[PATCH] [powerpc] Fix Text randomization

linuxppc-dev.lists.ozlabs.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] [powerpc] Fix Text randomization
@ 2014-11-14  9:12 Vineeth Vijayan
  2014-11-17  6:53 ` Michael Ellerman
  0 siblings, 1 reply; 6+ messages in thread
From: Vineeth Vijayan @ 2014-11-14  9:12 UTC (permalink / raw)
  To: Michael Ellerman, benh, linuxppc-dev, linux-kernel; +Cc: Vineeth Vijayan

Now there is no way to disable TEXT randomization on a PPC32/PPC64
machine. Text randomization happens even in the case of "echo 0 >
/proc/sys/kernel/randomize_va_space"

This happens due to the incorrect definition of ELF_ET_DYN_BASE
at arch/powerpc/include/asm/elf.h

The function randomize_et_dyn is redundant and is removed.

Signed-off-by: Vineeth Vijayan <vvijayan@mvista.com>
---
 arch/powerpc/Kconfig           |    1 +
 arch/powerpc/include/asm/elf.h |    3 +--
 arch/powerpc/kernel/process.c  |    9 ---------
 3 files changed, 2 insertions(+), 11 deletions(-)

diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
index 88eace4..868a3c4 100644
--- a/arch/powerpc/Kconfig
+++ b/arch/powerpc/Kconfig
@@ -88,6 +88,7 @@ config PPC
 	select ARCH_MIGHT_HAVE_PC_PARPORT
 	select ARCH_MIGHT_HAVE_PC_SERIO
 	select BINFMT_ELF
+	select ARCH_BINFMT_ELF_RANDOMIZE_PIE
 	select OF
 	select OF_EARLY_FLATTREE
 	select OF_RESERVED_MEM
diff --git a/arch/powerpc/include/asm/elf.h b/arch/powerpc/include/asm/elf.h
index 888d8f3..3793675 100644
--- a/arch/powerpc/include/asm/elf.h
+++ b/arch/powerpc/include/asm/elf.h
@@ -28,8 +28,7 @@
    the loader.  We need to make sure that it is out of the way of the program
    that it will "exec", and that there is sufficient room for the brk.  */
 
-extern unsigned long randomize_et_dyn(unsigned long base);
-#define ELF_ET_DYN_BASE		(randomize_et_dyn(0x20000000))
+#define ELF_ET_DYN_BASE		(0x20000000)
 
 #define ELF_CORE_EFLAGS (is_elf2_task() ? 2 : 0)
 
diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c
index 923cd2d..e50467e 100644
--- a/arch/powerpc/kernel/process.c
+++ b/arch/powerpc/kernel/process.c
@@ -1665,12 +1665,3 @@ unsigned long arch_randomize_brk(struct mm_struct *mm)
 	return ret;
 }
 
-unsigned long randomize_et_dyn(unsigned long base)
-{
-	unsigned long ret = PAGE_ALIGN(base + brk_rnd());
-
-	if (ret < base)
-		return base;
-
-	return ret;
-}
-- 
1.7.9.5

^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [PATCH] [powerpc] Fix Text randomization
  2014-11-14  9:12 [PATCH] [powerpc] Fix Text randomization Vineeth Vijayan
@ 2014-11-17  6:53 ` Michael Ellerman
  2014-11-18  7:10   ` Vineeth Vijayan
  2014-11-18  7:20   ` Vineeth Vijayan
  0 siblings, 2 replies; 6+ messages in thread
From: Michael Ellerman @ 2014-11-17  6:53 UTC (permalink / raw)
  To: Vineeth Vijayan; +Cc: linuxppc-dev, linux-kernel, Anton Blanchard

On Fri, 2014-11-14 at 14:42 +0530, Vineeth Vijayan wrote:
> Now there is no way to disable TEXT randomization on a PPC32/PPC64
> machine. Text randomization happens even in the case of "echo 0 >
> /proc/sys/kernel/randomize_va_space"
> 
> This happens due to the incorrect definition of ELF_ET_DYN_BASE
> at arch/powerpc/include/asm/elf.h
> 
> The function randomize_et_dyn is redundant and is removed.

The patch looks OK, but for the change log I was thinking something more like
this:

powerpc: Use generic PIE randomization

Back in 2009 we merged 501cb16d3cfd "Randomise PIEs", which added support for
randomizing PIE (Position Independent Executable) binaries.

That commit added randomize_et_dyn(), which correctly randomized the addresses,
but failed to honor PF_RANDOMIZE. That means it was not possible to disable PIE
randomization via the personality flag, or /proc/sys/kernel/randomize_va_space.

Since then there has been generic support for PIE randomization added to
binfmt_elf.c, selectable via ARCH_BINFMT_ELF_RANDOMIZE_PIE.

Enabling that allows us to drop randomize_et_dyn(), which means we start
honoring PF_RANDOMIZE correctly.

It also causes a fairly major change to how we layout PIE binaries.

Currently we will place the binary at 512MB-520MB for 32 bit binaries, or
512MB-1.5GB for 64 bit binaries, eg:

    $ cat /proc/$$/maps
    4e550000-4e580000 r-xp 00000000 08:02 129813       /bin/dash
    4e580000-4e590000 rw-p 00020000 08:02 129813       /bin/dash
    10014110000-10014140000 rw-p 00000000 00:00 0      [heap]
    3fffaa3f0000-3fffaa5a0000 r-xp 00000000 08:02 921  /lib/powerpc64le-linux-gnu/libc-2.19.so
    3fffaa5a0000-3fffaa5b0000 rw-p 001a0000 08:02 921  /lib/powerpc64le-linux-gnu/libc-2.19.so
    3fffaa5c0000-3fffaa5d0000 rw-p 00000000 00:00 0 
    3fffaa5d0000-3fffaa5f0000 r-xp 00000000 00:00 0    [vdso]
    3fffaa5f0000-3fffaa620000 r-xp 00000000 08:02 1246 /lib/powerpc64le-linux-gnu/ld-2.19.so
    3fffaa620000-3fffaa630000 rw-p 00020000 08:02 1246 /lib/powerpc64le-linux-gnu/ld-2.19.so
    3ffffc340000-3ffffc370000 rw-p 00000000 00:00 0    [stack]

With this commit applied we don't do any special randomisation for the binary,
and instead rely on mmap randomisation. This means the binary ends up at high
addresses, eg:

    $ cat /proc/$$/maps
    3fff99820000-3fff999d0000 r-xp 00000000 08:02 921    /lib/powerpc64le-linux-gnu/libc-2.19.so
    3fff999d0000-3fff999e0000 rw-p 001a0000 08:02 921    /lib/powerpc64le-linux-gnu/libc-2.19.so
    3fff999f0000-3fff99a00000 rw-p 00000000 00:00 0 
    3fff99a00000-3fff99a20000 r-xp 00000000 00:00 0      [vdso]
    3fff99a20000-3fff99a50000 r-xp 00000000 08:02 1246   /lib/powerpc64le-linux-gnu/ld-2.19.so
    3fff99a50000-3fff99a60000 rw-p 00020000 08:02 1246   /lib/powerpc64le-linux-gnu/ld-2.19.so
    3fff99a60000-3fff99a90000 r-xp 00000000 08:02 129813 /bin/dash
    3fff99a90000-3fff99aa0000 rw-p 00020000 08:02 129813 /bin/dash
    3fffc3de0000-3fffc3e10000 rw-p 00000000 00:00 0      [stack]
    3fffc55e0000-3fffc5610000 rw-p 00000000 00:00 0      [heap]

Although this should be OK, it's possible it might break badly written
binaries that make assumptions about the address space layout.

cheers

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] [powerpc] Fix Text randomization
  2014-11-17  6:53 ` Michael Ellerman
@ 2014-11-18  7:10   ` Vineeth Vijayan
  2014-11-18  7:20   ` Vineeth Vijayan
  1 sibling, 0 replies; 6+ messages in thread
From: Vineeth Vijayan @ 2014-11-18  7:10 UTC (permalink / raw)
  To: Michael Ellerman; +Cc: linuxppc-dev, linux-kernel, Anton Blanchard

[-- Attachment #1: Type: text/plain, Size: 714 bytes --]

On Mon, Nov 17, 2014 at 12:23 PM, Michael Ellerman <mpe@ellerman.id.au>
wrote:

> On Fri, 2014-11-14 at 14:42 +0530, Vineeth Vijayan wrote:
> > Now there is no way to disable TEXT randomization on a PPC32/PPC64
> > machine. Text randomization happens even in the case of "echo 0 >
> > /proc/sys/kernel/randomize_va_space"
> >
> > This happens due to the incorrect definition of ELF_ET_DYN_BASE
> > at arch/powerpc/include/asm/elf.h
> >
> > The function randomize_et_dyn is redundant and is removed.
>
> The patch looks OK, but for the change log I was thinking something more
> like
> this:
>
>
> powerpc: Use generic PIE randomization
>
> Do you want me to send a new patch with updated change log as mentioned ?

[-- Attachment #2: Type: text/html, Size: 1128 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] [powerpc] Fix Text randomization
  2014-11-17  6:53 ` Michael Ellerman
  2014-11-18  7:10   ` Vineeth Vijayan
@ 2014-11-18  7:20   ` Vineeth Vijayan
  2014-11-18 10:26     ` Michael Ellerman
  1 sibling, 1 reply; 6+ messages in thread
From: Vineeth Vijayan @ 2014-11-18  7:20 UTC (permalink / raw)
  To: Michael Ellerman; +Cc: linuxppc-dev, linux-kernel, Anton Blanchard

On Mon, Nov 17, 2014 at 12:23 PM, Michael Ellerman <mpe@ellerman.id.au> wrote:
> On Fri, 2014-11-14 at 14:42 +0530, Vineeth Vijayan wrote:
>> Now there is no way to disable TEXT randomization on a PPC32/PPC64
>> machine. Text randomization happens even in the case of "echo 0 >
>> /proc/sys/kernel/randomize_va_space"
>>
>> This happens due to the incorrect definition of ELF_ET_DYN_BASE
>> at arch/powerpc/include/asm/elf.h
>>
>> The function randomize_et_dyn is redundant and is removed.
>
> The patch looks OK, but for the change log I was thinking something more like
> this:
>
>
> powerpc: Use generic PIE randomization
>
Ok. Thats better.
Do you want me to send a new patch with updated change log as mentioned ?

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] [powerpc] Fix Text randomization
  2014-11-18  7:20   ` Vineeth Vijayan
@ 2014-11-18 10:26     ` Michael Ellerman
  0 siblings, 0 replies; 6+ messages in thread
From: Michael Ellerman @ 2014-11-18 10:26 UTC (permalink / raw)
  To: Vineeth Vijayan; +Cc: linuxppc-dev, linux-kernel, Anton Blanchard

On Tue, 2014-11-18 at 12:50 +0530, Vineeth Vijayan wrote:
> On Mon, Nov 17, 2014 at 12:23 PM, Michael Ellerman <mpe@ellerman.id.au> wrote:
> > On Fri, 2014-11-14 at 14:42 +0530, Vineeth Vijayan wrote:
> >> Now there is no way to disable TEXT randomization on a PPC32/PPC64
> >> machine. Text randomization happens even in the case of "echo 0 >
> >> /proc/sys/kernel/randomize_va_space"
> >>
> >> This happens due to the incorrect definition of ELF_ET_DYN_BASE
> >> at arch/powerpc/include/asm/elf.h
> >>
> >> The function randomize_et_dyn is redundant and is removed.
> >
> > The patch looks OK, but for the change log I was thinking something more like
> > this:
> >
> >
> > powerpc: Use generic PIE randomization
> >
> Ok. Thats better.
> Do you want me to send a new patch with updated change log as mentioned ?
 
No that's OK, I've already merged it.

cheers

^ permalink raw reply	[flat|nested] 6+ messages in thread

* [PATCH] powerpc: Fix Text randomization
@ 2014-10-10  5:45 Vineeth Vijayan
  0 siblings, 0 replies; 6+ messages in thread
From: Vineeth Vijayan @ 2014-10-10  5:45 UTC (permalink / raw)
  To: benh, linuxppc-dev, linux-kernel; +Cc: Vineeth Vijayan

Right now there is no way to disable TEXT randomization on a PPC32
machine. text randomization happens even in the case of "echo 0 >
/proc/sys/kernel/randomize_va_space"

This happens due to the incorrect definition of ELF_ET_DYN_BASE at
arch/powerpc/include/asm/elf.h

Signed-off-by: Vineeth Vijayan <vvijayan@mvista.com>
---
Test details:

#include <stdio.h>

int main(int argc,char *argv)
{
        printf("main = %p\n",main);
        return 0;
}

Compile the same as position-independent executable

Results without Patch:

p5040ds:~# gcc test.c -o test -fPIE -pie
p5040ds:~# echo 2 > /proc/sys/kernel/randomize_va_space 
p5040ds:~# ./test 
main = 0xb7e9681c
p5040ds:~# ./test 
main = 0xb7aba81c
p5040ds:~# ./test 
main = 0xb7fac81c
p5040ds:~# ./test 
main = 0xb7f4c81c
p5040ds:~# echo 0 > /proc/sys/kernel/randomize_va_space                                                                                                                                              
p5040ds:~# ./test 
main = 0x2010281c
p5040ds:~# ./test 
main = 0x2018d81c
p5040ds:~# ./test 
main = 0x206a981c
p5040ds:~# ./test 
main = 0x2036681c


Results with Patch:

p5040ds:~# gcc test.c -o test -fPIE -pie
p5040ds:~# 
p5040ds:~# echo 2 > /proc/sys/kernel/randomize_va_space 
p5040ds:~# 
p5040ds:~# ./test 
main = 0xb78a581c
p5040ds:~# ./test 
main = 0xb792c81c
p5040ds:~# ./test 
main = 0xb79de81c
p5040ds:~# ./test 
main = 0xb78ae81c
p5040ds:~# echo 0 > /proc/sys/kernel/randomize_va_space                                                                                                                                              
p5040ds:~# 
p5040ds:~# ./test 
main = 0x2000081c
p5040ds:~# ./test 
main = 0x2000081c
p5040ds:~# ./test 
main = 0x2000081c
p5040ds:~# ./test 
main = 0x2000081c


 arch/powerpc/Kconfig           |    1 +
 arch/powerpc/include/asm/elf.h |    2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
index 4bc7b62..f99ddae 100644
--- a/arch/powerpc/Kconfig
+++ b/arch/powerpc/Kconfig
@@ -88,6 +88,7 @@ config PPC
 	select ARCH_MIGHT_HAVE_PC_PARPORT
 	select ARCH_MIGHT_HAVE_PC_SERIO
 	select BINFMT_ELF
+	select ARCH_BINFMT_ELF_RANDOMIZE_PIE
 	select OF
 	select OF_EARLY_FLATTREE
 	select OF_RESERVED_MEM
diff --git a/arch/powerpc/include/asm/elf.h b/arch/powerpc/include/asm/elf.h
index 888d8f3..162813b 100644
--- a/arch/powerpc/include/asm/elf.h
+++ b/arch/powerpc/include/asm/elf.h
@@ -29,7 +29,7 @@
    that it will "exec", and that there is sufficient room for the brk.  */
 
 extern unsigned long randomize_et_dyn(unsigned long base);
-#define ELF_ET_DYN_BASE		(randomize_et_dyn(0x20000000))
+#define ELF_ET_DYN_BASE		(0x20000000)
 
 #define ELF_CORE_EFLAGS (is_elf2_task() ? 2 : 0)
 
-- 
1.7.9.5

^ permalink raw reply related	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2014-11-18 10:26 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-11-14  9:12 [PATCH] [powerpc] Fix Text randomization Vineeth Vijayan
2014-11-17  6:53 ` Michael Ellerman
2014-11-18  7:10   ` Vineeth Vijayan
2014-11-18  7:20   ` Vineeth Vijayan
2014-11-18 10:26     ` Michael Ellerman
  -- strict thread matches above, loose matches on Subject: below --
2014-10-10  5:45 [PATCH] powerpc: " Vineeth Vijayan

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).