From patchwork Thu Apr 28 14:17:22 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jon Medhurst (Tixy)" X-Patchwork-Id: 8971201 Return-Path: X-Original-To: patchwork-linux-arm@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 976B69F1D3 for ; Thu, 28 Apr 2016 14:19:21 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id AB7482027D for ; Thu, 28 Apr 2016 14:19:20 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.9]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id C3DC420109 for ; Thu, 28 Apr 2016 14:19:19 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1avmlc-0005Ub-OP; Thu, 28 Apr 2016 14:18:08 +0000 Received: from smarthost03d.mail.zen.net.uk ([212.23.1.23]) by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1avmlG-0004kZ-7q for linux-arm-kernel@lists.infradead.org; Thu, 28 Apr 2016 14:17:48 +0000 Received: from [82.69.122.217] (helo=linaro2) by smarthost03d.mail.zen.net.uk with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1avmkt-0006UI-Rh; Thu, 28 Apr 2016 14:17:23 +0000 Message-ID: <1461853042.2848.24.camel@linaro.org> Subject: Re: [RFC PATCH] arm64: Make arch_randomize_brk avoid stack area From: "Jon Medhurst (Tixy)" To: Catalin Marinas , Will Deacon Date: Thu, 28 Apr 2016 15:17:22 +0100 In-Reply-To: <1461848638.2848.19.camel@linaro.org> References: <1461848638.2848.19.camel@linaro.org> X-Mailer: Evolution 3.12.9-1+b1 Mime-Version: 1.0 X-Originating-smarthost03d-IP: [82.69.122.217] X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20160428_071746_603557_AE8AAF58 X-CRM114-Status: GOOD ( 15.40 ) X-Spam-Score: -1.9 (-) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kees Cook , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Spam-Status: No, score=-5.2 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Sorry, the code patch has errors (I forgot to commit fixes before running git format-patch), the correct code, which was in the kernel I built and tested, is at the end of this email. On Thu, 2016-04-28 at 14:03 +0100, Jon Medhurst (Tixy) wrote: Some incorrect code... > diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c > index 8062482..7126a5a 100644 > --- a/arch/arm64/kernel/process.c > +++ b/arch/arm64/kernel/process.c > @@ -382,13 +382,24 @@ unsigned long arch_align_stack(unsigned long sp) > return sp & ~0xf; > } > > -static unsigned long randomize_base(unsigned long base) > +unsigned long arch_randomize_brk(struct mm_struct *mm) > { > unsigned long range_end = base + (STACK_RND_MASK << PAGE_SHIFT) + 1; > - return randomize_range(base, range_end, 0) ? : base; > -} > + unsigned long max_stack, range_limit; > > -unsigned long arch_randomize_brk(struct mm_struct *mm) > -{ > - return randomize_base(mm->brk); > + /* > + * Determine how much room do we need to leave available for the stack. > + * We limit this to a reasonable value, because extremely large or > + * unlimited stacks are always going to bump up against brk at some > + * point and we don't want to fail to randomise brk in those cases. > + */ > + max_stack = rlimit(RLIMIT_STACK); > + if (max_stack > SZ_128M) > + max_stack = SZ_128M; > + > + range_limit = mm->start_stack - max_stack - 1; > + if (range_end > range_limit) > + range_end > range_limit > + > + return randomize_range(mm->brk, range_end, 0) ? : mm->brk; > } Corrected code... arch/arm64/kernel/process.c | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index 07c4c53..7e0f404 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -434,13 +434,25 @@ unsigned long arch_align_stack(unsigned long sp) return sp & ~0xf; } -static unsigned long randomize_base(unsigned long base) +unsigned long arch_randomize_brk(struct mm_struct *mm) { + unsigned long base = mm->brk; unsigned long range_end = base + (STACK_RND_MASK << PAGE_SHIFT) + 1; - return randomize_range(base, range_end, 0) ? : base; -} + unsigned long max_stack, range_limit; -unsigned long arch_randomize_brk(struct mm_struct *mm) -{ - return randomize_base(mm->brk); + /* + * Determine how much room do we need to leave available for the stack. + * We limit this to a reasonable value, because extremely large or + * unlimited stacks are always going to bump up against brk at some + * point and we don't want to fail to randomise brk in those cases. + */ + max_stack = rlimit(RLIMIT_STACK); + if (max_stack > SZ_128M) + max_stack = SZ_128M; + + range_limit = mm->start_stack - max_stack - 1; + if (range_end > range_limit) + range_end = range_limit; + + return randomize_range(base, range_end, 0) ? : base; }