| Message ID | 20190417052247.17809-6-alex@ghiti.fr (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Provide generic top-down mmap layout functions | expand |
On Wed, Apr 17, 2019 at 12:28 AM Alexandre Ghiti <alex@ghiti.fr> wrote: > > This commit takes care of stack randomization and stack guard gap when > computing mmap base address and checks if the task asked for randomization. > This fixes the problem uncovered and not fixed for arm here: > https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1429066.html Please use the official archive instead. This includes headers, linked patches, etc: https://lkml.kernel.org/r/20170622200033.25714-1-riel@redhat.com > Signed-off-by: Alexandre Ghiti <alex@ghiti.fr> > --- > arch/arm/mm/mmap.c | 14 ++++++++++++-- > 1 file changed, 12 insertions(+), 2 deletions(-) > > diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c > index f866870db749..bff3d00bda5b 100644 > --- a/arch/arm/mm/mmap.c > +++ b/arch/arm/mm/mmap.c > @@ -18,8 +18,9 @@ > (((pgoff)<<PAGE_SHIFT) & (SHMLBA-1))) > > /* gap between mmap and stack */ > -#define MIN_GAP (128*1024*1024UL) > -#define MAX_GAP ((TASK_SIZE)/6*5) > +#define MIN_GAP (128*1024*1024UL) Might as well fix this up as SIZE_128M > +#define MAX_GAP ((TASK_SIZE)/6*5) > +#define STACK_RND_MASK (0x7ff >> (PAGE_SHIFT - 12)) STACK_RND_MASK is already defined so you don't need to add it here, yes? > static int mmap_is_legacy(struct rlimit *rlim_stack) > { > @@ -35,6 +36,15 @@ static int mmap_is_legacy(struct rlimit *rlim_stack) > static unsigned long mmap_base(unsigned long rnd, struct rlimit *rlim_stack) > { > unsigned long gap = rlim_stack->rlim_cur; > + unsigned long pad = stack_guard_gap; > + > + /* Account for stack randomization if necessary */ > + if (current->flags & PF_RANDOMIZE) > + pad += (STACK_RND_MASK << PAGE_SHIFT); > + > + /* Values close to RLIM_INFINITY can overflow. */ > + if (gap + pad > gap) > + gap += pad; > > if (gap < MIN_GAP) > gap = MIN_GAP; > -- > 2.20.1 > But otherwise, yes: Acked-by: Kees Cook <keescook@chromium.org> -- Kees Cook
On 4/18/19 1:26 AM, Kees Cook wrote: > On Wed, Apr 17, 2019 at 12:28 AM Alexandre Ghiti <alex@ghiti.fr> wrote: >> This commit takes care of stack randomization and stack guard gap when >> computing mmap base address and checks if the task asked for randomization. >> This fixes the problem uncovered and not fixed for arm here: >> https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1429066.html > Please use the official archive instead. This includes headers, linked > patches, etc: > https://lkml.kernel.org/r/20170622200033.25714-1-riel@redhat.com Ok, sorry about that, and thanks for the info. > >> Signed-off-by: Alexandre Ghiti <alex@ghiti.fr> >> --- >> arch/arm/mm/mmap.c | 14 ++++++++++++-- >> 1 file changed, 12 insertions(+), 2 deletions(-) >> >> diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c >> index f866870db749..bff3d00bda5b 100644 >> --- a/arch/arm/mm/mmap.c >> +++ b/arch/arm/mm/mmap.c >> @@ -18,8 +18,9 @@ >> (((pgoff)<<PAGE_SHIFT) & (SHMLBA-1))) >> >> /* gap between mmap and stack */ >> -#define MIN_GAP (128*1024*1024UL) >> -#define MAX_GAP ((TASK_SIZE)/6*5) >> +#define MIN_GAP (128*1024*1024UL) > Might as well fix this up as SIZE_128M I left the code as is because it gets removed in the next commit, I did not even correct the checkpatch warnings. But I can fix that in v4, since there will be a v4 :) > >> +#define MAX_GAP ((TASK_SIZE)/6*5) >> +#define STACK_RND_MASK (0x7ff >> (PAGE_SHIFT - 12)) > STACK_RND_MASK is already defined so you don't need to add it here, yes? At this point, I don't think arm has STACK_RND_MASK defined anywhere since the generic version is in mm/util.c. > >> static int mmap_is_legacy(struct rlimit *rlim_stack) >> { >> @@ -35,6 +36,15 @@ static int mmap_is_legacy(struct rlimit *rlim_stack) >> static unsigned long mmap_base(unsigned long rnd, struct rlimit *rlim_stack) >> { >> unsigned long gap = rlim_stack->rlim_cur; >> + unsigned long pad = stack_guard_gap; >> + >> + /* Account for stack randomization if necessary */ >> + if (current->flags & PF_RANDOMIZE) >> + pad += (STACK_RND_MASK << PAGE_SHIFT); >> + >> + /* Values close to RLIM_INFINITY can overflow. */ >> + if (gap + pad > gap) >> + gap += pad; >> >> if (gap < MIN_GAP) >> gap = MIN_GAP; >> -- >> 2.20.1 >> > But otherwise, yes: > > Acked-by: Kees Cook <keescook@chromium.org> Thanks ! > > -- > Kees Cook > > _______________________________________________ > linux-riscv mailing list > linux-riscv@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/linux-riscv
diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c index f866870db749..bff3d00bda5b 100644 --- a/arch/arm/mm/mmap.c +++ b/arch/arm/mm/mmap.c @@ -18,8 +18,9 @@ (((pgoff)<<PAGE_SHIFT) & (SHMLBA-1))) /* gap between mmap and stack */ -#define MIN_GAP (128*1024*1024UL) -#define MAX_GAP ((TASK_SIZE)/6*5) +#define MIN_GAP (128*1024*1024UL) +#define MAX_GAP ((TASK_SIZE)/6*5) +#define STACK_RND_MASK (0x7ff >> (PAGE_SHIFT - 12)) static int mmap_is_legacy(struct rlimit *rlim_stack) { @@ -35,6 +36,15 @@ static int mmap_is_legacy(struct rlimit *rlim_stack) static unsigned long mmap_base(unsigned long rnd, struct rlimit *rlim_stack) { unsigned long gap = rlim_stack->rlim_cur; + unsigned long pad = stack_guard_gap; + + /* Account for stack randomization if necessary */ + if (current->flags & PF_RANDOMIZE) + pad += (STACK_RND_MASK << PAGE_SHIFT); + + /* Values close to RLIM_INFINITY can overflow. */ + if (gap + pad > gap) + gap += pad; if (gap < MIN_GAP) gap = MIN_GAP;
This commit takes care of stack randomization and stack guard gap when computing mmap base address and checks if the task asked for randomization. This fixes the problem uncovered and not fixed for arm here: https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1429066.html Signed-off-by: Alexandre Ghiti <alex@ghiti.fr> --- arch/arm/mm/mmap.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-)