From: "Roberts, William C" <william.c.roberts@intel.com>
To: "Roberts, William C" <william.c.roberts@intel.com>,
Jason Cooper <jason@lakedaemon.net>
Cc: "linux-mm@kvack.org" <linux-mm@kvack.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>,
"akpm@linux-foundation.org" <akpm@linux-foundation.org>,
"keescook@chromium.org" <keescook@chromium.org>,
"gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org>,
"nnk@google.com" <nnk@google.com>,
"jeffv@google.com" <jeffv@google.com>,
"salyzyn@android.com" <salyzyn@android.com>,
"dcashman@android.com" <dcashman@android.com>
Subject: RE: [PATCH] [RFC] Introduce mmap randomization
Date: Tue, 2 Aug 2016 17:15:25 +0000 [thread overview]
Message-ID: <476DC76E7D1DF2438D32BFADF679FC56012780D0@ORSMSX103.amr.corp.intel.com> (raw)
In-Reply-To: <476DC76E7D1DF2438D32BFADF679FC5601260068@ORSMSX103.amr.corp.intel.com>
<snip>
> >
> > No, I mean changes to mm/mmap.o.
>
>From UML build:
NEW:
0000000000001610 <unmapped_area>:
1610: 55 push %rbp
1611: 48 89 e5 mov %rsp,%rbp
1614: 41 54 push %r12
1616: 48 8d 45 e8 lea -0x18(%rbp),%rax
161a: 53 push %rbx
161b: 48 89 fb mov %rdi,%rbx
161e: 48 83 ec 10 sub $0x10,%rsp
1622: 48 25 00 e0 ff ff and $0xffffffffffffe000,%rax
1628: 48 8b 57 08 mov 0x8(%rdi),%rdx
162c: 48 03 57 20 add 0x20(%rdi),%rdx
1630: 48 8b 00 mov (%rax),%rax
1633: 4c 8b 88 b0 01 00 00 mov 0x1b0(%rax),%r9
163a: 48 c7 c0 f4 ff ff ff mov $0xfffffffffffffff4,%rax
1641: 0f 82 05 01 00 00 jb 174c <unmapped_area+0x13c>
1647: 48 8b 7f 18 mov 0x18(%rdi),%rdi
164b: 48 39 d7 cmp %rdx,%rdi
164e: 0f 82 f8 00 00 00 jb 174c <unmapped_area+0x13c>
1654: 4c 8b 63 10 mov 0x10(%rbx),%r12
1658: 48 29 d7 sub %rdx,%rdi
165b: 49 39 fc cmp %rdi,%r12
165e: 0f 87 e8 00 00 00 ja 174c <unmapped_area+0x13c>
1664: 49 8b 41 08 mov 0x8(%r9),%rax
1668: 48 85 c0 test %rax,%rax
166b: 0f 84 93 00 00 00 je 1704 <unmapped_area+0xf4>
1671: 49 8b 49 08 mov 0x8(%r9),%rcx
1675: 48 39 51 18 cmp %rdx,0x18(%rcx)
1679: 0f 82 85 00 00 00 jb 1704 <unmapped_area+0xf4>
167f: 4e 8d 14 22 lea (%rdx,%r12,1),%r10
1683: 48 83 e9 20 sub $0x20,%rcx
1687: 48 8b 31 mov (%rcx),%rsi
168a: 4c 39 d6 cmp %r10,%rsi
168d: 72 15 jb 16a4 <unmapped_area+0x94>
168f: 48 8b 41 30 mov 0x30(%rcx),%rax
1693: 48 85 c0 test %rax,%rax
1696: 74 0c je 16a4 <unmapped_area+0x94>
1698: 48 39 50 18 cmp %rdx,0x18(%rax)
169c: 72 06 jb 16a4 <unmapped_area+0x94>
169e: 48 8d 48 e0 lea -0x20(%rax),%rcx
16a2: eb e3 jmp 1687 <unmapped_area+0x77>
16a4: 48 8b 41 18 mov 0x18(%rcx),%rax
16a8: 48 85 c0 test %rax,%rax
16ab: 74 06 je 16b3 <unmapped_area+0xa3>
16ad: 4c 8b 40 08 mov 0x8(%rax),%r8
16b1: eb 03 jmp 16b6 <unmapped_area+0xa6>
16b3: 45 31 c0 xor %r8d,%r8d
16b6: 49 39 f8 cmp %rdi,%r8
16b9: 0f 87 86 00 00 00 ja 1745 <unmapped_area+0x135>
16bf: 4c 39 d6 cmp %r10,%rsi
16c2: 72 0b jb 16cf <unmapped_area+0xbf>
16c4: 48 89 f0 mov %rsi,%rax
16c7: 4c 29 c0 sub %r8,%rax
16ca: 48 39 d0 cmp %rdx,%rax
16cd: 73 49 jae 1718 <unmapped_area+0x108>
16cf: 48 8b 41 28 mov 0x28(%rcx),%rax
16d3: 48 85 c0 test %rax,%rax
16d6: 74 06 je 16de <unmapped_area+0xce>
16d8: 48 39 50 18 cmp %rdx,0x18(%rax)
16dc: 73 c0 jae 169e <unmapped_area+0x8e>
16de: 48 8b 41 20 mov 0x20(%rcx),%rax
16e2: 48 8d 71 20 lea 0x20(%rcx),%rsi
16e6: 48 83 e0 fc and $0xfffffffffffffffc,%rax
16ea: 74 18 je 1704 <unmapped_area+0xf4>
16ec: 48 3b 70 10 cmp 0x10(%rax),%rsi
16f0: 48 8d 48 e0 lea -0x20(%rax),%rcx
16f4: 75 e8 jne 16de <unmapped_area+0xce>
16f6: 48 8b 70 f8 mov -0x8(%rax),%rsi
16fa: 4c 8b 46 08 mov 0x8(%rsi),%r8
16fe: 48 8b 70 e0 mov -0x20(%rax),%rsi
1702: eb b2 jmp 16b6 <unmapped_area+0xa6>
1704: 4d 8b 41 38 mov 0x38(%r9),%r8
1708: 48 c7 c0 f4 ff ff ff mov $0xfffffffffffffff4,%rax
170f: 49 39 f8 cmp %rdi,%r8
1712: 77 38 ja 174c <unmapped_area+0x13c>
1714: 48 83 ce ff or $0xffffffffffffffff,%rsi
1718: 4d 39 e0 cmp %r12,%r8
171b: 48 b8 00 00 00 00 00 movabs $0x0,%rax
1722: 00 00 00
1725: 4d 0f 43 e0 cmovae %r8,%r12
1729: 4c 89 e7 mov %r12,%rdi
172c: ff d0 callq *%rax
172e: 48 85 c0 test %rax,%rax
1731: 4c 0f 45 e0 cmovne %rax,%r12
1735: 48 8b 43 28 mov 0x28(%rbx),%rax
1739: 4c 29 e0 sub %r12,%rax
173c: 48 23 43 20 and 0x20(%rbx),%rax
1740: 4c 01 e0 add %r12,%rax
1743: eb 07 jmp 174c <unmapped_area+0x13c>
1745: 48 c7 c0 f4 ff ff ff mov $0xfffffffffffffff4,%rax
174c: 5a pop %rdx
174d: 59 pop %rcx
174e: 5b pop %rbx
174f: 41 5c pop %r12
1751: 5d pop %rbp
1752: c3 retq
OLD:
0000000000001590 <unmapped_area>:
1590: 55 push %rbp
1591: 48 89 e5 mov %rsp,%rbp
1594: 53 push %rbx
1595: 48 8d 45 f0 lea -0x10(%rbp),%rax
1599: 4c 8b 47 20 mov 0x20(%rdi),%r8
159d: 48 25 00 e0 ff ff and $0xffffffffffffe000,%rax
15a3: 48 8b 00 mov (%rax),%rax
15a6: 4c 89 c6 mov %r8,%rsi
15a9: 48 03 77 08 add 0x8(%rdi),%rsi
15ad: 4c 8b 98 b0 01 00 00 mov 0x1b0(%rax),%r11
15b4: 48 c7 c0 f4 ff ff ff mov $0xfffffffffffffff4,%rax
15bb: 0f 82 e8 00 00 00 jb 16a9 <unmapped_area+0x119>
15c1: 4c 8b 57 18 mov 0x18(%rdi),%r10
15c5: 49 39 f2 cmp %rsi,%r10
15c8: 0f 82 db 00 00 00 jb 16a9 <unmapped_area+0x119>
15ce: 4c 8b 4f 10 mov 0x10(%rdi),%r9
15d2: 49 29 f2 sub %rsi,%r10
15d5: 4d 39 d1 cmp %r10,%r9
15d8: 0f 87 cb 00 00 00 ja 16a9 <unmapped_area+0x119>
15de: 49 8b 43 08 mov 0x8(%r11),%rax
15e2: 48 85 c0 test %rax,%rax
15e5: 0f 84 91 00 00 00 je 167c <unmapped_area+0xec>
15eb: 49 8b 53 08 mov 0x8(%r11),%rdx
15ef: 48 39 72 18 cmp %rsi,0x18(%rdx)
15f3: 0f 82 83 00 00 00 jb 167c <unmapped_area+0xec>
15f9: 4a 8d 1c 0e lea (%rsi,%r9,1),%rbx
15fd: 48 83 ea 20 sub $0x20,%rdx
1601: 48 8b 02 mov (%rdx),%rax
1604: 48 39 d8 cmp %rbx,%rax
1607: 72 15 jb 161e <unmapped_area+0x8e>
1609: 48 8b 4a 30 mov 0x30(%rdx),%rcx
160d: 48 85 c9 test %rcx,%rcx
1610: 74 0c je 161e <unmapped_area+0x8e>
1612: 48 39 71 18 cmp %rsi,0x18(%rcx)
1616: 72 06 jb 161e <unmapped_area+0x8e>
1618: 48 8d 51 e0 lea -0x20(%rcx),%rdx
161c: eb e3 jmp 1601 <unmapped_area+0x71>
161e: 48 8b 4a 18 mov 0x18(%rdx),%rcx
1622: 48 85 c9 test %rcx,%rcx
1625: 74 06 je 162d <unmapped_area+0x9d>
1627: 48 8b 49 08 mov 0x8(%rcx),%rcx
162b: eb 02 jmp 162f <unmapped_area+0x9f>
162d: 31 c9 xor %ecx,%ecx
162f: 4c 39 d1 cmp %r10,%rcx
1632: 77 6e ja 16a2 <unmapped_area+0x112>
1634: 48 39 d8 cmp %rbx,%rax
1637: 72 08 jb 1641 <unmapped_area+0xb1>
1639: 48 29 c8 sub %rcx,%rax
163c: 48 39 f0 cmp %rsi,%rax
163f: 73 4b jae 168c <unmapped_area+0xfc>
1641: 48 8b 42 28 mov 0x28(%rdx),%rax
1645: 48 85 c0 test %rax,%rax
1648: 74 0c je 1656 <unmapped_area+0xc6>
164a: 48 39 70 18 cmp %rsi,0x18(%rax)
164e: 72 06 jb 1656 <unmapped_area+0xc6>
1650: 48 8d 50 e0 lea -0x20(%rax),%rdx
1654: eb ab jmp 1601 <unmapped_area+0x71>
1656: 48 8b 42 20 mov 0x20(%rdx),%rax
165a: 48 8d 4a 20 lea 0x20(%rdx),%rcx
165e: 48 83 e0 fc and $0xfffffffffffffffc,%rax
1662: 74 18 je 167c <unmapped_area+0xec>
1664: 48 3b 48 10 cmp 0x10(%rax),%rcx
1668: 48 8d 50 e0 lea -0x20(%rax),%rdx
166c: 75 e8 jne 1656 <unmapped_area+0xc6>
166e: 48 8b 48 f8 mov -0x8(%rax),%rcx
1672: 48 8b 40 e0 mov -0x20(%rax),%rax
1676: 48 8b 49 08 mov 0x8(%rcx),%rcx
167a: eb b3 jmp 162f <unmapped_area+0x9f>
167c: 49 8b 4b 38 mov 0x38(%r11),%rcx
1680: 48 c7 c0 f4 ff ff ff mov $0xfffffffffffffff4,%rax
1687: 4c 39 d1 cmp %r10,%rcx
168a: 77 1d ja 16a9 <unmapped_area+0x119>
168c: 48 8b 47 28 mov 0x28(%rdi),%rax
1690: 4c 39 c9 cmp %r9,%rcx
1693: 49 0f 42 c9 cmovb %r9,%rcx
1697: 48 29 c8 sub %rcx,%rax
169a: 4c 21 c0 and %r8,%rax
169d: 48 01 c8 add %rcx,%rax
16a0: eb 07 jmp 16a9 <unmapped_area+0x119>
16a2: 48 c7 c0 f4 ff ff ff mov $0xfffffffffffffff4,%rax
16a9: 5b pop %rbx
16aa: 5d pop %rbp
16ab: c3 retq
<snip>
WARNING: multiple messages have this Message-ID (diff)
From: "Roberts, William C" <william.c.roberts@intel.com>
To: "Roberts, William C" <william.c.roberts@intel.com>,
Jason Cooper <jason@lakedaemon.net>
Cc: "linux-mm@kvack.org" <linux-mm@kvack.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>,
"akpm@linux-foundation.org" <akpm@linux-foundation.org>,
"keescook@chromium.org" <keescook@chromium.org>,
"gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org>,
"nnk@google.com" <nnk@google.com>,
"jeffv@google.com" <jeffv@google.com>,
"salyzyn@android.com" <salyzyn@android.com>,
"dcashman@android.com" <dcashman@android.com>
Subject: RE: [PATCH] [RFC] Introduce mmap randomization
Date: Tue, 2 Aug 2016 17:15:25 +0000 [thread overview]
Message-ID: <476DC76E7D1DF2438D32BFADF679FC56012780D0@ORSMSX103.amr.corp.intel.com> (raw)
In-Reply-To: <476DC76E7D1DF2438D32BFADF679FC5601260068@ORSMSX103.amr.corp.intel.com>
<snip>
> >
> > No, I mean changes to mm/mmap.o.
>
>From UML build:
NEW:
0000000000001610 <unmapped_area>:
1610: 55 push %rbp
1611: 48 89 e5 mov %rsp,%rbp
1614: 41 54 push %r12
1616: 48 8d 45 e8 lea -0x18(%rbp),%rax
161a: 53 push %rbx
161b: 48 89 fb mov %rdi,%rbx
161e: 48 83 ec 10 sub $0x10,%rsp
1622: 48 25 00 e0 ff ff and $0xffffffffffffe000,%rax
1628: 48 8b 57 08 mov 0x8(%rdi),%rdx
162c: 48 03 57 20 add 0x20(%rdi),%rdx
1630: 48 8b 00 mov (%rax),%rax
1633: 4c 8b 88 b0 01 00 00 mov 0x1b0(%rax),%r9
163a: 48 c7 c0 f4 ff ff ff mov $0xfffffffffffffff4,%rax
1641: 0f 82 05 01 00 00 jb 174c <unmapped_area+0x13c>
1647: 48 8b 7f 18 mov 0x18(%rdi),%rdi
164b: 48 39 d7 cmp %rdx,%rdi
164e: 0f 82 f8 00 00 00 jb 174c <unmapped_area+0x13c>
1654: 4c 8b 63 10 mov 0x10(%rbx),%r12
1658: 48 29 d7 sub %rdx,%rdi
165b: 49 39 fc cmp %rdi,%r12
165e: 0f 87 e8 00 00 00 ja 174c <unmapped_area+0x13c>
1664: 49 8b 41 08 mov 0x8(%r9),%rax
1668: 48 85 c0 test %rax,%rax
166b: 0f 84 93 00 00 00 je 1704 <unmapped_area+0xf4>
1671: 49 8b 49 08 mov 0x8(%r9),%rcx
1675: 48 39 51 18 cmp %rdx,0x18(%rcx)
1679: 0f 82 85 00 00 00 jb 1704 <unmapped_area+0xf4>
167f: 4e 8d 14 22 lea (%rdx,%r12,1),%r10
1683: 48 83 e9 20 sub $0x20,%rcx
1687: 48 8b 31 mov (%rcx),%rsi
168a: 4c 39 d6 cmp %r10,%rsi
168d: 72 15 jb 16a4 <unmapped_area+0x94>
168f: 48 8b 41 30 mov 0x30(%rcx),%rax
1693: 48 85 c0 test %rax,%rax
1696: 74 0c je 16a4 <unmapped_area+0x94>
1698: 48 39 50 18 cmp %rdx,0x18(%rax)
169c: 72 06 jb 16a4 <unmapped_area+0x94>
169e: 48 8d 48 e0 lea -0x20(%rax),%rcx
16a2: eb e3 jmp 1687 <unmapped_area+0x77>
16a4: 48 8b 41 18 mov 0x18(%rcx),%rax
16a8: 48 85 c0 test %rax,%rax
16ab: 74 06 je 16b3 <unmapped_area+0xa3>
16ad: 4c 8b 40 08 mov 0x8(%rax),%r8
16b1: eb 03 jmp 16b6 <unmapped_area+0xa6>
16b3: 45 31 c0 xor %r8d,%r8d
16b6: 49 39 f8 cmp %rdi,%r8
16b9: 0f 87 86 00 00 00 ja 1745 <unmapped_area+0x135>
16bf: 4c 39 d6 cmp %r10,%rsi
16c2: 72 0b jb 16cf <unmapped_area+0xbf>
16c4: 48 89 f0 mov %rsi,%rax
16c7: 4c 29 c0 sub %r8,%rax
16ca: 48 39 d0 cmp %rdx,%rax
16cd: 73 49 jae 1718 <unmapped_area+0x108>
16cf: 48 8b 41 28 mov 0x28(%rcx),%rax
16d3: 48 85 c0 test %rax,%rax
16d6: 74 06 je 16de <unmapped_area+0xce>
16d8: 48 39 50 18 cmp %rdx,0x18(%rax)
16dc: 73 c0 jae 169e <unmapped_area+0x8e>
16de: 48 8b 41 20 mov 0x20(%rcx),%rax
16e2: 48 8d 71 20 lea 0x20(%rcx),%rsi
16e6: 48 83 e0 fc and $0xfffffffffffffffc,%rax
16ea: 74 18 je 1704 <unmapped_area+0xf4>
16ec: 48 3b 70 10 cmp 0x10(%rax),%rsi
16f0: 48 8d 48 e0 lea -0x20(%rax),%rcx
16f4: 75 e8 jne 16de <unmapped_area+0xce>
16f6: 48 8b 70 f8 mov -0x8(%rax),%rsi
16fa: 4c 8b 46 08 mov 0x8(%rsi),%r8
16fe: 48 8b 70 e0 mov -0x20(%rax),%rsi
1702: eb b2 jmp 16b6 <unmapped_area+0xa6>
1704: 4d 8b 41 38 mov 0x38(%r9),%r8
1708: 48 c7 c0 f4 ff ff ff mov $0xfffffffffffffff4,%rax
170f: 49 39 f8 cmp %rdi,%r8
1712: 77 38 ja 174c <unmapped_area+0x13c>
1714: 48 83 ce ff or $0xffffffffffffffff,%rsi
1718: 4d 39 e0 cmp %r12,%r8
171b: 48 b8 00 00 00 00 00 movabs $0x0,%rax
1722: 00 00 00
1725: 4d 0f 43 e0 cmovae %r8,%r12
1729: 4c 89 e7 mov %r12,%rdi
172c: ff d0 callq *%rax
172e: 48 85 c0 test %rax,%rax
1731: 4c 0f 45 e0 cmovne %rax,%r12
1735: 48 8b 43 28 mov 0x28(%rbx),%rax
1739: 4c 29 e0 sub %r12,%rax
173c: 48 23 43 20 and 0x20(%rbx),%rax
1740: 4c 01 e0 add %r12,%rax
1743: eb 07 jmp 174c <unmapped_area+0x13c>
1745: 48 c7 c0 f4 ff ff ff mov $0xfffffffffffffff4,%rax
174c: 5a pop %rdx
174d: 59 pop %rcx
174e: 5b pop %rbx
174f: 41 5c pop %r12
1751: 5d pop %rbp
1752: c3 retq
OLD:
0000000000001590 <unmapped_area>:
1590: 55 push %rbp
1591: 48 89 e5 mov %rsp,%rbp
1594: 53 push %rbx
1595: 48 8d 45 f0 lea -0x10(%rbp),%rax
1599: 4c 8b 47 20 mov 0x20(%rdi),%r8
159d: 48 25 00 e0 ff ff and $0xffffffffffffe000,%rax
15a3: 48 8b 00 mov (%rax),%rax
15a6: 4c 89 c6 mov %r8,%rsi
15a9: 48 03 77 08 add 0x8(%rdi),%rsi
15ad: 4c 8b 98 b0 01 00 00 mov 0x1b0(%rax),%r11
15b4: 48 c7 c0 f4 ff ff ff mov $0xfffffffffffffff4,%rax
15bb: 0f 82 e8 00 00 00 jb 16a9 <unmapped_area+0x119>
15c1: 4c 8b 57 18 mov 0x18(%rdi),%r10
15c5: 49 39 f2 cmp %rsi,%r10
15c8: 0f 82 db 00 00 00 jb 16a9 <unmapped_area+0x119>
15ce: 4c 8b 4f 10 mov 0x10(%rdi),%r9
15d2: 49 29 f2 sub %rsi,%r10
15d5: 4d 39 d1 cmp %r10,%r9
15d8: 0f 87 cb 00 00 00 ja 16a9 <unmapped_area+0x119>
15de: 49 8b 43 08 mov 0x8(%r11),%rax
15e2: 48 85 c0 test %rax,%rax
15e5: 0f 84 91 00 00 00 je 167c <unmapped_area+0xec>
15eb: 49 8b 53 08 mov 0x8(%r11),%rdx
15ef: 48 39 72 18 cmp %rsi,0x18(%rdx)
15f3: 0f 82 83 00 00 00 jb 167c <unmapped_area+0xec>
15f9: 4a 8d 1c 0e lea (%rsi,%r9,1),%rbx
15fd: 48 83 ea 20 sub $0x20,%rdx
1601: 48 8b 02 mov (%rdx),%rax
1604: 48 39 d8 cmp %rbx,%rax
1607: 72 15 jb 161e <unmapped_area+0x8e>
1609: 48 8b 4a 30 mov 0x30(%rdx),%rcx
160d: 48 85 c9 test %rcx,%rcx
1610: 74 0c je 161e <unmapped_area+0x8e>
1612: 48 39 71 18 cmp %rsi,0x18(%rcx)
1616: 72 06 jb 161e <unmapped_area+0x8e>
1618: 48 8d 51 e0 lea -0x20(%rcx),%rdx
161c: eb e3 jmp 1601 <unmapped_area+0x71>
161e: 48 8b 4a 18 mov 0x18(%rdx),%rcx
1622: 48 85 c9 test %rcx,%rcx
1625: 74 06 je 162d <unmapped_area+0x9d>
1627: 48 8b 49 08 mov 0x8(%rcx),%rcx
162b: eb 02 jmp 162f <unmapped_area+0x9f>
162d: 31 c9 xor %ecx,%ecx
162f: 4c 39 d1 cmp %r10,%rcx
1632: 77 6e ja 16a2 <unmapped_area+0x112>
1634: 48 39 d8 cmp %rbx,%rax
1637: 72 08 jb 1641 <unmapped_area+0xb1>
1639: 48 29 c8 sub %rcx,%rax
163c: 48 39 f0 cmp %rsi,%rax
163f: 73 4b jae 168c <unmapped_area+0xfc>
1641: 48 8b 42 28 mov 0x28(%rdx),%rax
1645: 48 85 c0 test %rax,%rax
1648: 74 0c je 1656 <unmapped_area+0xc6>
164a: 48 39 70 18 cmp %rsi,0x18(%rax)
164e: 72 06 jb 1656 <unmapped_area+0xc6>
1650: 48 8d 50 e0 lea -0x20(%rax),%rdx
1654: eb ab jmp 1601 <unmapped_area+0x71>
1656: 48 8b 42 20 mov 0x20(%rdx),%rax
165a: 48 8d 4a 20 lea 0x20(%rdx),%rcx
165e: 48 83 e0 fc and $0xfffffffffffffffc,%rax
1662: 74 18 je 167c <unmapped_area+0xec>
1664: 48 3b 48 10 cmp 0x10(%rax),%rcx
1668: 48 8d 50 e0 lea -0x20(%rax),%rdx
166c: 75 e8 jne 1656 <unmapped_area+0xc6>
166e: 48 8b 48 f8 mov -0x8(%rax),%rcx
1672: 48 8b 40 e0 mov -0x20(%rax),%rax
1676: 48 8b 49 08 mov 0x8(%rcx),%rcx
167a: eb b3 jmp 162f <unmapped_area+0x9f>
167c: 49 8b 4b 38 mov 0x38(%r11),%rcx
1680: 48 c7 c0 f4 ff ff ff mov $0xfffffffffffffff4,%rax
1687: 4c 39 d1 cmp %r10,%rcx
168a: 77 1d ja 16a9 <unmapped_area+0x119>
168c: 48 8b 47 28 mov 0x28(%rdi),%rax
1690: 4c 39 c9 cmp %r9,%rcx
1693: 49 0f 42 c9 cmovb %r9,%rcx
1697: 48 29 c8 sub %rcx,%rax
169a: 4c 21 c0 and %r8,%rax
169d: 48 01 c8 add %rcx,%rax
16a0: eb 07 jmp 16a9 <unmapped_area+0x119>
16a2: 48 c7 c0 f4 ff ff ff mov $0xfffffffffffffff4,%rax
16a9: 5b pop %rbx
16aa: 5d pop %rbp
16ab: c3 retq
<snip>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: "Roberts, William C" <william.c.roberts@intel.com>
To: "Roberts, William C" <william.c.roberts@intel.com>,
Jason Cooper <jason@lakedaemon.net>
Cc: "linux-mm@kvack.org" <linux-mm@kvack.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>,
"akpm@linux-foundation.org" <akpm@linux-foundation.org>,
"keescook@chromium.org" <keescook@chromium.org>,
"gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org>,
"nnk@google.com" <nnk@google.com>,
"jeffv@google.com" <jeffv@google.com>,
"salyzyn@android.com" <salyzyn@android.com>,
"dcashman@android.com" <dcashman@android.com>
Subject: [kernel-hardening] RE: [PATCH] [RFC] Introduce mmap randomization
Date: Tue, 2 Aug 2016 17:15:25 +0000 [thread overview]
Message-ID: <476DC76E7D1DF2438D32BFADF679FC56012780D0@ORSMSX103.amr.corp.intel.com> (raw)
In-Reply-To: <476DC76E7D1DF2438D32BFADF679FC5601260068@ORSMSX103.amr.corp.intel.com>
<snip>
> >
> > No, I mean changes to mm/mmap.o.
>
>From UML build:
NEW:
0000000000001610 <unmapped_area>:
1610: 55 push %rbp
1611: 48 89 e5 mov %rsp,%rbp
1614: 41 54 push %r12
1616: 48 8d 45 e8 lea -0x18(%rbp),%rax
161a: 53 push %rbx
161b: 48 89 fb mov %rdi,%rbx
161e: 48 83 ec 10 sub $0x10,%rsp
1622: 48 25 00 e0 ff ff and $0xffffffffffffe000,%rax
1628: 48 8b 57 08 mov 0x8(%rdi),%rdx
162c: 48 03 57 20 add 0x20(%rdi),%rdx
1630: 48 8b 00 mov (%rax),%rax
1633: 4c 8b 88 b0 01 00 00 mov 0x1b0(%rax),%r9
163a: 48 c7 c0 f4 ff ff ff mov $0xfffffffffffffff4,%rax
1641: 0f 82 05 01 00 00 jb 174c <unmapped_area+0x13c>
1647: 48 8b 7f 18 mov 0x18(%rdi),%rdi
164b: 48 39 d7 cmp %rdx,%rdi
164e: 0f 82 f8 00 00 00 jb 174c <unmapped_area+0x13c>
1654: 4c 8b 63 10 mov 0x10(%rbx),%r12
1658: 48 29 d7 sub %rdx,%rdi
165b: 49 39 fc cmp %rdi,%r12
165e: 0f 87 e8 00 00 00 ja 174c <unmapped_area+0x13c>
1664: 49 8b 41 08 mov 0x8(%r9),%rax
1668: 48 85 c0 test %rax,%rax
166b: 0f 84 93 00 00 00 je 1704 <unmapped_area+0xf4>
1671: 49 8b 49 08 mov 0x8(%r9),%rcx
1675: 48 39 51 18 cmp %rdx,0x18(%rcx)
1679: 0f 82 85 00 00 00 jb 1704 <unmapped_area+0xf4>
167f: 4e 8d 14 22 lea (%rdx,%r12,1),%r10
1683: 48 83 e9 20 sub $0x20,%rcx
1687: 48 8b 31 mov (%rcx),%rsi
168a: 4c 39 d6 cmp %r10,%rsi
168d: 72 15 jb 16a4 <unmapped_area+0x94>
168f: 48 8b 41 30 mov 0x30(%rcx),%rax
1693: 48 85 c0 test %rax,%rax
1696: 74 0c je 16a4 <unmapped_area+0x94>
1698: 48 39 50 18 cmp %rdx,0x18(%rax)
169c: 72 06 jb 16a4 <unmapped_area+0x94>
169e: 48 8d 48 e0 lea -0x20(%rax),%rcx
16a2: eb e3 jmp 1687 <unmapped_area+0x77>
16a4: 48 8b 41 18 mov 0x18(%rcx),%rax
16a8: 48 85 c0 test %rax,%rax
16ab: 74 06 je 16b3 <unmapped_area+0xa3>
16ad: 4c 8b 40 08 mov 0x8(%rax),%r8
16b1: eb 03 jmp 16b6 <unmapped_area+0xa6>
16b3: 45 31 c0 xor %r8d,%r8d
16b6: 49 39 f8 cmp %rdi,%r8
16b9: 0f 87 86 00 00 00 ja 1745 <unmapped_area+0x135>
16bf: 4c 39 d6 cmp %r10,%rsi
16c2: 72 0b jb 16cf <unmapped_area+0xbf>
16c4: 48 89 f0 mov %rsi,%rax
16c7: 4c 29 c0 sub %r8,%rax
16ca: 48 39 d0 cmp %rdx,%rax
16cd: 73 49 jae 1718 <unmapped_area+0x108>
16cf: 48 8b 41 28 mov 0x28(%rcx),%rax
16d3: 48 85 c0 test %rax,%rax
16d6: 74 06 je 16de <unmapped_area+0xce>
16d8: 48 39 50 18 cmp %rdx,0x18(%rax)
16dc: 73 c0 jae 169e <unmapped_area+0x8e>
16de: 48 8b 41 20 mov 0x20(%rcx),%rax
16e2: 48 8d 71 20 lea 0x20(%rcx),%rsi
16e6: 48 83 e0 fc and $0xfffffffffffffffc,%rax
16ea: 74 18 je 1704 <unmapped_area+0xf4>
16ec: 48 3b 70 10 cmp 0x10(%rax),%rsi
16f0: 48 8d 48 e0 lea -0x20(%rax),%rcx
16f4: 75 e8 jne 16de <unmapped_area+0xce>
16f6: 48 8b 70 f8 mov -0x8(%rax),%rsi
16fa: 4c 8b 46 08 mov 0x8(%rsi),%r8
16fe: 48 8b 70 e0 mov -0x20(%rax),%rsi
1702: eb b2 jmp 16b6 <unmapped_area+0xa6>
1704: 4d 8b 41 38 mov 0x38(%r9),%r8
1708: 48 c7 c0 f4 ff ff ff mov $0xfffffffffffffff4,%rax
170f: 49 39 f8 cmp %rdi,%r8
1712: 77 38 ja 174c <unmapped_area+0x13c>
1714: 48 83 ce ff or $0xffffffffffffffff,%rsi
1718: 4d 39 e0 cmp %r12,%r8
171b: 48 b8 00 00 00 00 00 movabs $0x0,%rax
1722: 00 00 00
1725: 4d 0f 43 e0 cmovae %r8,%r12
1729: 4c 89 e7 mov %r12,%rdi
172c: ff d0 callq *%rax
172e: 48 85 c0 test %rax,%rax
1731: 4c 0f 45 e0 cmovne %rax,%r12
1735: 48 8b 43 28 mov 0x28(%rbx),%rax
1739: 4c 29 e0 sub %r12,%rax
173c: 48 23 43 20 and 0x20(%rbx),%rax
1740: 4c 01 e0 add %r12,%rax
1743: eb 07 jmp 174c <unmapped_area+0x13c>
1745: 48 c7 c0 f4 ff ff ff mov $0xfffffffffffffff4,%rax
174c: 5a pop %rdx
174d: 59 pop %rcx
174e: 5b pop %rbx
174f: 41 5c pop %r12
1751: 5d pop %rbp
1752: c3 retq
OLD:
0000000000001590 <unmapped_area>:
1590: 55 push %rbp
1591: 48 89 e5 mov %rsp,%rbp
1594: 53 push %rbx
1595: 48 8d 45 f0 lea -0x10(%rbp),%rax
1599: 4c 8b 47 20 mov 0x20(%rdi),%r8
159d: 48 25 00 e0 ff ff and $0xffffffffffffe000,%rax
15a3: 48 8b 00 mov (%rax),%rax
15a6: 4c 89 c6 mov %r8,%rsi
15a9: 48 03 77 08 add 0x8(%rdi),%rsi
15ad: 4c 8b 98 b0 01 00 00 mov 0x1b0(%rax),%r11
15b4: 48 c7 c0 f4 ff ff ff mov $0xfffffffffffffff4,%rax
15bb: 0f 82 e8 00 00 00 jb 16a9 <unmapped_area+0x119>
15c1: 4c 8b 57 18 mov 0x18(%rdi),%r10
15c5: 49 39 f2 cmp %rsi,%r10
15c8: 0f 82 db 00 00 00 jb 16a9 <unmapped_area+0x119>
15ce: 4c 8b 4f 10 mov 0x10(%rdi),%r9
15d2: 49 29 f2 sub %rsi,%r10
15d5: 4d 39 d1 cmp %r10,%r9
15d8: 0f 87 cb 00 00 00 ja 16a9 <unmapped_area+0x119>
15de: 49 8b 43 08 mov 0x8(%r11),%rax
15e2: 48 85 c0 test %rax,%rax
15e5: 0f 84 91 00 00 00 je 167c <unmapped_area+0xec>
15eb: 49 8b 53 08 mov 0x8(%r11),%rdx
15ef: 48 39 72 18 cmp %rsi,0x18(%rdx)
15f3: 0f 82 83 00 00 00 jb 167c <unmapped_area+0xec>
15f9: 4a 8d 1c 0e lea (%rsi,%r9,1),%rbx
15fd: 48 83 ea 20 sub $0x20,%rdx
1601: 48 8b 02 mov (%rdx),%rax
1604: 48 39 d8 cmp %rbx,%rax
1607: 72 15 jb 161e <unmapped_area+0x8e>
1609: 48 8b 4a 30 mov 0x30(%rdx),%rcx
160d: 48 85 c9 test %rcx,%rcx
1610: 74 0c je 161e <unmapped_area+0x8e>
1612: 48 39 71 18 cmp %rsi,0x18(%rcx)
1616: 72 06 jb 161e <unmapped_area+0x8e>
1618: 48 8d 51 e0 lea -0x20(%rcx),%rdx
161c: eb e3 jmp 1601 <unmapped_area+0x71>
161e: 48 8b 4a 18 mov 0x18(%rdx),%rcx
1622: 48 85 c9 test %rcx,%rcx
1625: 74 06 je 162d <unmapped_area+0x9d>
1627: 48 8b 49 08 mov 0x8(%rcx),%rcx
162b: eb 02 jmp 162f <unmapped_area+0x9f>
162d: 31 c9 xor %ecx,%ecx
162f: 4c 39 d1 cmp %r10,%rcx
1632: 77 6e ja 16a2 <unmapped_area+0x112>
1634: 48 39 d8 cmp %rbx,%rax
1637: 72 08 jb 1641 <unmapped_area+0xb1>
1639: 48 29 c8 sub %rcx,%rax
163c: 48 39 f0 cmp %rsi,%rax
163f: 73 4b jae 168c <unmapped_area+0xfc>
1641: 48 8b 42 28 mov 0x28(%rdx),%rax
1645: 48 85 c0 test %rax,%rax
1648: 74 0c je 1656 <unmapped_area+0xc6>
164a: 48 39 70 18 cmp %rsi,0x18(%rax)
164e: 72 06 jb 1656 <unmapped_area+0xc6>
1650: 48 8d 50 e0 lea -0x20(%rax),%rdx
1654: eb ab jmp 1601 <unmapped_area+0x71>
1656: 48 8b 42 20 mov 0x20(%rdx),%rax
165a: 48 8d 4a 20 lea 0x20(%rdx),%rcx
165e: 48 83 e0 fc and $0xfffffffffffffffc,%rax
1662: 74 18 je 167c <unmapped_area+0xec>
1664: 48 3b 48 10 cmp 0x10(%rax),%rcx
1668: 48 8d 50 e0 lea -0x20(%rax),%rdx
166c: 75 e8 jne 1656 <unmapped_area+0xc6>
166e: 48 8b 48 f8 mov -0x8(%rax),%rcx
1672: 48 8b 40 e0 mov -0x20(%rax),%rax
1676: 48 8b 49 08 mov 0x8(%rcx),%rcx
167a: eb b3 jmp 162f <unmapped_area+0x9f>
167c: 49 8b 4b 38 mov 0x38(%r11),%rcx
1680: 48 c7 c0 f4 ff ff ff mov $0xfffffffffffffff4,%rax
1687: 4c 39 d1 cmp %r10,%rcx
168a: 77 1d ja 16a9 <unmapped_area+0x119>
168c: 48 8b 47 28 mov 0x28(%rdi),%rax
1690: 4c 39 c9 cmp %r9,%rcx
1693: 49 0f 42 c9 cmovb %r9,%rcx
1697: 48 29 c8 sub %rcx,%rax
169a: 4c 21 c0 and %r8,%rax
169d: 48 01 c8 add %rcx,%rax
16a0: eb 07 jmp 16a9 <unmapped_area+0x119>
16a2: 48 c7 c0 f4 ff ff ff mov $0xfffffffffffffff4,%rax
16a9: 5b pop %rbx
16aa: 5d pop %rbp
16ab: c3 retq
<snip>
next prev parent reply other threads:[~2016-08-02 17:30 UTC|newest]
Thread overview: 73+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-26 18:22 [PATCH] [RFC] Introduce mmap randomization william.c.roberts
2016-07-26 18:22 ` [kernel-hardening] " william.c.roberts
2016-07-26 18:22 ` william.c.roberts
2016-07-26 18:22 ` [kernel-hardening] " william.c.roberts
2016-07-26 20:03 ` Jason Cooper
2016-07-26 20:03 ` [kernel-hardening] " Jason Cooper
2016-07-26 20:11 ` Roberts, William C
2016-07-26 20:11 ` [kernel-hardening] " Roberts, William C
2016-07-26 20:13 ` Roberts, William C
2016-07-26 20:13 ` [kernel-hardening] " Roberts, William C
2016-07-26 20:13 ` Roberts, William C
2016-07-26 20:59 ` Jason Cooper
2016-07-26 20:59 ` [kernel-hardening] " Jason Cooper
2016-07-26 20:59 ` Jason Cooper
2016-07-26 21:06 ` Roberts, William C
2016-07-26 21:06 ` [kernel-hardening] " Roberts, William C
2016-07-26 21:06 ` Roberts, William C
2016-07-26 21:44 ` Jason Cooper
2016-07-26 21:44 ` [kernel-hardening] " Jason Cooper
2016-07-26 21:44 ` Jason Cooper
2016-07-26 23:51 ` Dave Hansen
2016-07-26 23:51 ` [kernel-hardening] " Dave Hansen
2016-07-26 23:51 ` Dave Hansen
2016-08-02 17:17 ` Roberts, William C
2016-08-02 17:17 ` [kernel-hardening] " Roberts, William C
2016-08-02 17:17 ` Roberts, William C
2016-08-03 18:19 ` Roberts, William C
2016-08-03 18:19 ` [kernel-hardening] " Roberts, William C
2016-08-03 18:19 ` Roberts, William C
2016-08-02 17:15 ` Roberts, William C [this message]
2016-08-02 17:15 ` [kernel-hardening] " Roberts, William C
2016-08-02 17:15 ` Roberts, William C
2016-07-27 16:59 ` Nick Kralevich
2016-07-27 16:59 ` [kernel-hardening] " Nick Kralevich
2016-07-27 16:59 ` Nick Kralevich
2016-07-28 21:07 ` Jason Cooper
2016-07-28 21:07 ` [kernel-hardening] " Jason Cooper
2016-07-28 21:07 ` Jason Cooper
2016-07-29 10:10 ` [kernel-hardening] " Daniel Micay
2016-07-31 22:24 ` Jason Cooper
2016-07-31 22:24 ` Jason Cooper
2016-08-01 0:24 ` Daniel Micay
2016-08-02 16:57 ` Roberts, William C
2016-08-02 16:57 ` [kernel-hardening] " Roberts, William C
2016-08-02 16:57 ` Roberts, William C
2016-08-02 17:02 ` Nick Kralevich
2016-08-02 17:02 ` [kernel-hardening] " Nick Kralevich
2016-08-02 17:02 ` Nick Kralevich
2016-08-14 16:31 ` Pavel Machek 1
2016-08-14 16:31 ` [kernel-hardening] " Pavel Machek 1
2016-08-14 16:31 ` Pavel Machek 1
2016-07-26 20:12 ` [kernel-hardening] " Rik van Riel
2016-07-26 20:17 ` Roberts, William C
2016-07-26 20:17 ` Roberts, William C
2016-07-26 20:17 ` Roberts, William C
2016-07-26 20:41 ` Nick Kralevich
2016-07-26 20:41 ` [kernel-hardening] " Nick Kralevich
2016-07-26 21:02 ` Roberts, William C
2016-07-26 21:02 ` [kernel-hardening] " Roberts, William C
2016-07-26 21:11 ` Nick Kralevich
2016-07-26 21:11 ` [kernel-hardening] " Nick Kralevich
2016-07-26 21:11 ` Nick Kralevich
2016-08-14 16:22 ` Pavel Machek
2016-08-14 16:22 ` [kernel-hardening] " Pavel Machek
2016-08-04 16:53 ` [kernel-hardening] " Daniel Micay
2016-08-04 16:55 ` Roberts, William C
2016-08-04 16:55 ` Roberts, William C
2016-08-04 17:10 ` Daniel Micay
2016-07-26 18:27 william.c.roberts
2016-07-26 19:26 ` Kirill A. Shutemov
2016-07-26 19:57 ` Roberts, William C
2016-07-26 20:29 ` Kirill A. Shutemov
2016-07-26 20:35 ` Roberts, William C
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=476DC76E7D1DF2438D32BFADF679FC56012780D0@ORSMSX103.amr.corp.intel.com \
--to=william.c.roberts@intel.com \
--cc=akpm@linux-foundation.org \
--cc=dcashman@android.com \
--cc=gregkh@linuxfoundation.org \
--cc=jason@lakedaemon.net \
--cc=jeffv@google.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=nnk@google.com \
--cc=salyzyn@android.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.