lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LNX.2.00.0909110112470.23856@wotan.suse.de>
Date:	Fri, 11 Sep 2009 01:14:13 +0200 (CEST)
From:	Jiri Kosina <jkosina@...e.cz>
To:	Michal Hocko <mhocko@...e.cz>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Ingo Molnar <mingo@...hat.com>
Cc:	x86@...nel.org, linux-kernel@...r.kernel.org,
	"H . Peter Anvin" <hpa@...or.com>,
	Thomas Gleixner <tglx@...utronix.de>
Subject: Re: [PATCH v4] x86: increase MIN_GAP to include randomized stack

On Tue, 8 Sep 2009, Jiri Kosina wrote:

> > Currently we are not including randomized stack size when calculating
> > mmap_base address in arch_pick_mmap_layout for topdown case. This might
> > cause that mmap_base starts in the stack reserved area because stack is
> > randomized by 1GB for 64b (8MB for 32b) and the minimum gap is 128MB.
> > 
> > If the stack really grows down to mmap_base then we can get silent mmap
> > region overwrite by the stack values.
> > 
> > Let's include maximum stack randomization size into MIN_GAP which is
> > used as the low bound for the gap in mmap.
> > 
> > Signed-off-by: Michal Hocko <mhocko@...e.cz>
> 
> Acked-by: Jiri Kosina <jkosina@...e.cz>
> 
> Ingo, could you please consider applying this?

Any comments about this patch please? (aka. "ping") :)

> > ---
> >  arch/x86/include/asm/elf.h |    2 ++
> >  arch/x86/mm/mmap.c         |   17 +++++++++++++++--
> >  2 files changed, 17 insertions(+), 2 deletions(-)
> > 
> > diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h
> > index 83c1bc8..456a304 100644
> > --- a/arch/x86/include/asm/elf.h
> > +++ b/arch/x86/include/asm/elf.h
> > @@ -299,6 +299,8 @@ do {									\
> >  
> >  #ifdef CONFIG_X86_32
> >  
> > +#define STACK_RND_MASK (0x7ff)
> > +
> >  #define VDSO_HIGH_BASE		(__fix_to_virt(FIX_VDSO))
> >  
> >  #define ARCH_DLINFO		ARCH_DLINFO_IA32(vdso_enabled)
> > diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c
> > index 1658296..c8191de 100644
> > --- a/arch/x86/mm/mmap.c
> > +++ b/arch/x86/mm/mmap.c
> > @@ -29,13 +29,26 @@
> >  #include <linux/random.h>
> >  #include <linux/limits.h>
> >  #include <linux/sched.h>
> > +#include <asm/elf.h>
> > +
> > +static unsigned int stack_maxrandom_size(void)
> > +{
> > +	unsigned int max = 0;
> > +	if ((current->flags & PF_RANDOMIZE) &&
> > +		!(current->personality & ADDR_NO_RANDOMIZE)) {
> > +		max = ((-1U) & STACK_RND_MASK) << PAGE_SHIFT;
> > +	}
> > +
> > +	return max;
> > +}
> > +
> >  
> >  /*
> >   * Top of mmap area (just below the process stack).
> >   *
> > - * Leave an at least ~128 MB hole.
> > + * Leave an at least ~128 MB hole with possible stack randomization.
> >   */
> > -#define MIN_GAP (128*1024*1024)
> > +#define MIN_GAP (128*1024*1024UL + stack_maxrandom_size())
> >  #define MAX_GAP (TASK_SIZE/6*5)
> >  
> >  /*
> > -- 
> > 1.6.3.3
> > 

-- 
Jiri Kosina
SUSE Labs, Novell Inc.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ