| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 10 Oct 2014 17:01:24 +0530
From: Arun Chandran <achandran@...sta.com>
To: Catalin Marinas <catalin.marinas@....com>,
Will Deacon <Will.Deacon@....com>,
linux-arm-kernel@...ts.infradead.org
Cc: Mark Rutland <mark.rutland@....com>, linux-kernel@...r.kernel.org,
Anton Blanchard <anton@...ba.org>,
Benjamin Herrenschmidt <benh@...nel.crashing.org>,
Paul Mackerras <paulus@...ba.org>,
Heiko Carstens <heiko.carstens@...ibm.com>,
Martin Schwidefsky <schwidefsky@...ibm.com>,
Arun Chandran <achandran@...sta.com>
Subject: [PATCH v2] Arm64: ASLR: Don't randomise text when randomise_va_space == 0
When user asks to turn off ASLR by writing "0" to
/proc/sys/kernel/randomize_va_space there should not be
any randomization to mmap base, stack, VDSO, libs, text and heap
Currently arm64 violates this behavior by randomising text.
Fix this.
Signed-off-by: Arun Chandran <achandran@...sta.com>
---
Changes since v1:
removed randomize_et_dyn()
---
This can be tested using the code below
#include <stdio.h>
int main(int argc, char *argv)
{
printf("main = %p\n", main);
return 0;
}
* compile it possition independently
aarch64-linux-gnu-gcc -fPIE -pie aslr.c -o aslr
* run it on the target
* Behavior before the patch
# for i in 1 2 3 4 5 ; do ./aslr ; done
main = 0x557020a950
main = 0x5561e55950
main = 0x5563e3a950
main = 0x555af30950
main = 0x5592859950
#
# echo 0 > /proc/sys/kernel/randomize_va_space
# for i in 1 2 3 4 5 ; do ./aslr ; done
main = 0x555927f950
main = 0x556829b950
main = 0x5566625950
main = 0x556b533950
main = 0x555c84d950
* Behavior after the patch
# for i in 1 2 3 4 5 ; do ./aslr ; done
main = 0x7f91988950
main = 0x7fb17b6950
main = 0x7f7805a950
main = 0x7fa372e950
main = 0x7f9cc1e950
#
# echo 0 > /proc/sys/kernel/randomize_va_space
# for i in 1 2 3 4 5 ; do ./aslr ; done
main = 0x5555555950
main = 0x5555555950
main = 0x5555555950
main = 0x5555555950
main = 0x5555555950
---
arch/arm64/Kconfig | 1 +
arch/arm64/include/asm/elf.h | 4 ++--
arch/arm64/kernel/process.c | 5 -----
3 files changed, 3 insertions(+), 7 deletions(-)
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index fd4e81a..a2eefc9 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -1,5 +1,6 @@
config ARM64
def_bool y
+ select ARCH_BINFMT_ELF_RANDOMIZE_PIE
select ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE
select ARCH_HAS_SG_CHAIN
select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST
diff --git a/arch/arm64/include/asm/elf.h b/arch/arm64/include/asm/elf.h
index 01d3aab..1f65be3 100644
--- a/arch/arm64/include/asm/elf.h
+++ b/arch/arm64/include/asm/elf.h
@@ -126,7 +126,7 @@ typedef struct user_fpsimd_state elf_fpregset_t;
* that it will "exec", and that there is sufficient room for the brk.
*/
extern unsigned long randomize_et_dyn(unsigned long base);
-#define ELF_ET_DYN_BASE (randomize_et_dyn(2 * TASK_SIZE_64 / 3))
+#define ELF_ET_DYN_BASE (2 * TASK_SIZE_64 / 3)
/*
* When the program starts, a1 contains a pointer to a function to be
@@ -169,7 +169,7 @@ extern unsigned long arch_randomize_brk(struct mm_struct *mm);
#define COMPAT_ELF_PLATFORM ("v8l")
#endif
-#define COMPAT_ELF_ET_DYN_BASE (randomize_et_dyn(2 * TASK_SIZE_32 / 3))
+#define COMPAT_ELF_ET_DYN_BASE (2 * TASK_SIZE_32 / 3)
/* AArch32 registers. */
#define COMPAT_ELF_NGREG 18
diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c
index 29d4869..d2edb12 100644
--- a/arch/arm64/kernel/process.c
+++ b/arch/arm64/kernel/process.c
@@ -403,8 +403,3 @@ unsigned long arch_randomize_brk(struct mm_struct *mm)
{
return randomize_base(mm->brk);
}
-
-unsigned long randomize_et_dyn(unsigned long base)
-{
- return randomize_base(base);
-}
--
1.7.9.5
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists