From patchwork Sun May 26 13:47:37 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexandre Ghiti X-Patchwork-Id: 10961593 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 50778112C for ; Sun, 26 May 2019 13:54:04 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3BD0828A71 for ; Sun, 26 May 2019 13:54:04 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 2FDCB28A89; Sun, 26 May 2019 13:54:04 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=unavailable version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id CC91128A71 for ; Sun, 26 May 2019 13:54:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=Nmb5NVS0nLrjwxByTY2y4QlVMPjB9hTd1+69Jou2/8I=; b=u+Bs3k0VwCNJNg 1DCabIFbdynP3eobfoJ4IJdXpxlj9U5xZYhlIBdvZMDlys++OnQy/vynV6BXaMXh0ZGyTp0qxs7cW xo8HZGWono9pwiRwWoEAGKQN1DENFU5RzzdU+ZPB/uIylsodb3tsD5qVaG+n1B88T9N35AcmiBa9R MCfHOF2Ud9eM79D6sgwRQeXb2yK+B/58kTZLZrVychPQLImjj6j7m3BEPach9SyeaBqEq05/NNZ0k Dnta/sDbsj3R2bXXAAE/t99xvEPERYKwciOLhYb7uRHeQ+02+N2GPl44kcOP6UOlqMMFU+gnqFVWk mouTtkiaDVM3aJKhRscw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1hUtb5-0006bT-OY; Sun, 26 May 2019 13:53:59 +0000 Received: from relay11.mail.gandi.net ([217.70.178.231]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1hUtav-0006Ua-Ah; Sun, 26 May 2019 13:53:54 +0000 Received: from alex.numericable.fr (127.19.86.79.rev.sfr.net [79.86.19.127]) (Authenticated sender: alex@ghiti.fr) by relay11.mail.gandi.net (Postfix) with ESMTPSA id EAC53100002; Sun, 26 May 2019 13:53:41 +0000 (UTC) From: Alexandre Ghiti To: Andrew Morton Subject: [PATCH v4 05/14] arm64, mm: Make randomization selected by generic topdown mmap layout Date: Sun, 26 May 2019 09:47:37 -0400 Message-Id: <20190526134746.9315-6-alex@ghiti.fr> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190526134746.9315-1-alex@ghiti.fr> References: <20190526134746.9315-1-alex@ghiti.fr> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190526_065352_880743_BBE78EFE X-CRM114-Status: GOOD ( 11.75 ) X-BeenThere: linux-riscv@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Albert Ou , Kees Cook , Alexandre Ghiti , Catalin Marinas , Palmer Dabbelt , Will Deacon , Russell King , Ralf Baechle , linux-kernel@vger.kernel.org, linux-mm@kvack.org, Paul Burton , Alexander Viro , James Hogan , linux-fsdevel@vger.kernel.org, linux-riscv@lists.infradead.org, linux-mips@vger.kernel.org, Christoph Hellwig , linux-arm-kernel@lists.infradead.org, Luis Chamberlain Sender: "linux-riscv" Errors-To: linux-riscv-bounces+patchwork-linux-riscv=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP This commits selects ARCH_HAS_ELF_RANDOMIZE when an arch uses the generic topdown mmap layout functions so that this security feature is on by default. Note that this commit also removes the possibility for arm64 to have elf randomization and no MMU: without MMU, the security added by randomization is worth nothing. Signed-off-by: Alexandre Ghiti Acked-by: Kees Cook Reviewed-by: Christoph Hellwig Acked-by: Catalin Marinas --- arch/Kconfig | 1 + arch/arm64/Kconfig | 1 - arch/arm64/kernel/process.c | 8 -------- mm/util.c | 11 +++++++++-- 4 files changed, 10 insertions(+), 11 deletions(-) diff --git a/arch/Kconfig b/arch/Kconfig index df3ab04270fa..3732654446cc 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -710,6 +710,7 @@ config HAVE_ARCH_COMPAT_MMAP_BASES config ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT bool depends on MMU + select ARCH_HAS_ELF_RANDOMIZE config HAVE_COPY_THREAD_TLS bool diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 3d754c19c11e..403bd3fffdbc 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -15,7 +15,6 @@ config ARM64 select ARCH_HAS_DMA_MMAP_PGPROT select ARCH_HAS_DMA_PREP_COHERENT select ARCH_HAS_ACPI_TABLE_UPGRADE if ACPI - select ARCH_HAS_ELF_RANDOMIZE select ARCH_HAS_FAST_MULTIPLIER select ARCH_HAS_FORTIFY_SOURCE select ARCH_HAS_GCOV_PROFILE_ALL diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index 3767fb21a5b8..3f85f8f2d665 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -535,14 +535,6 @@ unsigned long arch_align_stack(unsigned long sp) return sp & ~0xf; } -unsigned long arch_randomize_brk(struct mm_struct *mm) -{ - if (is_compat_task()) - return randomize_page(mm->brk, SZ_32M); - else - return randomize_page(mm->brk, SZ_1G); -} - /* * Called from setup_new_exec() after (COMPAT_)SET_PERSONALITY. */ diff --git a/mm/util.c b/mm/util.c index 717f5d75c16e..8a38126edc74 100644 --- a/mm/util.c +++ b/mm/util.c @@ -319,7 +319,15 @@ unsigned long randomize_stack_top(unsigned long stack_top) } #ifdef CONFIG_ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT -#ifdef CONFIG_ARCH_HAS_ELF_RANDOMIZE +unsigned long arch_randomize_brk(struct mm_struct *mm) +{ + /* Is the current task 32bit ? */ + if (!IS_ENABLED(CONFIG_64BIT) || is_compat_task()) + return randomize_page(mm->brk, SZ_32M); + + return randomize_page(mm->brk, SZ_1G); +} + unsigned long arch_mmap_rnd(void) { unsigned long rnd; @@ -333,7 +341,6 @@ unsigned long arch_mmap_rnd(void) return rnd << PAGE_SHIFT; } -#endif /* CONFIG_ARCH_HAS_ELF_RANDOMIZE */ static int mmap_is_legacy(struct rlimit *rlim_stack) {