[0/2] handle worst-case heap randomization in mmap_base

Message ID	20190312173248.13490-1-alisaidi@amazon.com (mailing list archive)
Headers	show Return-Path: <linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org> From: Ali Saidi <alisaidi@amazon.com> To: <linux-kernel@vger.kernel.org>, <linux-arm-kernel@lists.infradead.org>, <x86@kernel.org> Subject: [PATCH 0/2] handle worst-case heap randomization in mmap_base Date: Tue, 12 Mar 2019 17:32:46 +0000 Message-ID: <20190312173248.13490-1-alisaidi@amazon.com> MIME-Version: 1.0 Precedence: list Cc: Kees Cook <keescook@chromium.org>, Peter Zijlstra <peterz@infradead.org>, Catalin Marinas <catalin.marinas@arm.com>, Dave Hansen <dave.hansen@linux.intel.com>, Will Deacon <will.deacon@arm.com>, Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>, David Woodhouse <dwmw@amazon.co.uk>, Andy Lutomirski <luto@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>, Andrew Morton <akpm@linux-foundation.org>, Thomas Gleixner <tglx@linutronix.de>, Ali Saidi <alisaidi@amazon.com>, Anthony Liguori <aliguori@amazon.com> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org> Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org
Series	handle worst-case heap randomization in mmap_base \| expand [0/2] handle worst-case heap randomization in mmap_base [1/2] arm64/mmap: handle worst-case heap randomization in mmap_base [2/2] x86/mmap: handle worst-case heap randomization in mmap_base

Message ID

20190312173248.13490-1-alisaidi@amazon.com (mailing list archive)

Headers

From: Ali Saidi <alisaidi@amazon.com>
To: <linux-kernel@vger.kernel.org>, <linux-arm-kernel@lists.infradead.org>,
 <x86@kernel.org>
Subject: [PATCH 0/2] handle worst-case heap randomization in mmap_base
Date: Tue, 12 Mar 2019 17:32:46 +0000
Message-ID: <20190312173248.13490-1-alisaidi@amazon.com>
MIME-Version: 1.0
Precedence: list
Cc: Kees Cook <keescook@chromium.org>, Peter Zijlstra <peterz@infradead.org>,
 Catalin
 Marinas <catalin.marinas@arm.com>, Dave Hansen <dave.hansen@linux.intel.com>,
 Will Deacon <will.deacon@arm.com>, Ingo Molnar <mingo@redhat.com>,
 Borislav Petkov <bp@alien8.de>, David Woodhouse <dwmw@amazon.co.uk>,
 Andy Lutomirski <luto@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>,
 Andrew Morton <akpm@linux-foundation.org>,
 Thomas Gleixner <tglx@linutronix.de>, Ali Saidi <alisaidi@amazon.com>,
 Anthony Liguori <aliguori@amazon.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org

Series

handle worst-case heap randomization in mmap_base | expand

Message

Ali Saidi March 12, 2019, 5:32 p.m. UTC

Increase mmap_base by the worst-case brk randomization so that the stack and
heap remain apart.

In Linux 4.13 a change was committed that special cased the kernel ELF
loader when the loader is invoked directly (eab09532d400; binfmt_elf: use
ELF_ET_DYN_BASE only for PIE). Generally, the loader isn’t invoked
directly and this issue is limited to cases where it is, (e.g to set a
non-inheritable LD_LIBRARY_PATH, testing new versions of the loader). In
those rare cases, the loader doesn't take into account the amount of brk
randomization that will be applied by arch_randomize_brk(). This can
lead to the stack and heap being arbitrarily close to each other.

Ali Saidi (2):
  arm64/mmap: handle worst-case heap randomization in mmap_base
  x86/mmap: handle worst-case heap randomization in mmap_base

 arch/arm64/mm/mmap.c | 8 ++++++++
 arch/x86/mm/mmap.c   | 4 ++++
 2 files changed, 12 insertions(+)