* [PATCH 0/2] ARM: minor sigpage enhancements
@ 2014-07-14 15:46 Nathan Lynch
2014-07-14 15:46 ` [PATCH 1/2] ARM: use _install_special_mapping for sigpage Nathan Lynch
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Nathan Lynch @ 2014-07-14 15:46 UTC (permalink / raw)
To: linux-arm-kernel
Russell,
Would you consider taking these for 3.17? I've been carrying the
sigpage placement randomization as part of the VDSO patch set but it
seems worthwhile on its own. Using _install_special_mapping for the
VDSO and similar VMAs was recently suggested by Andy Lutomirski.
Nathan Lynch (2):
ARM: use _install_special_mapping for sigpage
ARM: place sigpage at a random offset above stack
arch/arm/kernel/process.c | 60 ++++++++++++++++++++++++++++++++++++++++-------
1 file changed, 51 insertions(+), 9 deletions(-)
--
1.9.3
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 1/2] ARM: use _install_special_mapping for sigpage
2014-07-14 15:46 [PATCH 0/2] ARM: minor sigpage enhancements Nathan Lynch
@ 2014-07-14 15:46 ` Nathan Lynch
2014-07-14 15:46 ` [PATCH 2/2] ARM: place sigpage at a random offset above stack Nathan Lynch
2014-07-14 18:57 ` [PATCH 0/2] ARM: minor sigpage enhancements Kees Cook
2 siblings, 0 replies; 5+ messages in thread
From: Nathan Lynch @ 2014-07-14 15:46 UTC (permalink / raw)
To: linux-arm-kernel
_install_special_mapping allows the VMA to be identifed in
/proc/pid/maps without the use of arch_vma_name, providing a
slight net reduction in object size:
text data bss dec hex filename
2996 96 144 3236 ca4 arch/arm/kernel/process.o (before)
2956 104 144 3204 c84 arch/arm/kernel/process.o (after)
Signed-off-by: Nathan Lynch <nathan_lynch@mentor.com>
---
arch/arm/kernel/process.c | 24 ++++++++++++++++--------
1 file changed, 16 insertions(+), 8 deletions(-)
diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c
index 81ef686a91ca..46fbbb3701a0 100644
--- a/arch/arm/kernel/process.c
+++ b/arch/arm/kernel/process.c
@@ -472,19 +472,23 @@ int in_gate_area_no_mm(unsigned long addr)
const char *arch_vma_name(struct vm_area_struct *vma)
{
- return is_gate_vma(vma) ? "[vectors]" :
- (vma->vm_mm && vma->vm_start == vma->vm_mm->context.sigpage) ?
- "[sigpage]" : NULL;
+ return is_gate_vma(vma) ? "[vectors]" : NULL;
}
static struct page *signal_page;
extern struct page *get_signal_page(void);
+static const struct vm_special_mapping sigpage_mapping = {
+ .name = "[sigpage]",
+ .pages = &signal_page,
+};
+
int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
{
struct mm_struct *mm = current->mm;
+ struct vm_area_struct *vma;
unsigned long addr;
- int ret;
+ int ret = 0;
if (!signal_page)
signal_page = get_signal_page();
@@ -498,12 +502,16 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
goto up_fail;
}
- ret = install_special_mapping(mm, addr, PAGE_SIZE,
+ vma = _install_special_mapping(mm, addr, PAGE_SIZE,
VM_READ | VM_EXEC | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC,
- &signal_page);
+ &sigpage_mapping);
+
+ if (IS_ERR(vma)) {
+ ret = PTR_ERR(vma);
+ goto up_fail;
+ }
- if (ret == 0)
- mm->context.sigpage = addr;
+ mm->context.sigpage = addr;
up_fail:
up_write(&mm->mmap_sem);
--
1.9.3
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 2/2] ARM: place sigpage at a random offset above stack
2014-07-14 15:46 [PATCH 0/2] ARM: minor sigpage enhancements Nathan Lynch
2014-07-14 15:46 ` [PATCH 1/2] ARM: use _install_special_mapping for sigpage Nathan Lynch
@ 2014-07-14 15:46 ` Nathan Lynch
2014-07-14 18:57 ` [PATCH 0/2] ARM: minor sigpage enhancements Kees Cook
2 siblings, 0 replies; 5+ messages in thread
From: Nathan Lynch @ 2014-07-14 15:46 UTC (permalink / raw)
To: linux-arm-kernel
The sigpage is currently placed alongside shared libraries etc in the
address space. Similar to what x86_64 does for its VDSO, place the
sigpage at a randomized offset above the stack so that learning the
base address of the sigpage doesn't help expose where shared libraries
are loaded in the address space (and vice versa).
Signed-off-by: Nathan Lynch <nathan_lynch@mentor.com>
---
arch/arm/kernel/process.c | 36 +++++++++++++++++++++++++++++++++++-
1 file changed, 35 insertions(+), 1 deletion(-)
diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c
index 46fbbb3701a0..9e0d931dd475 100644
--- a/arch/arm/kernel/process.c
+++ b/arch/arm/kernel/process.c
@@ -475,6 +475,38 @@ const char *arch_vma_name(struct vm_area_struct *vma)
return is_gate_vma(vma) ? "[vectors]" : NULL;
}
+/* If possible, provide a placement hint at a random offset from the
+ * stack for the signal page.
+ */
+static unsigned long sigpage_addr(const struct mm_struct *mm, unsigned int npages)
+{
+ unsigned long offset;
+ unsigned long first;
+ unsigned long last;
+ unsigned long addr;
+ unsigned int slots;
+
+ first = PAGE_ALIGN(mm->start_stack);
+
+ last = TASK_SIZE - (npages << PAGE_SHIFT);
+
+ /* No room after stack? */
+ if (first > last)
+ return 0;
+
+ /* Just enough room? */
+ if (first == last)
+ return first;
+
+ slots = ((last - first) >> PAGE_SHIFT) + 1;
+
+ offset = get_random_int() % slots;
+
+ addr = first + (offset << PAGE_SHIFT);
+
+ return addr;
+}
+
static struct page *signal_page;
extern struct page *get_signal_page(void);
@@ -488,6 +520,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
struct mm_struct *mm = current->mm;
struct vm_area_struct *vma;
unsigned long addr;
+ unsigned long hint;
int ret = 0;
if (!signal_page)
@@ -496,7 +529,8 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
return -ENOMEM;
down_write(&mm->mmap_sem);
- addr = get_unmapped_area(NULL, 0, PAGE_SIZE, 0, 0);
+ hint = sigpage_addr(mm, 1);
+ addr = get_unmapped_area(NULL, hint, PAGE_SIZE, 0, 0);
if (IS_ERR_VALUE(addr)) {
ret = addr;
goto up_fail;
--
1.9.3
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 0/2] ARM: minor sigpage enhancements
2014-07-14 15:46 [PATCH 0/2] ARM: minor sigpage enhancements Nathan Lynch
2014-07-14 15:46 ` [PATCH 1/2] ARM: use _install_special_mapping for sigpage Nathan Lynch
2014-07-14 15:46 ` [PATCH 2/2] ARM: place sigpage at a random offset above stack Nathan Lynch
@ 2014-07-14 18:57 ` Kees Cook
2014-07-18 16:20 ` Nathan Lynch
2 siblings, 1 reply; 5+ messages in thread
From: Kees Cook @ 2014-07-14 18:57 UTC (permalink / raw)
To: linux-arm-kernel
On Mon, Jul 14, 2014 at 8:46 AM, Nathan Lynch <nathan_lynch@mentor.com> wrote:
> Russell,
>
> Would you consider taking these for 3.17? I've been carrying the
> sigpage placement randomization as part of the VDSO patch set but it
> seems worthwhile on its own. Using _install_special_mapping for the
> VDSO and similar VMAs was recently suggested by Andy Lutomirski.
>
> Nathan Lynch (2):
> ARM: use _install_special_mapping for sigpage
> ARM: place sigpage at a random offset above stack
>
> arch/arm/kernel/process.c | 60 ++++++++++++++++++++++++++++++++++++++++-------
> 1 file changed, 51 insertions(+), 9 deletions(-)
Cool! Thanks for this.
Reviewed-by: Kees Cook <keescook@chromium.org>
-Kees
--
Kees Cook
Chrome OS Security
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 0/2] ARM: minor sigpage enhancements
2014-07-14 18:57 ` [PATCH 0/2] ARM: minor sigpage enhancements Kees Cook
@ 2014-07-18 16:20 ` Nathan Lynch
0 siblings, 0 replies; 5+ messages in thread
From: Nathan Lynch @ 2014-07-18 16:20 UTC (permalink / raw)
To: linux-arm-kernel
On 07/14/2014 01:57 PM, Kees Cook wrote:
> On Mon, Jul 14, 2014 at 8:46 AM, Nathan Lynch <nathan_lynch@mentor.com> wrote:
>> Russell,
>>
>> Would you consider taking these for 3.17? I've been carrying the
>> sigpage placement randomization as part of the VDSO patch set but it
>> seems worthwhile on its own. Using _install_special_mapping for the
>> VDSO and similar VMAs was recently suggested by Andy Lutomirski.
>>
>> Nathan Lynch (2):
>> ARM: use _install_special_mapping for sigpage
>> ARM: place sigpage at a random offset above stack
>>
>> arch/arm/kernel/process.c | 60 ++++++++++++++++++++++++++++++++++++++++-------
>> 1 file changed, 51 insertions(+), 9 deletions(-)
>
> Cool! Thanks for this.
>
> Reviewed-by: Kees Cook <keescook@chromium.org>
Russell, okay to add these to your patch tracker?
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2014-07-18 16:20 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-07-14 15:46 [PATCH 0/2] ARM: minor sigpage enhancements Nathan Lynch
2014-07-14 15:46 ` [PATCH 1/2] ARM: use _install_special_mapping for sigpage Nathan Lynch
2014-07-14 15:46 ` [PATCH 2/2] ARM: place sigpage at a random offset above stack Nathan Lynch
2014-07-14 18:57 ` [PATCH 0/2] ARM: minor sigpage enhancements Kees Cook
2014-07-18 16:20 ` Nathan Lynch
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).