Re: [PATCH] mm: Stop PMD alignment for PIE shared objects

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Matthew Wilcox <willy@infradead.org>
To: Audra Mitchell <audra@redhat.com>
Cc: linux-mm@kvack.org, raquini@redhat.com, aris@redhat.com,
	akpm@linux-foundation.org, william.kucharski@oracle.com,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH] mm: Stop PMD alignment for PIE shared objects
Date: Thu, 19 Dec 2024 21:30:58 +0000	[thread overview]
Message-ID: <Z2SQkrldCVDiTeia@casper.infradead.org> (raw)
In-Reply-To: <20241219211552.1450226-1-audra@redhat.com>

On Thu, Dec 19, 2024 at 04:15:52PM -0500, Audra Mitchell wrote:
> After commit 1854bc6e2420 ("mm/readahead: Align file mappings for non-DAX")
> any request through thp_get_unmapped_area would align to a PMD_SIZE,
> causing shared objects to have less randomization than previously (9 less
> bits for 2MB PMDs). As these lower 9 bits are the most impactful for
> ASLR, this change could be argued to have an impact on security.

Yes, very tiresome people have been making that argument for a long
time.  Do you have anything further to add to the discussion that
happened here:

https://lore.kernel.org/linux-mm/20240118133504.2910955-1-shy828301@gmail.com/

particularly in light of 3afb76a66b55 existing.

> Fix this issue by checking that the request is aligned to the PMD_SIZE,
> otherwise fall back to mm_get_unmapped_area_vmflags().

NAK this version anyway.  Even if the executable is, say, 2.1MB in size,
we still want the first 2MB of the file to be covered with a PMD
mapping.

next prev parent reply	other threads:[~2024-12-19 21:31 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-12-19 21:15 [PATCH] mm: Stop PMD alignment for PIE shared objects Audra Mitchell
2024-12-19 21:30 ` Matthew Wilcox [this message]
2024-12-19 21:59   ` Audra Mitchell
2024-12-20 18:20   ` Rafael Aquini

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Z2SQkrldCVDiTeia@casper.infradead.org \
    --to=willy@infradead.org \
    --cc=akpm@linux-foundation.org \
    --cc=aris@redhat.com \
    --cc=audra@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=raquini@redhat.com \
    --cc=william.kucharski@oracle.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.