[ 05/45] x86 get_unmapped_area(): use proper mmap base for bottom-up direction

stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, Rik van Riel <riel@redhat.com>,
	Michel Lespinasse <walken@google.com>,
	Oleg Nesterov <oleg@redhat.com>, Ingo Molnar <mingo@kernel.org>,
	Adrian Sendroiu <molecula2788@gmail.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Linus Torvalds <torvalds@linux-foundation.org>
Subject: [ 05/45] x86 get_unmapped_area(): use proper mmap base for bottom-up direction
Date: Sun, 18 Aug 2013 13:35:54 -0700	[thread overview]
Message-ID: <20130818203621.368077110@linuxfoundation.org> (raw)
In-Reply-To: <20130818203620.996166594@linuxfoundation.org>

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Radu Caragea <sinaelgl@gmail.com>

commit df54d6fa54275ce59660453e29d1228c2b45a826 upstream.

When the stack is set to unlimited, the bottomup direction is used for
mmap-ings but the mmap_base is not used and thus effectively renders
ASLR for mmapings along with PIE useless.

Reviewed-by: Rik van Riel <riel@redhat.com>
Cc: Michel Lespinasse <walken@google.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Acked-by: Ingo Molnar <mingo@kernel.org>
Cc: Adrian Sendroiu <molecula2788@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/x86/kernel/sys_x86_64.c |    2 +-
 arch/x86/mm/mmap.c           |    2 +-
 include/linux/sched.h        |    1 +
 3 files changed, 3 insertions(+), 2 deletions(-)

--- a/arch/x86/kernel/sys_x86_64.c
+++ b/arch/x86/kernel/sys_x86_64.c
@@ -101,7 +101,7 @@ static void find_start_end(unsigned long
 				*begin = new_begin;
 		}
 	} else {
-		*begin = TASK_UNMAPPED_BASE;
+		*begin = mmap_legacy_base();
 		*end = TASK_SIZE;
 	}
 }
--- a/arch/x86/mm/mmap.c
+++ b/arch/x86/mm/mmap.c
@@ -98,7 +98,7 @@ static unsigned long mmap_base(void)
  * Bottom-up (legacy) layout on X86_32 did not support randomization, X86_64
  * does, but not when emulating X86_32
  */
-static unsigned long mmap_legacy_base(void)
+unsigned long mmap_legacy_base(void)
 {
 	if (mmap_is_ia32())
 		return TASK_UNMAPPED_BASE;
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -314,6 +314,7 @@ struct nsproxy;
 struct user_namespace;
 
 #ifdef CONFIG_MMU
+extern unsigned long mmap_legacy_base(void);
 extern void arch_pick_mmap_layout(struct mm_struct *mm);
 extern unsigned long
 arch_get_unmapped_area(struct file *, unsigned long, unsigned long,

next prev parent reply	other threads:[~2013-08-18 20:35 UTC|newest]

Thread overview: 55+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-08-18 20:35 [ 00/45] 3.10.8-stable review Greg Kroah-Hartman
2013-08-18 20:35 ` [ 01/45] perf/x86: Fix intel QPI uncore event definitions Greg Kroah-Hartman
2013-08-18 20:35 ` [ 02/45] perf/arm: Fix armpmu_map_hw_event() Greg Kroah-Hartman
2013-08-18 20:35 ` [ 03/45] memcg: dont initialize kmem-cache destroying work for root caches Greg Kroah-Hartman
2013-08-18 20:35 ` [ 04/45] microblaze: fix clone syscall Greg Kroah-Hartman
2013-08-18 20:35 ` Greg Kroah-Hartman [this message]
2013-08-18 20:35 ` [ 06/45] fs/proc/task_mmu.c: fix buffer overflow in add_page_map() Greg Kroah-Hartman
2013-08-18 20:35 ` [ 07/45] sched: Ensure update_cfs_shares() is called for parents of continuously-running tasks Greg Kroah-Hartman
2013-08-18 20:35 ` [ 08/45] elevator: Fix a race in elevator switching Greg Kroah-Hartman
2013-08-18 20:35 ` [ 09/45] ARM: KVM: perform save/restore of PAR Greg Kroah-Hartman
2013-08-18 20:35 ` [ 10/45] ARM: KVM: add missing dsb before invalidating Stage-2 TLBs Greg Kroah-Hartman
2013-08-18 20:36 ` [ 11/45] ARM: KVM: clear exclusive monitor on all exception returns Greg Kroah-Hartman
2013-08-18 20:36 ` [ 12/45] iwl4965: set power mode early Greg Kroah-Hartman
2013-08-18 20:36 ` [ 13/45] iwl4965: reset firmware after rfkill off Greg Kroah-Hartman
2013-08-18 20:36 ` [ 14/45] mac80211: ignore HT primary channel while connected Greg Kroah-Hartman
2013-08-18 20:36 ` [ 15/45] mac80211: fix infinite loop in ieee80211_determine_chantype Greg Kroah-Hartman
2013-08-18 20:36 ` [ 16/45] mac80211: continue using disabled channels while connected Greg Kroah-Hartman
2013-08-18 20:36 ` [ 17/45] can: pcan_usb: fix wrong memcpy() bytes length Greg Kroah-Hartman
2013-08-18 20:36 ` [ 18/45] genetlink: fix family dump race Greg Kroah-Hartman
2013-08-18 20:36 ` [ 19/45] cfg80211: fix P2P GO interface teardown Greg Kroah-Hartman
2013-08-18 20:36 ` [ 20/45] ASoC: dapm: Fix empty list check in dapm_new_mux() Greg Kroah-Hartman
2013-08-18 20:36 ` [ 21/45] ASoC: cs42l52: Reorder Min/Max and update to SX_TLV for Beep Volume Greg Kroah-Hartman
2013-08-18 20:36 ` [ 22/45] ASoC: tegra: fix Tegra30 I2S capture parameter setup Greg Kroah-Hartman
2013-08-18 20:36 ` [ 23/45] ALSA: usb-audio: Fix invalid volume resolution for Logitech HD Webcam C525 Greg Kroah-Hartman
2013-08-18 20:36 ` [ 24/45] ALSA: 6fire: make buffers DMA-able (pcm) Greg Kroah-Hartman
2013-08-18 20:36 ` [ 25/45] ALSA: 6fire: make buffers DMA-able (midi) Greg Kroah-Hartman
2013-08-18 20:36 ` [ 26/45] ALSA: hda - Fix missing mute controls for CX5051 Greg Kroah-Hartman
2013-08-18 20:36 ` [ 27/45] ALSA: hda - Add pinfix for LG LW25 laptop Greg Kroah-Hartman
2013-08-18 20:36 ` [ 28/45] ALSA: hda - Add a fixup for Gateway LT27 Greg Kroah-Hartman
2013-08-19 17:42   ` Nathanael D. Noblet
2013-08-19 17:48     ` Greg Kroah-Hartman
2013-08-19 18:10       ` Takashi Iwai
2013-08-18 20:36 ` [ 29/45] nl80211: fix another nl80211_fam.attrbuf race Greg Kroah-Hartman
2013-08-18 20:36 ` [ 30/45] usb: add two quirky touchscreen Greg Kroah-Hartman
2013-08-18 20:36 ` [ 31/45] USB: ti_usb_3410_5052: fix big-endian firmware handling Greg Kroah-Hartman
2013-08-18 20:36 ` [ 32/45] USB: mos7840: fix big-endian probe Greg Kroah-Hartman
2013-08-18 20:36 ` [ 33/45] USB: mos7720: fix broken control requests Greg Kroah-Hartman
2013-08-18 20:36 ` [ 34/45] USB: keyspan: fix null-deref at disconnect and release Greg Kroah-Hartman
2013-08-18 20:36 ` [ 35/45] USB: EHCI: accept very late isochronous URBs Greg Kroah-Hartman
2013-08-18 20:36 ` [ 36/45] USB-Serial: Fix error handling of usb_wwan Greg Kroah-Hartman
2013-08-18 20:36 ` [ 37/45] PM / QoS: Fix workqueue deadlock when using pm_qos_update_request_timeout() Greg Kroah-Hartman
2013-08-18 20:36 ` [ 38/45] wusbcore: fix kernel panic when disconnecting a wireless USB->serial device Greg Kroah-Hartman
2013-08-18 20:36 ` [ 39/45] Fix TLB gather virtual address range invalidation corner cases Greg Kroah-Hartman
2013-08-18 20:36 ` [ 40/45] ARM: 7809/1: perf: fix event validation for software group leaders Greg Kroah-Hartman
2013-08-18 20:36 ` [ 41/45] m68k: Truncate base in do_div() Greg Kroah-Hartman
2013-08-18 20:39   ` Geert Uytterhoeven
2013-08-18 20:50     ` Greg Kroah-Hartman
2013-08-18 20:36 ` [ 42/45] m68k/atari: ARAnyM - Fix NatFeat module support Greg Kroah-Hartman
2013-08-18 20:36 ` [ 43/45] s390: Fix broken build Greg Kroah-Hartman
2013-08-18 20:36 ` [ 44/45] jbd2: Fix use after free after error in jbd2_journal_dirty_metadata() Greg Kroah-Hartman
2013-08-18 20:36 ` [ 45/45] cpuset: fix the return value of cpuset_write_u64() Greg Kroah-Hartman
2013-08-19  1:43 ` [ 00/45] 3.10.8-stable review Guenter Roeck
2013-08-19  3:30   ` Greg Kroah-Hartman
2013-08-19 22:48 ` Shuah Khan
2013-08-19 23:11   ` Greg Kroah-Hartman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20130818203621.368077110@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=akpm@linux-foundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@kernel.org \
    --cc=molecula2788@gmail.com \
    --cc=oleg@redhat.com \
    --cc=riel@redhat.com \
    --cc=stable@vger.kernel.org \
    --cc=torvalds@linux-foundation.org \
    --cc=walken@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).