From patchwork Fri Jun 2 15:20:09 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Rik van Riel X-Patchwork-Id: 9762839 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id E0DF060365 for ; Fri, 2 Jun 2017 15:28:40 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D2A2A284D1 for ; Fri, 2 Jun 2017 15:28:40 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C68A428517; Fri, 2 Jun 2017 15:28:40 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 0F2BA284D1 for ; Fri, 2 Jun 2017 15:28:39 +0000 (UTC) Received: (qmail 30105 invoked by uid 550); 2 Jun 2017 15:28:38 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 30074 invoked from network); 2 Jun 2017 15:28:37 -0000 X-Authentication-Warning: annuminas.surriel.com: riel set sender to riel@redhat.com using -f From: riel@redhat.com To: linux-kernel@vger.kernel.org Cc: kernel-hardening@lists.openwall.com, akpm@linux-foundation.org, mingo@kernel.org, oleg@redhat.com, lwoodman@redhat.com, mhocko@suse.de, danielmicay@gmail.com, will.deacon@arm.com, benh@kernel.crashing.org Date: Fri, 2 Jun 2017 11:20:09 -0400 Message-Id: <20170602152010.2064-6-riel@redhat.com> X-Mailer: git-send-email 2.9.3 In-Reply-To: <20170602152010.2064-1-riel@redhat.com> References: <20170602152010.2064-1-riel@redhat.com> Subject: [kernel-hardening] [PATCH 5/6] arm64: move COMPAT_ELF_ET_DYN_BASE lower in the address space X-Virus-Scanned: ClamAV using ClamSMTP From: Rik van Riel When setting up mmap_base, we take care to start the mmap base below the maximum extent to which the stack will grow. However, we take no such precautions with PIE binaries, which are placed at 2/3 of TASK_SIZE plus a random offset. As a result, 32 bit PIE binaries can end up smack in the middle of where the stack (which is randomized down) is supposed to go. That problem can be avoided by putting the 32 bit ELF_ET_DYN_BASE at 256MB, which is a value linux-hardened and grsecurity have used for a long time now without any known (to me) bug reports. Signed-off-by: Rik van Riel Signed-off-by: Daniel Micay --- arch/arm64/include/asm/elf.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/include/asm/elf.h b/arch/arm64/include/asm/elf.h index 5d1700425efe..88808a761816 100644 --- a/arch/arm64/include/asm/elf.h +++ b/arch/arm64/include/asm/elf.h @@ -173,7 +173,7 @@ extern int arch_setup_additional_pages(struct linux_binprm *bprm, #ifdef CONFIG_COMPAT -#define COMPAT_ELF_ET_DYN_BASE (2 * TASK_SIZE_32 / 3) +#define COMPAT_ELF_ET_DYN_BASE (0x10000000UL) /* AArch32 registers. */ #define COMPAT_ELF_NGREG 18