Message ID | 20190526134746.9315-6-alex@ghiti.fr (mailing list archive) |
---|---|
State | Superseded |
Headers | show |
Series | Provide generic top-down mmap layout functions | expand |
On Sun, May 26, 2019 at 09:47:37AM -0400, Alexandre Ghiti wrote: > This commits selects ARCH_HAS_ELF_RANDOMIZE when an arch uses the generic > topdown mmap layout functions so that this security feature is on by > default. > Note that this commit also removes the possibility for arm64 to have elf > randomization and no MMU: without MMU, the security added by randomization > is worth nothing. > > Signed-off-by: Alexandre Ghiti <alex@ghiti.fr> Acked-by: Kees Cook <keescook@chromium.org> -Kees > --- > arch/Kconfig | 1 + > arch/arm64/Kconfig | 1 - > arch/arm64/kernel/process.c | 8 -------- > mm/util.c | 11 +++++++++-- > 4 files changed, 10 insertions(+), 11 deletions(-) > > diff --git a/arch/Kconfig b/arch/Kconfig > index df3ab04270fa..3732654446cc 100644 > --- a/arch/Kconfig > +++ b/arch/Kconfig > @@ -710,6 +710,7 @@ config HAVE_ARCH_COMPAT_MMAP_BASES > config ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT > bool > depends on MMU > + select ARCH_HAS_ELF_RANDOMIZE > > config HAVE_COPY_THREAD_TLS > bool > diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig > index 3d754c19c11e..403bd3fffdbc 100644 > --- a/arch/arm64/Kconfig > +++ b/arch/arm64/Kconfig > @@ -15,7 +15,6 @@ config ARM64 > select ARCH_HAS_DMA_MMAP_PGPROT > select ARCH_HAS_DMA_PREP_COHERENT > select ARCH_HAS_ACPI_TABLE_UPGRADE if ACPI > - select ARCH_HAS_ELF_RANDOMIZE > select ARCH_HAS_FAST_MULTIPLIER > select ARCH_HAS_FORTIFY_SOURCE > select ARCH_HAS_GCOV_PROFILE_ALL > diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c > index 3767fb21a5b8..3f85f8f2d665 100644 > --- a/arch/arm64/kernel/process.c > +++ b/arch/arm64/kernel/process.c > @@ -535,14 +535,6 @@ unsigned long arch_align_stack(unsigned long sp) > return sp & ~0xf; > } > > -unsigned long arch_randomize_brk(struct mm_struct *mm) > -{ > - if (is_compat_task()) > - return randomize_page(mm->brk, SZ_32M); > - else > - return randomize_page(mm->brk, SZ_1G); > -} > - > /* > * Called from setup_new_exec() after (COMPAT_)SET_PERSONALITY. > */ > diff --git a/mm/util.c b/mm/util.c > index 717f5d75c16e..8a38126edc74 100644 > --- a/mm/util.c > +++ b/mm/util.c > @@ -319,7 +319,15 @@ unsigned long randomize_stack_top(unsigned long stack_top) > } > > #ifdef CONFIG_ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT > -#ifdef CONFIG_ARCH_HAS_ELF_RANDOMIZE > +unsigned long arch_randomize_brk(struct mm_struct *mm) > +{ > + /* Is the current task 32bit ? */ > + if (!IS_ENABLED(CONFIG_64BIT) || is_compat_task()) > + return randomize_page(mm->brk, SZ_32M); > + > + return randomize_page(mm->brk, SZ_1G); > +} > + > unsigned long arch_mmap_rnd(void) > { > unsigned long rnd; > @@ -333,7 +341,6 @@ unsigned long arch_mmap_rnd(void) > > return rnd << PAGE_SHIFT; > } > -#endif /* CONFIG_ARCH_HAS_ELF_RANDOMIZE */ > > static int mmap_is_legacy(struct rlimit *rlim_stack) > { > -- > 2.20.1 >
Looks good,
Reviewed-by: Christoph Hellwig <hch@lst.de>
On 6/1/19 11:04 AM, Christoph Hellwig wrote: > Looks good, > > Reviewed-by: Christoph Hellwig <hch@lst.de> Thanks for your time, Alex > > _______________________________________________ > linux-riscv mailing list > linux-riscv@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/linux-riscv
On Sun, May 26, 2019 at 09:47:37AM -0400, Alexandre Ghiti wrote: > This commits selects ARCH_HAS_ELF_RANDOMIZE when an arch uses the generic > topdown mmap layout functions so that this security feature is on by > default. > Note that this commit also removes the possibility for arm64 to have elf > randomization and no MMU: without MMU, the security added by randomization > is worth nothing. Not planning on this anytime soon ;). Acked-by: Catalin Marinas <catalin.marinas@arm.com>
On 6/3/19 1:40 PM, Catalin Marinas wrote: > On Sun, May 26, 2019 at 09:47:37AM -0400, Alexandre Ghiti wrote: >> This commits selects ARCH_HAS_ELF_RANDOMIZE when an arch uses the generic >> topdown mmap layout functions so that this security feature is on by >> default. >> Note that this commit also removes the possibility for arm64 to have elf >> randomization and no MMU: without MMU, the security added by randomization >> is worth nothing. > Not planning on this anytime soon ;). Great :) Thanks for your time, Alex > > Acked-by: Catalin Marinas <catalin.marinas@arm.com> > > _______________________________________________ > linux-riscv mailing list > linux-riscv@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/linux-riscv
diff --git a/arch/Kconfig b/arch/Kconfig index df3ab04270fa..3732654446cc 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -710,6 +710,7 @@ config HAVE_ARCH_COMPAT_MMAP_BASES config ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT bool depends on MMU + select ARCH_HAS_ELF_RANDOMIZE config HAVE_COPY_THREAD_TLS bool diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 3d754c19c11e..403bd3fffdbc 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -15,7 +15,6 @@ config ARM64 select ARCH_HAS_DMA_MMAP_PGPROT select ARCH_HAS_DMA_PREP_COHERENT select ARCH_HAS_ACPI_TABLE_UPGRADE if ACPI - select ARCH_HAS_ELF_RANDOMIZE select ARCH_HAS_FAST_MULTIPLIER select ARCH_HAS_FORTIFY_SOURCE select ARCH_HAS_GCOV_PROFILE_ALL diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index 3767fb21a5b8..3f85f8f2d665 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -535,14 +535,6 @@ unsigned long arch_align_stack(unsigned long sp) return sp & ~0xf; } -unsigned long arch_randomize_brk(struct mm_struct *mm) -{ - if (is_compat_task()) - return randomize_page(mm->brk, SZ_32M); - else - return randomize_page(mm->brk, SZ_1G); -} - /* * Called from setup_new_exec() after (COMPAT_)SET_PERSONALITY. */ diff --git a/mm/util.c b/mm/util.c index 717f5d75c16e..8a38126edc74 100644 --- a/mm/util.c +++ b/mm/util.c @@ -319,7 +319,15 @@ unsigned long randomize_stack_top(unsigned long stack_top) } #ifdef CONFIG_ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT -#ifdef CONFIG_ARCH_HAS_ELF_RANDOMIZE +unsigned long arch_randomize_brk(struct mm_struct *mm) +{ + /* Is the current task 32bit ? */ + if (!IS_ENABLED(CONFIG_64BIT) || is_compat_task()) + return randomize_page(mm->brk, SZ_32M); + + return randomize_page(mm->brk, SZ_1G); +} + unsigned long arch_mmap_rnd(void) { unsigned long rnd; @@ -333,7 +341,6 @@ unsigned long arch_mmap_rnd(void) return rnd << PAGE_SHIFT; } -#endif /* CONFIG_ARCH_HAS_ELF_RANDOMIZE */ static int mmap_is_legacy(struct rlimit *rlim_stack) {
This commits selects ARCH_HAS_ELF_RANDOMIZE when an arch uses the generic topdown mmap layout functions so that this security feature is on by default. Note that this commit also removes the possibility for arm64 to have elf randomization and no MMU: without MMU, the security added by randomization is worth nothing. Signed-off-by: Alexandre Ghiti <alex@ghiti.fr> --- arch/Kconfig | 1 + arch/arm64/Kconfig | 1 - arch/arm64/kernel/process.c | 8 -------- mm/util.c | 11 +++++++++-- 4 files changed, 10 insertions(+), 11 deletions(-)