lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20180226211257.63067-1-blackzert@gmail.com>
Date:   Tue, 27 Feb 2018 00:12:57 +0300
From:   Ilya Smith <blackzert@...il.com>
To:     tglx@...utronix.de, mingo@...hat.com, hpa@...or.com,
        x86@...nel.org, kirill.shutemov@...ux.intel.com,
        dsafonov@...tuozzo.com, mhocko@...e.com, hughd@...gle.com,
        gregkh@...uxfoundation.org, craigb@...gle.com, oleg@...hat.com,
        linux-kernel@...r.kernel.org
Cc:     Ilya Smith <blackzert@...il.com>
Subject: [RFC PATCH] Take mmap_min_addr into account while choosing unmapped address for x86-64.

It prevent situation when vm_unmapped_area chose address between
PAGE_SIZE and mmap_min_addr range. In this case mmap will fail with
EPERM without a good reason.

As test-case of such situation we may hard-code address between
PAGE_SIZE and 65536 inside unmapped_area_topdown function.

Signed-off-by: Ilya Smith <blackzert@...il.com>
---
 arch/x86/kernel/sys_x86_64.c | 5 +++--
 arch/x86/mm/mmap.c           | 4 ++++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c
index 676774b9bb8d..1752fe5cb735 100644
--- a/arch/x86/kernel/sys_x86_64.c
+++ b/arch/x86/kernel/sys_x86_64.c
@@ -17,6 +17,7 @@
 #include <linux/random.h>
 #include <linux/uaccess.h>
 #include <linux/elf.h>
+#include <linux/security.h>
 
 #include <asm/elf.h>
 #include <asm/compat.h>
@@ -185,7 +186,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
 		return addr;
 
 	/* requested length too big for entire address space */
-	if (len > TASK_SIZE)
+	if (len > TASK_SIZE - mmap_min_addr)
 		return -ENOMEM;
 
 	/* No address checking. See comment at mmap_address_hint_valid() */
@@ -210,7 +211,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
 
 	info.flags = VM_UNMAPPED_AREA_TOPDOWN;
 	info.length = len;
-	info.low_limit = PAGE_SIZE;
+	info.low_limit = max(PAGE_SIZE, mmap_min_addr);
 	info.high_limit = get_mmap_base(0);
 
 	/*
diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c
index 155ecbac9e28..b6d0c317639e 100644
--- a/arch/x86/mm/mmap.c
+++ b/arch/x86/mm/mmap.c
@@ -31,6 +31,7 @@
 #include <linux/sched/signal.h>
 #include <linux/sched/mm.h>
 #include <linux/compat.h>
+#include <linux/security.h>
 #include <asm/elf.h>
 
 #include "physaddr.h"
@@ -220,6 +221,9 @@ bool mmap_address_hint_valid(unsigned long addr, unsigned long len)
 	if (TASK_SIZE - len < addr)
 		return false;
 
+	if (addr < mmap_min_addr)
+		return false;
+
 	return (addr > DEFAULT_MAP_WINDOW) == (addr + len > DEFAULT_MAP_WINDOW);
 }
 
-- 
2.14.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ