diff options
author | Dave Jones <davej@redhat.com> | 2011-09-19 16:44:51 -0400 |
---|---|---|
committer | Dave Jones <davej@redhat.com> | 2011-09-19 16:44:51 -0400 |
commit | bd4ac46f6678cb4a789516ee15990a4ce66e894b (patch) | |
tree | a045b207f221a08d0e2df8f10645a4d0369f4022 /linux-2.6-32bit-mmap-exec-randomization.patch | |
parent | 90792faae211f9978fa9704df74afc6bff5b668f (diff) | |
download | kernel-bd4ac46f6678cb4a789516ee15990a4ce66e894b.tar.gz kernel-bd4ac46f6678cb4a789516ee15990a4ce66e894b.tar.xz kernel-bd4ac46f6678cb4a789516ee15990a4ce66e894b.zip |
Merge some improvements to the 32bit mmap randomisation from Kees Cook.
Diffstat (limited to 'linux-2.6-32bit-mmap-exec-randomization.patch')
-rw-r--r-- | linux-2.6-32bit-mmap-exec-randomization.patch | 27 |
1 files changed, 26 insertions, 1 deletions
diff --git a/linux-2.6-32bit-mmap-exec-randomization.patch b/linux-2.6-32bit-mmap-exec-randomization.patch index 6008173b0..c25323323 100644 --- a/linux-2.6-32bit-mmap-exec-randomization.patch +++ b/linux-2.6-32bit-mmap-exec-randomization.patch @@ -152,7 +152,7 @@ Main executable randomisation (PIE) : 12 bits (guessed) struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr) --- a/arch/x86/mm/mmap.c +++ b/arch/x86/mm/mmap.c -@@ -124,13 +124,16 @@ static unsigned long mmap_legacy_base(void) +@@ -124,13 +124,19 @@ static unsigned long mmap_legacy_base(void) */ void arch_pick_mmap_layout(struct mm_struct *mm) { @@ -163,9 +163,12 @@ Main executable randomisation (PIE) : 12 bits (guessed) } else { mm->mmap_base = mmap_base(); mm->get_unmapped_area = arch_get_unmapped_area_topdown; ++#ifdef CONFIG_X86_32 + if (!(current->personality & READ_IMPLIES_EXEC) ++ && !(__supported_pte_mask & _PAGE_NX) + && mmap_is_ia32()) + mm->get_unmapped_exec_area = arch_get_unmapped_exec_area; ++#endif mm->unmap_area = arch_unmap_area_topdown; } } @@ -224,3 +227,25 @@ Main executable randomisation (PIE) : 12 bits (guessed) if (new_addr & ~PAGE_MASK) { ret = new_addr; goto out; +diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c +index 57d1868..29c0c35 100644 +--- a/arch/x86/kernel/process.c ++++ b/arch/x86/kernel/process.c +@@ -669,6 +669,16 @@ unsigned long arch_align_stack(unsigned long sp) + unsigned long arch_randomize_brk(struct mm_struct *mm) + { + unsigned long range_end = mm->brk + 0x02000000; +- return randomize_range(mm->brk, range_end, 0) ? : mm->brk; ++ unsigned long bump = 0; ++#ifdef CONFIG_X86_32 ++ /* in the case of NX emulation, shove the brk segment way out of the ++ way of the exec randomization area, since it can collide with ++ future allocations if not. */ ++ if ( (mm->get_unmapped_exec_area == arch_get_unmapped_exec_area) && ++ (mm->brk < 0x08000000) ) { ++ bump = (TASK_SIZE/6); ++ } ++#endif ++ return bump + (randomize_range(mm->brk, range_end, 0) ? : mm->brk); + } + |