From patchwork Thu Nov 24 17:32:45 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matt Redfearn X-Patchwork-Id: 9446141 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id EBF6A606DB for ; Thu, 24 Nov 2016 17:33:08 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E11122623D for ; Thu, 24 Nov 2016 17:33:08 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id D59DA27FBC; Thu, 24 Nov 2016 17:33:08 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 0CFCF2623D for ; Thu, 24 Nov 2016 17:33:07 +0000 (UTC) Received: (qmail 5147 invoked by uid 550); 24 Nov 2016 17:33:05 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: kernel-hardening@lists.openwall.com Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 4081 invoked from network); 24 Nov 2016 17:33:04 -0000 From: Matt Redfearn To: Ralf Baechle CC: , , Matt Redfearn , Kees Cook , Paul Gortmaker , , Daniel Cashman , Andrew Morton Date: Thu, 24 Nov 2016 17:32:45 +0000 Message-ID: <1480008765-3876-1-git-send-email-matt.redfearn@imgtec.com> X-Mailer: git-send-email 2.7.4 MIME-Version: 1.0 X-Originating-IP: [10.150.130.83] Subject: [kernel-hardening] [PATCH] MIPS: Add support for ARCH_MMAP_RND_{COMPAT_}BITS X-Virus-Scanned: ClamAV using ClamSMTP arch_mmap_rnd() uses hard-coded limits of 16MB for the randomisation of mmap within 32bit processes and 256MB in 64bit processes. Since v4.4 other arches support tuning this value in /proc/sys/vm/mmap_rnd_bits. Add support for this to MIPS. Set the minimum(default) number of bits randomisation for 32bit to 8 - which with 4k pagesize is unchanged from the current 16MB total randomness. The minimum(default) for 64bit is 12bits, again with 4k pagesize this is the same as the current 256MB. This patch is necessary for MIPS32 to pass the Android CTS tests, with the number of random bits set to 15. Signed-off-by: Matt Redfearn Reviewed-by: Kees Cook --- arch/mips/Kconfig | 16 ++++++++++++++++ arch/mips/mm/mmap.c | 10 +++++----- 2 files changed, 21 insertions(+), 5 deletions(-) diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig index b3c5bde43d34..d72cf6129b2c 100644 --- a/arch/mips/Kconfig +++ b/arch/mips/Kconfig @@ -13,6 +13,8 @@ config MIPS select HAVE_PERF_EVENTS select PERF_USE_VMALLOC select HAVE_ARCH_KGDB + select HAVE_ARCH_MMAP_RND_BITS if MMU + select HAVE_ARCH_MMAP_RND_COMPAT_BITS if MMU && COMPAT select HAVE_ARCH_SECCOMP_FILTER select HAVE_ARCH_TRACEHOOK select HAVE_CBPF_JIT if !CPU_MICROMIPS @@ -3073,6 +3075,20 @@ config MMU bool default y +config ARCH_MMAP_RND_BITS_MIN + default 12 if 64BIT + default 8 + +config ARCH_MMAP_RND_BITS_MAX + default 18 if 64BIT + default 15 + +config ARCH_MMAP_RND_COMPAT_BITS_MIN + default 8 + +config ARCH_MMAP_RND_COMPAT_BITS_MAX + default 15 + config I8253 bool select CLKSRC_I8253 diff --git a/arch/mips/mm/mmap.c b/arch/mips/mm/mmap.c index d08ea3ff0f53..d6d92c02308d 100644 --- a/arch/mips/mm/mmap.c +++ b/arch/mips/mm/mmap.c @@ -146,14 +146,14 @@ unsigned long arch_mmap_rnd(void) { unsigned long rnd; - rnd = get_random_long(); - rnd <<= PAGE_SHIFT; +#ifdef CONFIG_COMPAT if (TASK_IS_32BIT_ADDR) - rnd &= 0xfffffful; + rnd = get_random_long() & ((1UL << mmap_rnd_compat_bits) - 1); else - rnd &= 0xffffffful; +#endif /* CONFIG_COMPAT */ + rnd = get_random_long() & ((1UL << mmap_rnd_bits) - 1); - return rnd; + return rnd << PAGE_SHIFT; } void arch_pick_mmap_layout(struct mm_struct *mm)