diff mbox

[v3] powerpc: mm: support ARCH_MMAP_RND_BITS

Message ID 1490730347-5165-1-git-send-email-bhsharma@redhat.com (mailing list archive)
State New, archived
Headers show

Commit Message

Bhupesh Sharma March 28, 2017, 7:45 p.m. UTC
powerpc arch_mmap_rnd() currently uses hard-coded values - (23-PAGE_SHIFT) for
32-bit and (30-PAGE_SHIFT) for 64-bit, to generate the random offset
for the mmap base address for a ASLR ELF.

This patch makes sure that powerpc mmap arch_mmap_rnd() implementation
is similar to other ARCHs (like x86, arm64) and uses mmap_rnd_bits
and helpers to generate the mmap address randomization.

The maximum and minimum randomization range values represent
a compromise between increased ASLR effectiveness and avoiding
address-space fragmentation.

Using the Kconfig option and suitable /proc tunable, platform
developers may choose where to place this compromise.

Also this patch keeps the default values as new minimums.

Signed-off-by: Bhupesh Sharma <bhsharma@redhat.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
---
* Changes since v2:
v2 can be seen here (https://patchwork.kernel.org/patch/9551509/)
    - Changed a few minimum and maximum randomization ranges as per Michael's suggestion.
    - Corrected Kees's email address in the Reviewed-by line.
    - Added further comments in kconfig to explain how the address ranges were worked out.

* Changes since v1:
v1 can be seen here (https://lists.ozlabs.org/pipermail/linuxppc-dev/2017-February/153594.html)
    - No functional change in this patch.
    - Dropped PATCH 2/2 from v1 as recommended by Kees Cook.

 arch/powerpc/Kconfig   | 44 ++++++++++++++++++++++++++++++++++++++++++++
 arch/powerpc/mm/mmap.c |  7 ++++---
 2 files changed, 48 insertions(+), 3 deletions(-)

Comments

Bhupesh Sharma April 10, 2017, 5:20 p.m. UTC | #1
Hi Michael,

On Wed, Mar 29, 2017 at 1:15 AM, Bhupesh Sharma <bhsharma@redhat.com> wrote:
> powerpc arch_mmap_rnd() currently uses hard-coded values - (23-PAGE_SHIFT) for
> 32-bit and (30-PAGE_SHIFT) for 64-bit, to generate the random offset
> for the mmap base address for a ASLR ELF.
>
> This patch makes sure that powerpc mmap arch_mmap_rnd() implementation
> is similar to other ARCHs (like x86, arm64) and uses mmap_rnd_bits
> and helpers to generate the mmap address randomization.
>
> The maximum and minimum randomization range values represent
> a compromise between increased ASLR effectiveness and avoiding
> address-space fragmentation.
>
> Using the Kconfig option and suitable /proc tunable, platform
> developers may choose where to place this compromise.
>
> Also this patch keeps the default values as new minimums.
>
> Signed-off-by: Bhupesh Sharma <bhsharma@redhat.com>
> Reviewed-by: Kees Cook <keescook@chromium.org>
> ---
> * Changes since v2:
> v2 can be seen here (https://patchwork.kernel.org/patch/9551509/)
>     - Changed a few minimum and maximum randomization ranges as per Michael's suggestion.
>     - Corrected Kees's email address in the Reviewed-by line.
>     - Added further comments in kconfig to explain how the address ranges were worked out.
>
> * Changes since v1:
> v1 can be seen here (https://lists.ozlabs.org/pipermail/linuxppc-dev/2017-February/153594.html)
>     - No functional change in this patch.
>     - Dropped PATCH 2/2 from v1 as recommended by Kees Cook.
>
>  arch/powerpc/Kconfig   | 44 ++++++++++++++++++++++++++++++++++++++++++++
>  arch/powerpc/mm/mmap.c |  7 ++++---
>  2 files changed, 48 insertions(+), 3 deletions(-)
>
> diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
> index 97a8bc8..84aae67 100644
> --- a/arch/powerpc/Kconfig
> +++ b/arch/powerpc/Kconfig
> @@ -22,6 +22,48 @@ config MMU
>         bool
>         default y
>
> +# min bits determined by the following formula:
> +# VA_BITS - PAGE_SHIFT - CONSTANT
> +# where,
> +#      VA_BITS = 46 bits for 64BIT and 4GB - 1 Page = 31 bits for 32BIT
> +#      CONSTANT = 16 for 64BIT and 8 for 32BIT
> +config ARCH_MMAP_RND_BITS_MIN
> +       default 5 if PPC_256K_PAGES && 32BIT  # 31 - 18 - 8 = 5
> +       default 7 if PPC_64K_PAGES && 32BIT   # 31 - 16 - 8 = 7
> +       default 9 if PPC_16K_PAGES && 32BIT   # 31 - 14 - 8 = 9
> +       default 11 if PPC_4K_PAGES && 32BIT   # 31 - 12 - 8 = 11
> +       default 12 if PPC_256K_PAGES && 64BIT # 46 - 18 - 16 = 12
> +       default 14 if PPC_64K_PAGES && 64BIT  # 46 - 16 - 16 = 14
> +       default 16 if PPC_16K_PAGES && 64BIT  # 46 - 14 - 16 = 16
> +       default 18 if PPC_4K_PAGES && 64BIT   # 46 - 12 - 16 = 18
> +
> +# max bits determined by the following formula:
> +# VA_BITS - PAGE_SHIFT - CONSTANT
> +# where,
> +#      VA_BITS = 46 bits for 64BIT, and 4GB - 1 Page = 31 bits for 32BIT
> +#      CONSTANT = 2, both for 64BIT and 32BIT
> +config ARCH_MMAP_RND_BITS_MAX
> +       default 11 if PPC_256K_PAGES && 32BIT # 31 - 18 - 2 = 11
> +       default 13 if PPC_64K_PAGES && 32BIT  # 31 - 16 - 2 = 13
> +       default 15 if PPC_16K_PAGES && 32BIT  # 31 - 14 - 2 = 15
> +       default 17 if PPC_4K_PAGES && 32BIT   # 31 - 12 - 2 = 17
> +       default 26 if PPC_256K_PAGES && 64BIT # 46 - 18 - 2 = 26
> +       default 28 if PPC_64K_PAGES && 64BIT  # 46 - 16 - 2 = 28
> +       default 30 if PPC_16K_PAGES && 64BIT  # 46 - 14 - 2 = 30
> +       default 32 if PPC_4K_PAGES && 64BIT   # 46 - 12 - 2 = 32
> +
> +config ARCH_MMAP_RND_COMPAT_BITS_MIN
> +       default 5 if PPC_256K_PAGES
> +       default 7 if PPC_64K_PAGES
> +       default 9 if PPC_16K_PAGES
> +       default 11
> +
> +config ARCH_MMAP_RND_COMPAT_BITS_MAX
> +       default 11 if PPC_256K_PAGES
> +       default 13 if PPC_64K_PAGES
> +       default 15 if PPC_16K_PAGES
> +       default 17
> +
>  config HAVE_SETUP_PER_CPU_AREA
>         def_bool PPC64
>
> @@ -142,6 +184,8 @@ config PPC
>         select HAVE_IRQ_EXIT_ON_IRQ_STACK
>         select HAVE_KERNEL_GZIP
>         select HAVE_KPROBES
> +       select HAVE_ARCH_MMAP_RND_BITS
> +       select HAVE_ARCH_MMAP_RND_COMPAT_BITS if COMPAT
>         select HAVE_KRETPROBES
>         select HAVE_LIVEPATCH                   if HAVE_DYNAMIC_FTRACE_WITH_REGS
>         select HAVE_MEMBLOCK
> diff --git a/arch/powerpc/mm/mmap.c b/arch/powerpc/mm/mmap.c
> index a5d9ef5..92a9355 100644
> --- a/arch/powerpc/mm/mmap.c
> +++ b/arch/powerpc/mm/mmap.c
> @@ -61,11 +61,12 @@ unsigned long arch_mmap_rnd(void)
>  {
>         unsigned long rnd;
>
> -       /* 8MB for 32bit, 1GB for 64bit */
> +#ifdef CONFIG_COMPAT
>         if (is_32bit_task())
> -               rnd = get_random_long() % (1<<(23-PAGE_SHIFT));
> +               rnd = get_random_long() & ((1UL << mmap_rnd_compat_bits) - 1);
>         else
> -               rnd = get_random_long() % (1UL<<(30-PAGE_SHIFT));
> +#endif
> +               rnd = get_random_long() & ((1UL << mmap_rnd_bits) - 1);
>
>         return rnd << PAGE_SHIFT;
>  }
> --
> 2.7.4
>

Ping. Any comments on this one?

Regards,
Bhupesh
Aneesh Kumar K.V April 13, 2017, 6:36 a.m. UTC | #2
Bhupesh Sharma <bhsharma@redhat.com> writes:

> powerpc arch_mmap_rnd() currently uses hard-coded values - (23-PAGE_SHIFT) for
> 32-bit and (30-PAGE_SHIFT) for 64-bit, to generate the random offset
> for the mmap base address for a ASLR ELF.
>
> This patch makes sure that powerpc mmap arch_mmap_rnd() implementation
> is similar to other ARCHs (like x86, arm64) and uses mmap_rnd_bits
> and helpers to generate the mmap address randomization.
>
> The maximum and minimum randomization range values represent
> a compromise between increased ASLR effectiveness and avoiding
> address-space fragmentation.
>
> Using the Kconfig option and suitable /proc tunable, platform
> developers may choose where to place this compromise.
>
> Also this patch keeps the default values as new minimums.
>
> Signed-off-by: Bhupesh Sharma <bhsharma@redhat.com>
> Reviewed-by: Kees Cook <keescook@chromium.org>
> ---
> * Changes since v2:
> v2 can be seen here (https://patchwork.kernel.org/patch/9551509/)
>     - Changed a few minimum and maximum randomization ranges as per Michael's suggestion.
>     - Corrected Kees's email address in the Reviewed-by line.
>     - Added further comments in kconfig to explain how the address ranges were worked out.
>
> * Changes since v1:
> v1 can be seen here (https://lists.ozlabs.org/pipermail/linuxppc-dev/2017-February/153594.html)
>     - No functional change in this patch.
>     - Dropped PATCH 2/2 from v1 as recommended by Kees Cook.
>
>  arch/powerpc/Kconfig   | 44 ++++++++++++++++++++++++++++++++++++++++++++
>  arch/powerpc/mm/mmap.c |  7 ++++---
>  2 files changed, 48 insertions(+), 3 deletions(-)
>
> diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
> index 97a8bc8..84aae67 100644
> --- a/arch/powerpc/Kconfig
> +++ b/arch/powerpc/Kconfig
> @@ -22,6 +22,48 @@ config MMU
>  	bool
>  	default y
>  
> +# min bits determined by the following formula:
> +# VA_BITS - PAGE_SHIFT - CONSTANT
> +# where,
> +# 	VA_BITS = 46 bits for 64BIT and 4GB - 1 Page = 31 bits for 32BIT


Where did we derive that 46 bits from ? is that based on TASK_SIZE ?


> +# 	CONSTANT = 16 for 64BIT and 8 for 32BIT
> +config ARCH_MMAP_RND_BITS_MIN
> +       default 5 if PPC_256K_PAGES && 32BIT  # 31 - 18 - 8 = 5
> +       default 7 if PPC_64K_PAGES && 32BIT   # 31 - 16 - 8 = 7
> +       default 9 if PPC_16K_PAGES && 32BIT   # 31 - 14 - 8 = 9
> +       default 11 if PPC_4K_PAGES && 32BIT   # 31 - 12 - 8 = 11
> +       default 12 if PPC_256K_PAGES && 64BIT # 46 - 18 - 16 = 12
> +       default 14 if PPC_64K_PAGES && 64BIT  # 46 - 16 - 16 = 14
> +       default 16 if PPC_16K_PAGES && 64BIT  # 46 - 14 - 16 = 16
> +       default 18 if PPC_4K_PAGES && 64BIT   # 46 - 12 - 16 = 18
> +
> +# max bits determined by the following formula:


-aneesh
Bhupesh Sharma April 13, 2017, 6:52 a.m. UTC | #3
Hi Aneesh,

On Thu, Apr 13, 2017 at 12:06 PM, Aneesh Kumar K.V
<aneesh.kumar@linux.vnet.ibm.com> wrote:
> Bhupesh Sharma <bhsharma@redhat.com> writes:
>
>> powerpc arch_mmap_rnd() currently uses hard-coded values - (23-PAGE_SHIFT) for
>> 32-bit and (30-PAGE_SHIFT) for 64-bit, to generate the random offset
>> for the mmap base address for a ASLR ELF.
>>
>> This patch makes sure that powerpc mmap arch_mmap_rnd() implementation
>> is similar to other ARCHs (like x86, arm64) and uses mmap_rnd_bits
>> and helpers to generate the mmap address randomization.
>>
>> The maximum and minimum randomization range values represent
>> a compromise between increased ASLR effectiveness and avoiding
>> address-space fragmentation.
>>
>> Using the Kconfig option and suitable /proc tunable, platform
>> developers may choose where to place this compromise.
>>
>> Also this patch keeps the default values as new minimums.
>>
>> Signed-off-by: Bhupesh Sharma <bhsharma@redhat.com>
>> Reviewed-by: Kees Cook <keescook@chromium.org>
>> ---
>> * Changes since v2:
>> v2 can be seen here (https://patchwork.kernel.org/patch/9551509/)
>>     - Changed a few minimum and maximum randomization ranges as per Michael's suggestion.
>>     - Corrected Kees's email address in the Reviewed-by line.
>>     - Added further comments in kconfig to explain how the address ranges were worked out.
>>
>> * Changes since v1:
>> v1 can be seen here (https://lists.ozlabs.org/pipermail/linuxppc-dev/2017-February/153594.html)
>>     - No functional change in this patch.
>>     - Dropped PATCH 2/2 from v1 as recommended by Kees Cook.
>>
>>  arch/powerpc/Kconfig   | 44 ++++++++++++++++++++++++++++++++++++++++++++
>>  arch/powerpc/mm/mmap.c |  7 ++++---
>>  2 files changed, 48 insertions(+), 3 deletions(-)
>>
>> diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
>> index 97a8bc8..84aae67 100644
>> --- a/arch/powerpc/Kconfig
>> +++ b/arch/powerpc/Kconfig
>> @@ -22,6 +22,48 @@ config MMU
>>       bool
>>       default y
>>
>> +# min bits determined by the following formula:
>> +# VA_BITS - PAGE_SHIFT - CONSTANT
>> +# where,
>> +#    VA_BITS = 46 bits for 64BIT and 4GB - 1 Page = 31 bits for 32BIT
>
>
> Where did we derive that 46 bits from ? is that based on TASK_SIZE ?

Yes. It was derived from TASK_SIZE :
http://lxr.free-electrons.com/source/arch/powerpc/include/asm/processor.h#L105

Regards,
Bhupesh

>
>> +#    CONSTANT = 16 for 64BIT and 8 for 32BIT
>> +config ARCH_MMAP_RND_BITS_MIN
>> +       default 5 if PPC_256K_PAGES && 32BIT  # 31 - 18 - 8 = 5
>> +       default 7 if PPC_64K_PAGES && 32BIT   # 31 - 16 - 8 = 7
>> +       default 9 if PPC_16K_PAGES && 32BIT   # 31 - 14 - 8 = 9
>> +       default 11 if PPC_4K_PAGES && 32BIT   # 31 - 12 - 8 = 11
>> +       default 12 if PPC_256K_PAGES && 64BIT # 46 - 18 - 16 = 12
>> +       default 14 if PPC_64K_PAGES && 64BIT  # 46 - 16 - 16 = 14
>> +       default 16 if PPC_16K_PAGES && 64BIT  # 46 - 14 - 16 = 16
>> +       default 18 if PPC_4K_PAGES && 64BIT   # 46 - 12 - 16 = 18
>> +
>> +# max bits determined by the following formula:
>
>
> -aneesh
>
Aneesh Kumar K.V April 13, 2017, 6:58 a.m. UTC | #4
On Thursday 13 April 2017 12:22 PM, Bhupesh Sharma wrote:
> Hi Aneesh,
>
> On Thu, Apr 13, 2017 at 12:06 PM, Aneesh Kumar K.V
> <aneesh.kumar@linux.vnet.ibm.com> wrote:
>> Bhupesh Sharma <bhsharma@redhat.com> writes:
>>
>>> powerpc arch_mmap_rnd() currently uses hard-coded values - (23-PAGE_SHIFT) for
>>> 32-bit and (30-PAGE_SHIFT) for 64-bit, to generate the random offset
>>> for the mmap base address for a ASLR ELF.
>>>
>>> This patch makes sure that powerpc mmap arch_mmap_rnd() implementation
>>> is similar to other ARCHs (like x86, arm64) and uses mmap_rnd_bits
>>> and helpers to generate the mmap address randomization.
>>>
>>> The maximum and minimum randomization range values represent
>>> a compromise between increased ASLR effectiveness and avoiding
>>> address-space fragmentation.
>>>
>>> Using the Kconfig option and suitable /proc tunable, platform
>>> developers may choose where to place this compromise.
>>>
>>> Also this patch keeps the default values as new minimums.
>>>
>>> Signed-off-by: Bhupesh Sharma <bhsharma@redhat.com>
>>> Reviewed-by: Kees Cook <keescook@chromium.org>
>>> ---
>>> * Changes since v2:
>>> v2 can be seen here (https://patchwork.kernel.org/patch/9551509/)
>>>     - Changed a few minimum and maximum randomization ranges as per Michael's suggestion.
>>>     - Corrected Kees's email address in the Reviewed-by line.
>>>     - Added further comments in kconfig to explain how the address ranges were worked out.
>>>
>>> * Changes since v1:
>>> v1 can be seen here (https://lists.ozlabs.org/pipermail/linuxppc-dev/2017-February/153594.html)
>>>     - No functional change in this patch.
>>>     - Dropped PATCH 2/2 from v1 as recommended by Kees Cook.
>>>
>>>  arch/powerpc/Kconfig   | 44 ++++++++++++++++++++++++++++++++++++++++++++
>>>  arch/powerpc/mm/mmap.c |  7 ++++---
>>>  2 files changed, 48 insertions(+), 3 deletions(-)
>>>
>>> diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
>>> index 97a8bc8..84aae67 100644
>>> --- a/arch/powerpc/Kconfig
>>> +++ b/arch/powerpc/Kconfig
>>> @@ -22,6 +22,48 @@ config MMU
>>>       bool
>>>       default y
>>>
>>> +# min bits determined by the following formula:
>>> +# VA_BITS - PAGE_SHIFT - CONSTANT
>>> +# where,
>>> +#    VA_BITS = 46 bits for 64BIT and 4GB - 1 Page = 31 bits for 32BIT
>>
>>
>> Where did we derive that 46 bits from ? is that based on TASK_SIZE ?
>
> Yes. It was derived from TASK_SIZE :
> http://lxr.free-electrons.com/source/arch/powerpc/include/asm/processor.h#L105
>

That is getting update to 128TB by default and conditionally to 512TB

-aneesh
Education Directorate April 13, 2017, 7:09 a.m. UTC | #5
>>
>> Yes. It was derived from TASK_SIZE :
>>
>> http://lxr.free-electrons.com/source/arch/powerpc/include/asm/processor.h#L105
>>
>
> That is getting update to 128TB by default and conditionally to 512TB
>

Since this is compile time, we should probably keep the scope to 128TB
for now and see if we want to change things at run time later, since
the expansion is based on a hint. Suggestions?

Balbir
Bhupesh Sharma April 13, 2017, 7:46 a.m. UTC | #6
On Thu, Apr 13, 2017 at 12:28 PM, Aneesh Kumar K.V
<aneesh.kumar@linux.vnet.ibm.com> wrote:
>
>
> On Thursday 13 April 2017 12:22 PM, Bhupesh Sharma wrote:
>>
>> Hi Aneesh,
>>
>> On Thu, Apr 13, 2017 at 12:06 PM, Aneesh Kumar K.V
>> <aneesh.kumar@linux.vnet.ibm.com> wrote:
>>>
>>> Bhupesh Sharma <bhsharma@redhat.com> writes:
>>>
>>>> powerpc arch_mmap_rnd() currently uses hard-coded values -
>>>> (23-PAGE_SHIFT) for
>>>> 32-bit and (30-PAGE_SHIFT) for 64-bit, to generate the random offset
>>>> for the mmap base address for a ASLR ELF.
>>>>
>>>> This patch makes sure that powerpc mmap arch_mmap_rnd() implementation
>>>> is similar to other ARCHs (like x86, arm64) and uses mmap_rnd_bits
>>>> and helpers to generate the mmap address randomization.
>>>>
>>>> The maximum and minimum randomization range values represent
>>>> a compromise between increased ASLR effectiveness and avoiding
>>>> address-space fragmentation.
>>>>
>>>> Using the Kconfig option and suitable /proc tunable, platform
>>>> developers may choose where to place this compromise.
>>>>
>>>> Also this patch keeps the default values as new minimums.
>>>>
>>>> Signed-off-by: Bhupesh Sharma <bhsharma@redhat.com>
>>>> Reviewed-by: Kees Cook <keescook@chromium.org>
>>>> ---
>>>> * Changes since v2:
>>>> v2 can be seen here (https://patchwork.kernel.org/patch/9551509/)
>>>>     - Changed a few minimum and maximum randomization ranges as per
>>>> Michael's suggestion.
>>>>     - Corrected Kees's email address in the Reviewed-by line.
>>>>     - Added further comments in kconfig to explain how the address
>>>> ranges were worked out.
>>>>
>>>> * Changes since v1:
>>>> v1 can be seen here
>>>> (https://lists.ozlabs.org/pipermail/linuxppc-dev/2017-February/153594.html)
>>>>     - No functional change in this patch.
>>>>     - Dropped PATCH 2/2 from v1 as recommended by Kees Cook.
>>>>
>>>>  arch/powerpc/Kconfig   | 44
>>>> ++++++++++++++++++++++++++++++++++++++++++++
>>>>  arch/powerpc/mm/mmap.c |  7 ++++---
>>>>  2 files changed, 48 insertions(+), 3 deletions(-)
>>>>
>>>> diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
>>>> index 97a8bc8..84aae67 100644
>>>> --- a/arch/powerpc/Kconfig
>>>> +++ b/arch/powerpc/Kconfig
>>>> @@ -22,6 +22,48 @@ config MMU
>>>>       bool
>>>>       default y
>>>>
>>>> +# min bits determined by the following formula:
>>>> +# VA_BITS - PAGE_SHIFT - CONSTANT
>>>> +# where,
>>>> +#    VA_BITS = 46 bits for 64BIT and 4GB - 1 Page = 31 bits for 32BIT
>>>
>>>
>>>
>>> Where did we derive that 46 bits from ? is that based on TASK_SIZE ?
>>
>>
>> Yes. It was derived from TASK_SIZE :
>>
>> http://lxr.free-electrons.com/source/arch/powerpc/include/asm/processor.h#L105
>>
>
> That is getting update to 128TB by default and conditionally to 512TB

Can't find the relevant patch in linus's master branch.
Please share the appropriate patch/discussion link.

Regards,
Bhupesh
Bhupesh Sharma April 17, 2017, 4:48 a.m. UTC | #7
On Thu, Apr 13, 2017 at 12:39 PM, Balbir Singh <bsingharora@gmail.com> wrote:
>>>
>>> Yes. It was derived from TASK_SIZE :
>>>
>>> http://lxr.free-electrons.com/source/arch/powerpc/include/asm/processor.h#L105
>>>
>>
>> That is getting update to 128TB by default and conditionally to 512TB
>>
>
> Since this is compile time, we should probably keep the scope to 128TB
> for now and see if we want to change things at run time later, since
> the expansion is based on a hint. Suggestions?
>

I think this makes sense. If the conditional expansion to 512TB is
protected by a kconfig symbol, we can use the same to have separate
ranges for 128TB and 512TB using the kconfig symbol as the
differentiating factor.

Also please let me know which branch/tree to use where we are done
with the change making the default to 128TB. My v2 was based on
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
(mater branch), where the TASK_SIZE is set to 46-bits inside
'arch/powerpc/include/asm/processor.h'.

So that I can spin the v3 accordingly.

Thanks,
Bhupesh
diff mbox

Patch

diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
index 97a8bc8..84aae67 100644
--- a/arch/powerpc/Kconfig
+++ b/arch/powerpc/Kconfig
@@ -22,6 +22,48 @@  config MMU
 	bool
 	default y
 
+# min bits determined by the following formula:
+# VA_BITS - PAGE_SHIFT - CONSTANT
+# where,
+# 	VA_BITS = 46 bits for 64BIT and 4GB - 1 Page = 31 bits for 32BIT
+# 	CONSTANT = 16 for 64BIT and 8 for 32BIT
+config ARCH_MMAP_RND_BITS_MIN
+       default 5 if PPC_256K_PAGES && 32BIT  # 31 - 18 - 8 = 5
+       default 7 if PPC_64K_PAGES && 32BIT   # 31 - 16 - 8 = 7
+       default 9 if PPC_16K_PAGES && 32BIT   # 31 - 14 - 8 = 9
+       default 11 if PPC_4K_PAGES && 32BIT   # 31 - 12 - 8 = 11
+       default 12 if PPC_256K_PAGES && 64BIT # 46 - 18 - 16 = 12
+       default 14 if PPC_64K_PAGES && 64BIT  # 46 - 16 - 16 = 14
+       default 16 if PPC_16K_PAGES && 64BIT  # 46 - 14 - 16 = 16
+       default 18 if PPC_4K_PAGES && 64BIT   # 46 - 12 - 16 = 18
+
+# max bits determined by the following formula:
+# VA_BITS - PAGE_SHIFT - CONSTANT
+# where, 
+# 	VA_BITS = 46 bits for 64BIT, and 4GB - 1 Page = 31 bits for 32BIT
+# 	CONSTANT = 2, both for 64BIT and 32BIT
+config ARCH_MMAP_RND_BITS_MAX
+       default 11 if PPC_256K_PAGES && 32BIT # 31 - 18 - 2 = 11
+       default 13 if PPC_64K_PAGES && 32BIT  # 31 - 16 - 2 = 13
+       default 15 if PPC_16K_PAGES && 32BIT  # 31 - 14 - 2 = 15
+       default 17 if PPC_4K_PAGES && 32BIT   # 31 - 12 - 2 = 17
+       default 26 if PPC_256K_PAGES && 64BIT # 46 - 18 - 2 = 26
+       default 28 if PPC_64K_PAGES && 64BIT  # 46 - 16 - 2 = 28
+       default 30 if PPC_16K_PAGES && 64BIT  # 46 - 14 - 2 = 30
+       default 32 if PPC_4K_PAGES && 64BIT   # 46 - 12 - 2 = 32
+
+config ARCH_MMAP_RND_COMPAT_BITS_MIN
+       default 5 if PPC_256K_PAGES
+       default 7 if PPC_64K_PAGES
+       default 9 if PPC_16K_PAGES
+       default 11
+
+config ARCH_MMAP_RND_COMPAT_BITS_MAX
+       default 11 if PPC_256K_PAGES
+       default 13 if PPC_64K_PAGES
+       default 15 if PPC_16K_PAGES 
+       default 17
+
 config HAVE_SETUP_PER_CPU_AREA
 	def_bool PPC64
 
@@ -142,6 +184,8 @@  config PPC
 	select HAVE_IRQ_EXIT_ON_IRQ_STACK
 	select HAVE_KERNEL_GZIP
 	select HAVE_KPROBES
+	select HAVE_ARCH_MMAP_RND_BITS
+	select HAVE_ARCH_MMAP_RND_COMPAT_BITS if COMPAT
 	select HAVE_KRETPROBES
 	select HAVE_LIVEPATCH			if HAVE_DYNAMIC_FTRACE_WITH_REGS
 	select HAVE_MEMBLOCK
diff --git a/arch/powerpc/mm/mmap.c b/arch/powerpc/mm/mmap.c
index a5d9ef5..92a9355 100644
--- a/arch/powerpc/mm/mmap.c
+++ b/arch/powerpc/mm/mmap.c
@@ -61,11 +61,12 @@  unsigned long arch_mmap_rnd(void)
 {
 	unsigned long rnd;
 
-	/* 8MB for 32bit, 1GB for 64bit */
+#ifdef CONFIG_COMPAT
 	if (is_32bit_task())
-		rnd = get_random_long() % (1<<(23-PAGE_SHIFT));
+		rnd = get_random_long() & ((1UL << mmap_rnd_compat_bits) - 1);
 	else
-		rnd = get_random_long() % (1UL<<(30-PAGE_SHIFT));
+#endif
+		rnd = get_random_long() & ((1UL << mmap_rnd_bits) - 1);
 
 	return rnd << PAGE_SHIFT;
 }