From: Andrew Morton <akpm@linux-foundation.org>
To: Jan Kratochvil <honza@jikos.cz>
Cc: Jiri Kosina <jkosina@suse.cz>, Ingo Molnar <mingo@elte.hu>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH][RESEND] PIE randomization
Date: Fri, 18 May 2007 10:29:18 -0700 [thread overview]
Message-ID: <20070518102918.4b9272e9.akpm@linux-foundation.org> (raw)
In-Reply-To: <alpine.LRH.0.98.0705172221440.22353@twin.jikos.cz>
On Thu, 17 May 2007 22:24:11 +0200 (CEST)
Jan Kratochvil <honza@jikos.cz> wrote:
> This patch is using mmap()'s randomization functionality in such a way
> that it maps the main executable of (specially compiled/linked -pie/-fpie)
> ET_DYN binaries onto a random address (in cases in which mmap() is allowed
> to perform a randomization).
>
> Origin of this patch is in exec-shield (http://people.redhat.com/mingo/exec-shield/)
From: Andrew Morton <akpm@linux-foundation.org>
- the compiler knows how to inline things
- return -EINVAL on zero-size, not -EIO
- reduce scope of local `interp_map_addr', remove unneeded initialisation,
add needed comment.
- coding-style repairs
Cc: Jan Kratochvil <honza@jikos.cz>
Cc: Jiri Kosina <jkosina@suse.cz>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Roland McGrath <roland@redhat.com>
Cc: Jakub Jelinek <jakub@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
fs/binfmt_elf.c | 26 +++++++++++++++++---------
1 files changed, 17 insertions(+), 9 deletions(-)
diff -puN fs/binfmt_elf.c~pie-randomization-fix fs/binfmt_elf.c
--- a/fs/binfmt_elf.c~pie-randomization-fix
+++ a/fs/binfmt_elf.c
@@ -322,17 +322,17 @@ static unsigned long elf_map(struct file
#endif /* !elf_map */
-static inline unsigned long total_mapping_size(struct elf_phdr *cmds, int nr)
+static unsigned long total_mapping_size(struct elf_phdr *cmds, int nr)
{
int i, first_idx = -1, last_idx = -1;
- for (i = 0; i < nr; i++)
+ for (i = 0; i < nr; i++) {
if (cmds[i].p_type == PT_LOAD) {
last_idx = i;
if (first_idx == -1)
first_idx = i;
}
-
+ }
if (first_idx == -1)
return 0;
@@ -396,8 +396,10 @@ static unsigned long load_elf_interp(str
}
total_size = total_mapping_size(elf_phdata, interp_elf_ex->e_phnum);
- if (!total_size)
+ if (!total_size) {
+ error = -EINVAL;
goto out_close;
+ }
eppnt = elf_phdata;
for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
@@ -586,7 +588,8 @@ static int load_elf_binary(struct linux_
int elf_exec_fileno;
int retval, i;
unsigned int size;
- unsigned long elf_entry, interp_load_addr = 0, interp_map_addr = 0;
+ unsigned long elf_entry;
+ unsigned long interp_load_addr = 0;
unsigned long start_code, end_code, start_data, end_data;
unsigned long reloc_func_desc = 0;
char passed_fileno[6];
@@ -908,7 +911,7 @@ static int load_elf_binary(struct linux_
* default mmap base, as well as whatever program they
* might try to exec. This is because the brk will
* follow the loader, and is not movable. */
-#if defined(__i386__) || defined(__x86_64__)
+#ifdef CONFIG_X86
load_bias = 0;
#else
load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
@@ -992,16 +995,21 @@ static int load_elf_binary(struct linux_
}
if (elf_interpreter) {
- if (interpreter_type == INTERPRETER_AOUT)
+ if (interpreter_type == INTERPRETER_AOUT) {
elf_entry = load_aout_interp(&loc->interp_ex,
interpreter);
- else {
+ } else {
+ unsigned long interp_map_addr; /* unused */
+
elf_entry = load_elf_interp(&loc->interp_elf_ex,
interpreter,
&interp_map_addr,
load_bias);
if (!BAD_ADDR(elf_entry)) {
- /* load_elf_interp() returns relocation adjustment */
+ /*
+ * load_elf_interp() returns relocation
+ * adjustment
+ */
interp_load_addr = elf_entry;
elf_entry += loc->interp_elf_ex.e_entry;
}
_
next prev parent reply other threads:[~2007-05-18 17:33 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-05-11 12:33 [PATCH][RESEND] PIE randomization Jan Kratochvil
2007-05-11 19:56 ` Andrew Morton
2007-05-11 20:18 ` Jiri Kosina
2007-05-11 20:36 ` Andrew Morton
2007-05-11 22:41 ` Ulrich Drepper
2007-05-11 23:50 ` Jiri Kosina
2007-05-16 17:14 ` Jiri Kosina
2007-05-17 20:24 ` Jan Kratochvil
2007-05-17 21:50 ` Jiri Kosina
2007-05-18 17:29 ` Andrew Morton [this message]
2007-05-21 14:58 ` Hugh Dickins
2007-05-22 23:16 ` Andrew Morton
2007-05-23 8:50 ` Jiri Kosina
2007-07-04 8:25 ` Jakub Jelinek
2007-07-04 17:35 ` Jiri Kosina
2007-07-05 20:53 ` Chuck Ebbert
2007-07-05 20:57 ` Rik van Riel
2007-07-07 0:13 ` Jiri Kosina
2007-07-07 12:30 ` Jakub Jelinek
2007-07-09 11:41 ` Jiri Kosina
2007-07-09 21:58 ` Jiri Kosina
2007-07-10 9:47 ` Jakub Jelinek
2007-07-11 9:58 ` Jiri Kosina
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070518102918.4b9272e9.akpm@linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=honza@jikos.cz \
--cc=jkosina@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox