From: Michael Ellerman <mpe@ellerman.id.au>
To: Andrew Morton <akpm@linux-foundation.org>,
Daniel Cashman <dcashman@android.com>
Cc: linux-kernel@vger.kernel.org, linux@arm.linux.org.uk,
keescook@chromium.org, mingo@kernel.org,
linux-arm-kernel@lists.infradead.org, corbet@lwn.net,
dzickus@redhat.com, ebiederm@xmission.com, xypron.glpk@gmx.de,
jpoimboe@redhat.com, kirill.shutemov@linux.intel.com,
n-horiguchi@ah.jp.nec.com, aarcange@redhat.com, mgorman@suse.de,
tglx@linutronix.de, rientjes@google.com, linux-mm@kvack.org,
linux-doc@vger.kernel.org, salyzyn@android.com, jeffv@google.com,
nnk@google.com, catalin.marinas@arm.com, will.deacon@arm.com,
hpa@zytor.com, x86@kernel.org, hecmargi@upv.es, bp@suse.de,
dcashman@google.com, Ralf Baechle <ralf@linux-mips.org>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Heiko Carstens <heiko.carstens@de.ibm.com>,
Martin Schwidefsky <schwidefsky@de.ibm.com>
Subject: Re: [PATCH v3 0/4] Allow customizable random offset to mmap_base address.
Date: Thu, 26 Nov 2015 18:07:57 +1100 [thread overview]
Message-ID: <1448521677.19291.3.camel@ellerman.id.au> (raw)
In-Reply-To: <20151124163907.1a406b79458b1bb0d3519684@linux-foundation.org>
On Tue, 2015-11-24 at 16:39 -0800, Andrew Morton wrote:
> On Wed, 18 Nov 2015 15:20:04 -0800 Daniel Cashman <dcashman@android.com> wrote:
> > Address Space Layout Randomization (ASLR) provides a barrier to
> > exploitation of user-space processes in the presence of security
> > vulnerabilities by making it more difficult to find desired code/data
> > which could help an attack. This is done by adding a random offset to the
> > location of regions in the process address space, with a greater range of
> > potential offset values corresponding to better protection/a larger
> > search-space for brute force, but also to greater potential for
> > fragmentation.
>
> mips, powerpc and s390 also implement arch_mmap_rnd(). Are there any
> special considerations here, or it just a matter of maintainers wiring
> it up and testing it?
I had a quick stab at powerpc. It seems to work OK, though I've only tested on
64-bit 64K pages.
I'll update this when Daniel does a version which supports a DEFAULT for both
MIN values.
cheers
>From 7c42636d5df21203977900d283c722116f06310c Mon Sep 17 00:00:00 2001
From: Michael Ellerman <mpe@ellerman.id.au>
Date: Thu, 26 Nov 2015 17:40:00 +1100
Subject: [PATCH] powerpc/mm: Use ARCH_MMCAP_RND_BITS
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
---
arch/powerpc/Kconfig | 32 ++++++++++++++++++++++++++++++++
arch/powerpc/mm/mmap.c | 12 +++++++-----
2 files changed, 39 insertions(+), 5 deletions(-)
diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
index db49e0d796b1..e796d6c4055c 100644
--- a/arch/powerpc/Kconfig
+++ b/arch/powerpc/Kconfig
@@ -27,6 +27,36 @@ config MMU
bool
default y
+config ARCH_MMAP_RND_BITS_MIN
+ # On 64-bit up to 1G of address space (2^30)
+ default 12 if 64BIT && PPC_256K_PAGES # 256K (2^18), = 30 - 18 = 12
+ default 14 if 64BIT && PPC_64K_PAGES # 64K (2^16), = 30 - 16 = 14
+ default 16 if 64BIT && PPC_16K_PAGES # 16K (2^14), = 30 - 14 = 16
+ default 18 if 64BIT # 4K (2^12), = 30 - 12 = 18
+ default ARCH_MMAP_RND_COMPAT_BITS_MIN
+
+config ARCH_MMAP_RND_BITS_MAX
+ # On 64-bit up to 32T of address space (2^45)
+ default 27 if 64BIT && PPC_256K_PAGES # 256K (2^18), = 45 - 18 = 27
+ default 29 if 64BIT && PPC_64K_PAGES # 64K (2^16), = 45 - 16 = 29
+ default 31 if 64BIT && PPC_16K_PAGES # 16K (2^14), = 45 - 14 = 31
+ default 33 if 64BIT # 4K (2^12), = 45 - 12 = 33
+ default ARCH_MMAP_RND_COMPAT_BITS_MAX
+
+config ARCH_MMAP_RND_COMPAT_BITS_MIN
+ # Up to 8MB of address space (2^23)
+ default 5 if PPC_256K_PAGES # 256K (2^18), = 23 - 18 = 5
+ default 7 if PPC_64K_PAGES # 64K (2^16), = 23 - 16 = 7
+ default 9 if PPC_16K_PAGES # 16K (2^14), = 23 - 14 = 9
+ default 11 # 4K (2^12), = 23 - 12 = 11
+
+config ARCH_MMAP_RND_COMPAT_BITS_MAX
+ # Up to 2G of address space (2^31)
+ default 13 if PPC_256K_PAGES # 256K (2^18), = 31 - 18 = 13
+ default 15 if PPC_64K_PAGES # 64K (2^16), = 31 - 16 = 15
+ default 17 if PPC_16K_PAGES # 16K (2^14), = 31 - 14 = 17
+ default 19 # 4K (2^12), = 31 - 12 = 19
+
config HAVE_SETUP_PER_CPU_AREA
def_bool PPC64
@@ -160,6 +190,8 @@ config PPC
select EDAC_ATOMIC_SCRUB
select ARCH_HAS_DMA_SET_COHERENT_MASK
select HAVE_ARCH_SECCOMP_FILTER
+ select HAVE_ARCH_MMAP_RND_BITS
+ select HAVE_ARCH_MMAP_RND_COMPAT_BITS if COMPAT
config GENERIC_CSUM
def_bool CPU_LITTLE_ENDIAN
diff --git a/arch/powerpc/mm/mmap.c b/arch/powerpc/mm/mmap.c
index 0f0502e12f6c..269f7bcd2702 100644
--- a/arch/powerpc/mm/mmap.c
+++ b/arch/powerpc/mm/mmap.c
@@ -55,13 +55,15 @@ static inline int mmap_is_legacy(void)
unsigned long arch_mmap_rnd(void)
{
- unsigned long rnd;
+ unsigned long shift, rnd;
- /* 8MB for 32bit, 1GB for 64bit */
+ shift = mmap_rnd_bits;
+#ifdef CONFIG_COMPAT
if (is_32bit_task())
- rnd = (unsigned long)get_random_int() % (1<<(23-PAGE_SHIFT));
- else
- rnd = (unsigned long)get_random_int() % (1<<(30-PAGE_SHIFT));
+ shift = mmap_rnd_compat_bits;
+#endif
+
+ rnd = (unsigned long)get_random_int() % (1 << shift);
return rnd << PAGE_SHIFT;
}
--
2.5.0
prev parent reply other threads:[~2015-11-26 7:08 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-18 23:20 [PATCH v3 0/4] Allow customizable random offset to mmap_base address Daniel Cashman
2015-11-18 23:20 ` [PATCH v3 1/4] mm: mmap: Add new /proc tunable for mmap_base ASLR Daniel Cashman
2015-11-18 23:20 ` [PATCH v3 2/4] arm: mm: support ARCH_MMAP_RND_BITS Daniel Cashman
2015-11-18 23:20 ` [PATCH v3 3/4] arm64: " Daniel Cashman
2015-11-18 23:20 ` [PATCH v3 4/4] x86: " Daniel Cashman
2015-11-19 0:16 ` Daniel Cashman
2015-11-23 15:04 ` [PATCH v3 3/4] arm64: " Will Deacon
2015-11-23 18:55 ` Daniel Cashman
2015-11-25 4:26 ` Michael Ellerman
2015-11-25 19:32 ` Daniel Cashman
2015-11-25 12:06 ` Catalin Marinas
2015-11-25 20:39 ` Daniel Cashman
2015-11-27 8:36 ` Andrey Ryabinin
2015-11-27 9:32 ` Catalin Marinas
2015-11-19 0:14 ` [PATCH v3 1/4] mm: mmap: Add new /proc tunable for mmap_base ASLR Daniel Cashman
2015-11-25 0:40 ` Andrew Morton
2015-11-25 0:47 ` Kees Cook
2015-11-25 19:16 ` Daniel Cashman
2015-11-25 4:40 ` Michael Ellerman
2015-11-25 19:36 ` Daniel Cashman
2015-11-25 0:39 ` [PATCH v3 0/4] Allow customizable random offset to mmap_base address Andrew Morton
2015-11-25 19:07 ` Daniel Cashman
2015-11-26 15:11 ` Martin Schwidefsky
2015-11-26 7:07 ` Michael Ellerman [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1448521677.19291.3.camel@ellerman.id.au \
--to=mpe@ellerman.id.au \
--cc=aarcange@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=benh@kernel.crashing.org \
--cc=bp@suse.de \
--cc=catalin.marinas@arm.com \
--cc=corbet@lwn.net \
--cc=dcashman@android.com \
--cc=dcashman@google.com \
--cc=dzickus@redhat.com \
--cc=ebiederm@xmission.com \
--cc=hecmargi@upv.es \
--cc=heiko.carstens@de.ibm.com \
--cc=hpa@zytor.com \
--cc=jeffv@google.com \
--cc=jpoimboe@redhat.com \
--cc=keescook@chromium.org \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux@arm.linux.org.uk \
--cc=mgorman@suse.de \
--cc=mingo@kernel.org \
--cc=n-horiguchi@ah.jp.nec.com \
--cc=nnk@google.com \
--cc=ralf@linux-mips.org \
--cc=rientjes@google.com \
--cc=salyzyn@android.com \
--cc=schwidefsky@de.ibm.com \
--cc=tglx@linutronix.de \
--cc=will.deacon@arm.com \
--cc=x86@kernel.org \
--cc=xypron.glpk@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox