generic.  Please maximize the sharing.
> That is please define the variables in a generic location, as well
> as the Kconfig variables (if possible).
> 
> As it is you have an architecture specific piece of code that can not be
> reused without duplicating code, and that is just begging for problems.

I think it would make sense to move the variable definitions into
mm/mmap.c, included conditionally based on the presence of
CONFIG_ARCH_MMAP_RND_BITS.

As for the Kconfigs, I am open to suggestions.  I considered declaring
and documenting ARCH_MMAP_RND_BITS in arch/Kconfig, but I would like it
to be bounded in range by the _MIN and _MAX values, which necessarily
must be defined in the arch-specific Kconfigs.  Thus, we'd have
ARCH_MMAP_RND_BITS declared in arch/Kconfig as it currently is in
arch/arm/Kconfig defaulting to _MIN, and would declare both the _MIN and
_MAX in arch/Kconfig, while specifying default values in
arch/${ARCH}/Kconfig.

Would these changes be more acceptable?

Thank You,
Dan

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

WARNING: multiple messages have this Message-ID (diff)

From: Daniel Cashman <dcashman@android.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Jeffrey Vander Stoep <jeffv@google.com>,
	linux-kernel@vger.kernel.org, linux@arm.linux.org.uk,
	Andrew Morton <akpm@linux-foundation.org>,
	Kees Cook <keescook@chromium.org>,
	mingo@kernel.org, linux-arm-kernel@lists.infradead.org,
	Jonathan Corbet <corbet@lwn.net>,
	dzickus@redhat.com, xypron.glpk@gmx.de, jpoimboe@redhat.com,
	kirill.shutemov@linux.intel.com, n-horiguchi@ah.jp.nec.com,
	aarcange@redhat.com, Mel Gorman <mgorman@suse.de>,
	tglx@linutronix.de, rientjes@google.com, linux-mm@kvack.org,
	linux-doc@vger.kernel.org, Mark Salyzyn <salyzyn@android.com>,
	Nick Kralevich <nnk@google.com>, dcashman <dcashman@google.com>
Subject: Re: [PATCH 1/2] mm: mmap: Add new /proc tunable for mmap_base ASLR.
Date: Thu, 29 Oct 2015 15:06:56 -0700	[thread overview]
Message-ID: <56329880.4080103@android.com> (raw)
In-Reply-To: <87oafiuys0.fsf@x220.int.ebiederm.org>

On 10/28/2015 08:41 PM, Eric W. Biederman wrote:
> Dan Cashman <dcashman@android.com> writes:
> 
>>>> This all would be much cleaner if the arm architecture code were just to
>>>> register the sysctl itself.
>>>>
>>>> As it sits this looks like a patchset that does not meaninfully bisect,
>>>> and would result in code that is hard to trace and understand.
>>>
>>> I believe the intent is to follow up with more architecture specific
>>> patches to allow each architecture to define the number of bits to use
>>
>> Yes.  I included these patches together because they provide mutual
>> context, but each has a different outcome and they could be taken
>> separately.
> 
> They can not.  The first patch is incomplete by itself.

Could you be more specific in what makes the first patch incomplete?  Is
it because it is essentially a no-op without additional architecture
changes (e.g. the second patch) or is it specifically because it
introduces and uses the three "mmap_rnd_bits*" variables without
defining them?  If the former, I'd like to avoid combining the general
procfs change with any architecture-specific one(s).  If the latter, I
hope the proposal below addresses that.

>> The arm architecture-specific portion allows the changing
>> of the number of bits used for mmap ASLR, useful even without the
>> sysctl.  The sysctl patch (patch 1) provides another way of setting
>> this value, and the hope is that this will be adopted across multiple
>> architectures, with the arm changes (patch 2) providing an example.  I
>> hope to follow this with changes to arm64 and x86, for example.
> 
> If you want to make the code generic.  Please maximize the sharing.
> That is please define the variables in a generic location, as well
> as the Kconfig variables (if possible).
> 
> As it is you have an architecture specific piece of code that can not be
> reused without duplicating code, and that is just begging for problems.

I think it would make sense to move the variable definitions into
mm/mmap.c, included conditionally based on the presence of
CONFIG_ARCH_MMAP_RND_BITS.

As for the Kconfigs, I am open to suggestions.  I considered declaring
and documenting ARCH_MMAP_RND_BITS in arch/Kconfig, but I would like it
to be bounded in range by the _MIN and _MAX values, which necessarily
must be defined in the arch-specific Kconfigs.  Thus, we'd have
ARCH_MMAP_RND_BITS declared in arch/Kconfig as it currently is in
arch/arm/Kconfig defaulting to _MIN, and would declare both the _MIN and
_MAX in arch/Kconfig, while specifying default values in
arch/${ARCH}/Kconfig.

Would these changes be more acceptable?

Thank You,
Dan

next prev parent reply	other threads:[~2015-10-29 22:06 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-10-28 21:25 [PATCH 1/2] mm: mmap: Add new /proc tunable for mmap_base ASLR Daniel Cashman
2015-10-28 21:25 ` Daniel Cashman
2015-10-28 21:25 ` Daniel Cashman
2015-10-28 21:25 ` [PATCH 2/2] arm: mm: support ARCH_MMAP_RND_BITS Daniel Cashman
2015-10-28 21:25   ` Daniel Cashman
2015-10-28 21:25   ` Daniel Cashman
2015-10-28 23:34 ` [PATCH 1/2] mm: mmap: Add new /proc tunable for mmap_base ASLR Eric W. Biederman
2015-10-28 23:34   ` Eric W. Biederman
2015-10-28 23:34   ` Eric W. Biederman
2015-10-28 23:59   ` Jeffrey Vander Stoep
2015-10-29  0:01   ` Jeffrey Vander Stoep
2015-10-29  0:01     ` Jeffrey Vander Stoep
2015-10-29  0:01     ` Jeffrey Vander Stoep
2015-10-29  0:39     ` Dan Cashman
2015-10-29  0:39       ` Dan Cashman
2015-10-29  0:39       ` Dan Cashman
2015-10-29  3:41       ` Eric W. Biederman
2015-10-29  3:41         ` Eric W. Biederman
2015-10-29  3:41         ` Eric W. Biederman
2015-10-29 22:06         ` Daniel Cashman [this message]
2015-10-29 22:06           ` Daniel Cashman
2015-10-29 22:06           ` Daniel Cashman
2015-11-01 21:50           ` Eric W. Biederman
2015-11-01 21:50             ` Eric W. Biederman
2015-11-01 21:50             ` Eric W. Biederman
2015-11-03 18:21             ` Daniel Cashman
2015-11-03 18:21               ` Daniel Cashman
2015-11-03 18:21               ` Daniel Cashman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=56329880.4080103@android.com \
    --to=dcashman@android.com \
    --cc=linux-arm-kernel@lists.infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.