| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <91e31484-b268-2c90-1dd1-98cec349af6c@ghiti.fr>
Date: Fri, 9 Aug 2019 11:44:38 +0200
From: Alexandre Ghiti <alex@...ti.fr>
To: Sergei Shtylyov <sergei.shtylyov@...entembedded.com>,
Andrew Morton <akpm@...ux-foundation.org>
Cc: Albert Ou <aou@...s.berkeley.edu>,
Kees Cook <keescook@...omium.org>, linux-mm@...ck.org,
Catalin Marinas <catalin.marinas@....com>,
Palmer Dabbelt <palmer@...ive.com>,
Will Deacon <will.deacon@....com>,
Russell King <linux@...linux.org.uk>,
Ralf Baechle <ralf@...ux-mips.org>,
linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
Luis Chamberlain <mcgrof@...nel.org>,
Paul Burton <paul.burton@...s.com>,
Paul Walmsley <paul.walmsley@...ive.com>,
James Hogan <jhogan@...nel.org>,
linux-riscv@...ts.infradead.org, linux-mips@...r.kernel.org,
Christoph Hellwig <hch@....de>,
linux-arm-kernel@...ts.infradead.org,
Alexander Viro <viro@...iv.linux.org.uk>
Subject: Re: [PATCH v6 09/14] mips: Properly account for stack randomization
and stack guard gap
On 8/8/19 11:16 AM, Sergei Shtylyov wrote:
> Hello!
>
> On 08.08.2019 9:17, Alexandre Ghiti wrote:
>
>> This commit takes care of stack randomization and stack guard gap when
>> computing mmap base address and checks if the task asked for
>> randomization.
>>
>> This fixes the problem uncovered and not fixed for arm here:
>> https://lkml.kernel.org/r/20170622200033.25714-1-riel@redhat.com
>>
>> Signed-off-by: Alexandre Ghiti <alex@...ti.fr>
>> Acked-by: Kees Cook <keescook@...omium.org>
>> Acked-by: Paul Burton <paul.burton@...s.com>
>> Reviewed-by: Luis Chamberlain <mcgrof@...nel.org>
>> ---
>> arch/mips/mm/mmap.c | 14 ++++++++++++--
>> 1 file changed, 12 insertions(+), 2 deletions(-)
>>
>> diff --git a/arch/mips/mm/mmap.c b/arch/mips/mm/mmap.c
>> index d79f2b432318..f5c778113384 100644
>> --- a/arch/mips/mm/mmap.c
>> +++ b/arch/mips/mm/mmap.c
>> @@ -21,8 +21,9 @@ unsigned long shm_align_mask = PAGE_SIZE - 1; /*
>> Sane caches */
>> EXPORT_SYMBOL(shm_align_mask);
>> /* gap between mmap and stack */
>> -#define MIN_GAP (128*1024*1024UL)
>> -#define MAX_GAP ((TASK_SIZE)/6*5)
>> +#define MIN_GAP (128*1024*1024UL)
>> +#define MAX_GAP ((TASK_SIZE)/6*5)
>
> Could add spaces around *, while touching this anyway? And parens
> around TASK_SIZE shouldn't be needed...
>
I did not fix checkpatch warnings here since this code gets removed
afterwards.
>> +#define STACK_RND_MASK (0x7ff >> (PAGE_SHIFT - 12))
>> static int mmap_is_legacy(struct rlimit *rlim_stack)
>> {
>> @@ -38,6 +39,15 @@ static int mmap_is_legacy(struct rlimit *rlim_stack)
>> static unsigned long mmap_base(unsigned long rnd, struct rlimit
>> *rlim_stack)
>> {
>> unsigned long gap = rlim_stack->rlim_cur;
>> + unsigned long pad = stack_guard_gap;
>> +
>> + /* Account for stack randomization if necessary */
>> + if (current->flags & PF_RANDOMIZE)
>> + pad += (STACK_RND_MASK << PAGE_SHIFT);
>
> Parens not needed here.
Belt and braces approach here as I'm never sure about priorities.
Thanks for your time,
Alex
>
>> +
>> + /* Values close to RLIM_INFINITY can overflow. */
>> + if (gap + pad > gap)
>> + gap += pad;
>> if (gap < MIN_GAP)
>> gap = MIN_GAP;
>>
>
>
> _______________________________________________
> linux-riscv mailing list
> linux-riscv@...ts.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-riscv
Powered by blists - more mailing lists