From patchwork Fri Oct  2 17:19:21 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Topi Miettinen <toiwoton@gmail.com>
X-Patchwork-Id: 11814163
Return-Path: <SRS0=pvy/=DJ=kvack.org=owner-linux-mm@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id EE17B112E
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Fri,  2 Oct 2020 17:19:34 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 83EDC20795
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Fri,  2 Oct 2020 17:19:34 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=fail reason="signature verification failed" (2048-bit key)
 header.d=gmail.com header.i=@gmail.com header.b="Q/Q4/e7p"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 83EDC20795
Authentication-Results: mail.kernel.org;
 dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: mail.kernel.org;
 spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 8BCD36B005C; Fri,  2 Oct 2020 13:19:33 -0400 (EDT)
Delivered-To: linux-mm-outgoing@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 86FA76B005D; Fri,  2 Oct 2020 13:19:33 -0400 (EDT)
X-Original-To: int-list-linux-mm@kvack.org
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 75D956B0062; Fri,  2 Oct 2020 13:19:33 -0400 (EDT)
X-Original-To: linux-mm@kvack.org
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0120.hostedemail.com
 [216.40.44.120])
	by kanga.kvack.org (Postfix) with ESMTP id 481696B005C
	for <linux-mm@kvack.org>; Fri,  2 Oct 2020 13:19:33 -0400 (EDT)
Received: from smtpin11.hostedemail.com (10.5.19.251.rfc1918.com
 [10.5.19.251])
	by forelay01.hostedemail.com (Postfix) with ESMTP id D781B180AD806
	for <linux-mm@kvack.org>; Fri,  2 Oct 2020 17:19:32 +0000 (UTC)
X-FDA: 77327646984.11.night68_0204de3271a5
Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251])
	by smtpin11.hostedemail.com (Postfix) with ESMTP id AF1AB180F8B86
	for <linux-mm@kvack.org>; Fri,  2 Oct 2020 17:19:32 +0000 (UTC)
X-Spam-Summary: 
 1,0,0,2c1ffe6cda509850,d41d8cd98f00b204,toiwoton@gmail.com,,RULES_HIT:41:355:379:541:800:960:968:973:988:989:1260:1311:1314:1345:1437:1515:1535:1542:1711:1730:1747:1777:1792:2194:2199:2393:2559:2562:2908:3138:3139:3140:3141:3142:3354:3865:3867:3868:3870:3871:3872:3874:4250:4321:4605:5007:6261:6653:7514:7903:7904:8603:8660:9413:10004:11026:11473:11658:11914:12043:12295:12296:12297:12517:12519:12555:12895:13148:13161:13229:13230:13894:14093:14096:14181:14394:14687:14721:21080:21444:21627:21666:21939:21990:30054:30070,0,RBL:209.85.167.66:@gmail.com:.lbl8.mailshell.net-66.100.201.100
 62.18.0.100;04yrek3asntwmebt9f7bde4kahpxkopmp7oyh8gu5a1nbub5xkiqufmyp91tehg.4ybo5jtzka8se7wo9d6rzza3dg8exaxyffaprwg9epayg9hpgwgs4e3jpbkffuh.1-lbl8.mailshell.net-223.238.255.100,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not
 bulk,SPF:fp,MSBL:0,DNSBL:neutral,Custom_rules:0:0:0,LFtime:24,LUA_SUMMARY:none
X-HE-Tag: night68_0204de3271a5
X-Filterd-Recvd-Size: 5309
Received: from mail-lf1-f66.google.com (mail-lf1-f66.google.com
 [209.85.167.66])
	by imf44.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Fri,  2 Oct 2020 17:19:32 +0000 (UTC)
Received: by mail-lf1-f66.google.com with SMTP id y2so2762903lfy.10
        for <linux-mm@kvack.org>; Fri, 02 Oct 2020 10:19:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=f11Np4EabR5kyo8frCO/ZNHz5Z8j1seV9AzKGqNc86k=;
        b=Q/Q4/e7p8AVkLKqFMUwWuG6tUqSA2klNHBX1Fw5WjuZ8L3rFNisQ9IsKOih+d/8wtg
         Fl4Hdtumi06e1+TDaavddHoE6LOj7dyR87ZUOAzWOFvL2SODPLQyLRShhr3HsU0gBEy9
         HWt11koNZgYPaFh1izrBBFR50NohWsnhVo+UAeMo0BMHps4UkX4O/Goe/Yvi2MQO6DkC
         IScMDHymx6kUiEhF10x7IVODm7IM9yLPVIuG3QIXEhMDNnkR0PbYYWiSyvDdakLGey5k
         +JbZmzyKD+JBL8grQjho2bfIgxNrDfsMLwtwWlgsfNR9KrsLrL286QvcpcFSUWOOKwea
         jNBA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=f11Np4EabR5kyo8frCO/ZNHz5Z8j1seV9AzKGqNc86k=;
        b=gMTO4chn1FaDi9vggYjiL+qrv5h93A2Hj5lAwMHARlWNj4J2IxeZ5iCH8SnkpvzqRo
         Dbpx1o20TnzPQolQmWugSwmIkB37/M9sHuymgTqlJBJ7scSLmih22oZE9/pM7M7iKnMo
         IjxSQbEjsysOyekGAxVJzAQlvjjEM/FaGmsciCELTDsYOF3tAAELViikbMkTaYbFxjnu
         D9FGtvqpMRNz7G1f/ZSHDN/oB7oHeL+UtSRf9K7rITK+HgKiyqmbwVWFAX9a1sasBIW6
         eTVtK7TE0X8wNdXhrOnek9Bdsv9p3FxhgxFGjq/xRztna/6IUqOJguYx6zMn3iCnNuo/
         ludw==
X-Gm-Message-State: AOAM530SIw30dZ47AfGoAwcnq8Tb2JH4mrfiPOS6sI5U++kDEL+oUgIz
	whhzY7QR/F++lo6oAD6AFtU=
X-Google-Smtp-Source: 
 ABdhPJzHtmKRCFkSaQLI/UXyy6dZxCBOVWzX5T5QEeqdtDZczqa16aYvFi+BYVgk4EZDG6GCEfJgjA==
X-Received: by 2002:ac2:4d10:: with SMTP id r16mr1135238lfi.58.1601659170679;
        Fri, 02 Oct 2020 10:19:30 -0700 (PDT)
Received: from localhost.localdomain (88-114-211-119.elisa-laajakaista.fi.
 [88.114.211.119])
        by smtp.gmail.com with ESMTPSA id
 m204sm409012lfd.307.2020.10.02.10.19.29
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 02 Oct 2020 10:19:30 -0700 (PDT)
From: Topi Miettinen <toiwoton@gmail.com>
To: akpm@linux-foundation.org,
	linux-mm@kvack.org,
	linux-kernel@vger.kernel.org
Cc: Topi Miettinen <toiwoton@gmail.com>
Subject: [PATCH] mm: optionally disable brk()
Date: Fri,  2 Oct 2020 20:19:21 +0300
Message-Id: <20201002171921.3053-1-toiwoton@gmail.com>
X-Mailer: git-send-email 2.28.0
MIME-Version: 1.0
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

The brk() system call allows to change data segment size (heap). This
is mainly used by glibc for memory allocation, but it can use mmap()
and that results in more randomized memory mappings since the heap is
always located at fixed offset to program while mmap()ed memory is
randomized.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
---
 init/Kconfig    | 15 +++++++++++++++
 kernel/sys_ni.c |  2 ++
 mm/mmap.c       |  2 ++
 3 files changed, 19 insertions(+)

diff --git a/init/Kconfig b/init/Kconfig
index c5ea2e694f6a..53735ac305d8 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1851,6 +1851,20 @@ config SLUB_MEMCG_SYSFS_ON
 	  controlled by slub_memcg_sysfs boot parameter and this
 	  config option determines the parameter's default value.
 
+config BRK_SYSCALL
+	bool "Enable brk() system call" if EXPERT
+	default y
+	help
+	  Enable the brk() system call that allows to change data
+	  segment size (heap). This is mainly used by glibc for memory
+	  allocation, but it can use mmap() and that results in more
+	  randomized memory mappings since the heap is always located
+	  at fixed offset to program while mmap()ed memory is
+	  randomized.
+
+	  If unsure, say Y for maximum compatibility.
+
+if BRK_SYSCALL
 config COMPAT_BRK
 	bool "Disable heap randomization"
 	default y
@@ -1862,6 +1876,7 @@ config COMPAT_BRK
 	  /proc/sys/kernel/randomize_va_space to 2 or 3.
 
 	  On non-ancient distros (post-2000 ones) N is usually a safe choice.
+endif # BRK_SYSCALL
 
 choice
 	prompt "Choose SLAB allocator"
diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c
index 4d59775ea79c..3ffa5c4002e1 100644
--- a/kernel/sys_ni.c
+++ b/kernel/sys_ni.c
@@ -299,6 +299,8 @@ COND_SYSCALL(recvmmsg_time32);
 COND_SYSCALL_COMPAT(recvmmsg_time32);
 COND_SYSCALL_COMPAT(recvmmsg_time64);
 
+COND_SYSCALL(brk);
+
 /*
  * Architecture specific syscalls: see further below
  */
diff --git a/mm/mmap.c b/mm/mmap.c
index 489368f43af1..653be2c8982a 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -188,6 +188,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma)
 
 static int do_brk_flags(unsigned long addr, unsigned long request, unsigned long flags,
 		struct list_head *uf);
+#ifdef CONFIG_BRK_SYSCALL
 SYSCALL_DEFINE1(brk, unsigned long, brk)
 {
 	unsigned long retval;
@@ -286,6 +287,7 @@ SYSCALL_DEFINE1(brk, unsigned long, brk)
 	mmap_write_unlock(mm);
 	return retval;
 }
+#endif
 
 static inline unsigned long vma_compute_gap(struct vm_area_struct *vma)
 {