From: Daniel Cashman <dcashman@android.com>
To: Kees Cook <keescook@chromium.org>
Cc: LKML <linux-kernel@vger.kernel.org>,
Russell King - ARM Linux <linux@arm.linux.org.uk>,
Andrew Morton <akpm@linux-foundation.org>,
Ingo Molnar <mingo@kernel.org>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
Jonathan Corbet <corbet@lwn.net>, Don Zickus <dzickus@redhat.com>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Heinrich Schuchardt <xypron.glpk@gmx.de>,
jpoimboe@redhat.com,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
n-horiguchi@ah.jp.nec.com, Andrea Arcangeli <aarcange@redhat.com>,
Mel Gorman <mgorman@suse.de>,
Thomas Gleixner <tglx@linutronix.de>,
David Rientjes <rientjes@google.com>,
Linux-MM <linux-mm@kvack.org>,
"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
Mark Salyzyn <salyzyn@android.com>,
Jeffrey Vander Stoep <jeffv@google.com>,
Nick Kralevich <nnk@google.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will.deacon@arm.com>,
"H. Peter Anvin" <hpa@zytor.com>,
"x86@kernel.org" <x86@kernel.org>, Hector Marco <hecmargi@upv.es>,
Borislav Petkov <bp@suse.de>,
Daniel Cashman <dcashman@google.com>
Subject: Re: [PATCH v4 4/4] x86: mm: support ARCH_MMAP_RND_BITS.
Date: Tue, 1 Dec 2015 10:19:32 -0800 [thread overview]
Message-ID: <565DE4B4.5050305@android.com> (raw)
In-Reply-To: <CAGXu5j+Wj_=27gsYStV5OuwNSznux7MtDcMuYe5wM2ORrna_TQ@mail.gmail.com>
On 11/30/2015 04:03 PM, Kees Cook wrote:
> On Thu, Nov 26, 2015 at 2:59 PM, Daniel Cashman <dcashman@android.com> wrote:
>> diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c
>> index 844b06d..647fecf 100644
>> --- a/arch/x86/mm/mmap.c
>> +++ b/arch/x86/mm/mmap.c
>> @@ -69,14 +69,14 @@ unsigned long arch_mmap_rnd(void)
>> {
>> unsigned long rnd;
>>
>> - /*
>> - * 8 bits of randomness in 32bit mmaps, 20 address space bits
>> - * 28 bits of randomness in 64bit mmaps, 40 address space bits
>> - */
>> if (mmap_is_ia32())
>> - rnd = (unsigned long)get_random_int() % (1<<8);
>> +#ifdef CONFIG_COMPAT
>> + rnd = (unsigned long)get_random_int() % (1 << mmap_rnd_compat_bits);
>> +#else
>> + rnd = (unsigned long)get_random_int() % (1 << mmap_rnd_bits);
>> +#endif
>> else
>> - rnd = (unsigned long)get_random_int() % (1<<28);
>> + rnd = (unsigned long)get_random_int() % (1 << mmap_rnd_bits);
>>
>> return rnd << PAGE_SHIFT;
>> }
>> --
>> 2.6.0.rc2.230.g3dd15c0
>>
>
> Can you rework this logic to look more like the arm64 one? I think
> it's more readable as:
>
> #ifdef CONFIG_COMPAT
> if (mmap_is_ia32())
> rnd = (unsigned long)get_random_int() % (1 << mmap_rnd_compat_bits);
> else
> #endif
> rnd = (unsigned long)get_random_int() % (1 << mmap_rnd_bits);
>
> -Kees
>
There is a subtle difference between the two that requires this
difference. the x86 code was written to be used by both 32-bit and
64-bit kernels, whereas the arm64 code runs only for 64-bit. The
assumption I've made with arm64 is that TIF_32BIT should never be set if
CONFIG_COMPAT is not set, but with x86 we could encounter a 32-bit
application without CONFIG_COMPAT, in which case it should use the
default mmap_rnd_bits, not compat, since there is no compat.
-Dan
WARNING: multiple messages have this Message-ID (diff)
From: Daniel Cashman <dcashman@android.com>
To: Kees Cook <keescook@chromium.org>
Cc: LKML <linux-kernel@vger.kernel.org>,
Russell King - ARM Linux <linux@arm.linux.org.uk>,
Andrew Morton <akpm@linux-foundation.org>,
Ingo Molnar <mingo@kernel.org>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
Jonathan Corbet <corbet@lwn.net>, Don Zickus <dzickus@redhat.com>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Heinrich Schuchardt <xypron.glpk@gmx.de>,
jpoimboe@redhat.com,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
n-horiguchi@ah.jp.nec.com, Andrea Arcangeli <aarcange@redhat.com>,
Mel Gorman <mgorman@suse.de>,
Thomas Gleixner <tglx@linutronix.de>,
David Rientjes <rientjes@google.com>,
Linux-MM <linux-mm@kvack.org>,
"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
Mark Salyzyn <salyzyn@android.com>,
Jeffrey Vander Stoep <jeffv@google.com>,
Nick Kralevich <nnk@google.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will.deacon@arm.com>,
"H. Peter Anvin" <hpa@zytor.com>,
"x86@kernel.org" <x86@kernel.org>, Hector Marco <hecmargi@upv.es>,
Borislav Petkov <bp@suse.de>,
Daniel Cashman <dcashman@google.com>
Subject: Re: [PATCH v4 4/4] x86: mm: support ARCH_MMAP_RND_BITS.
Date: Tue, 1 Dec 2015 10:19:32 -0800 [thread overview]
Message-ID: <565DE4B4.5050305@android.com> (raw)
In-Reply-To: <CAGXu5j+Wj_=27gsYStV5OuwNSznux7MtDcMuYe5wM2ORrna_TQ@mail.gmail.com>
On 11/30/2015 04:03 PM, Kees Cook wrote:
> On Thu, Nov 26, 2015 at 2:59 PM, Daniel Cashman <dcashman@android.com> wrote:
>> diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c
>> index 844b06d..647fecf 100644
>> --- a/arch/x86/mm/mmap.c
>> +++ b/arch/x86/mm/mmap.c
>> @@ -69,14 +69,14 @@ unsigned long arch_mmap_rnd(void)
>> {
>> unsigned long rnd;
>>
>> - /*
>> - * 8 bits of randomness in 32bit mmaps, 20 address space bits
>> - * 28 bits of randomness in 64bit mmaps, 40 address space bits
>> - */
>> if (mmap_is_ia32())
>> - rnd = (unsigned long)get_random_int() % (1<<8);
>> +#ifdef CONFIG_COMPAT
>> + rnd = (unsigned long)get_random_int() % (1 << mmap_rnd_compat_bits);
>> +#else
>> + rnd = (unsigned long)get_random_int() % (1 << mmap_rnd_bits);
>> +#endif
>> else
>> - rnd = (unsigned long)get_random_int() % (1<<28);
>> + rnd = (unsigned long)get_random_int() % (1 << mmap_rnd_bits);
>>
>> return rnd << PAGE_SHIFT;
>> }
>> --
>> 2.6.0.rc2.230.g3dd15c0
>>
>
> Can you rework this logic to look more like the arm64 one? I think
> it's more readable as:
>
> #ifdef CONFIG_COMPAT
> if (mmap_is_ia32())
> rnd = (unsigned long)get_random_int() % (1 << mmap_rnd_compat_bits);
> else
> #endif
> rnd = (unsigned long)get_random_int() % (1 << mmap_rnd_bits);
>
> -Kees
>
There is a subtle difference between the two that requires this
difference. the x86 code was written to be used by both 32-bit and
64-bit kernels, whereas the arm64 code runs only for 64-bit. The
assumption I've made with arm64 is that TIF_32BIT should never be set if
CONFIG_COMPAT is not set, but with x86 we could encounter a 32-bit
application without CONFIG_COMPAT, in which case it should use the
default mmap_rnd_bits, not compat, since there is no compat.
-Dan
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: dcashman@android.com (Daniel Cashman)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v4 4/4] x86: mm: support ARCH_MMAP_RND_BITS.
Date: Tue, 1 Dec 2015 10:19:32 -0800 [thread overview]
Message-ID: <565DE4B4.5050305@android.com> (raw)
In-Reply-To: <CAGXu5j+Wj_=27gsYStV5OuwNSznux7MtDcMuYe5wM2ORrna_TQ@mail.gmail.com>
On 11/30/2015 04:03 PM, Kees Cook wrote:
> On Thu, Nov 26, 2015 at 2:59 PM, Daniel Cashman <dcashman@android.com> wrote:
>> diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c
>> index 844b06d..647fecf 100644
>> --- a/arch/x86/mm/mmap.c
>> +++ b/arch/x86/mm/mmap.c
>> @@ -69,14 +69,14 @@ unsigned long arch_mmap_rnd(void)
>> {
>> unsigned long rnd;
>>
>> - /*
>> - * 8 bits of randomness in 32bit mmaps, 20 address space bits
>> - * 28 bits of randomness in 64bit mmaps, 40 address space bits
>> - */
>> if (mmap_is_ia32())
>> - rnd = (unsigned long)get_random_int() % (1<<8);
>> +#ifdef CONFIG_COMPAT
>> + rnd = (unsigned long)get_random_int() % (1 << mmap_rnd_compat_bits);
>> +#else
>> + rnd = (unsigned long)get_random_int() % (1 << mmap_rnd_bits);
>> +#endif
>> else
>> - rnd = (unsigned long)get_random_int() % (1<<28);
>> + rnd = (unsigned long)get_random_int() % (1 << mmap_rnd_bits);
>>
>> return rnd << PAGE_SHIFT;
>> }
>> --
>> 2.6.0.rc2.230.g3dd15c0
>>
>
> Can you rework this logic to look more like the arm64 one? I think
> it's more readable as:
>
> #ifdef CONFIG_COMPAT
> if (mmap_is_ia32())
> rnd = (unsigned long)get_random_int() % (1 << mmap_rnd_compat_bits);
> else
> #endif
> rnd = (unsigned long)get_random_int() % (1 << mmap_rnd_bits);
>
> -Kees
>
There is a subtle difference between the two that requires this
difference. the x86 code was written to be used by both 32-bit and
64-bit kernels, whereas the arm64 code runs only for 64-bit. The
assumption I've made with arm64 is that TIF_32BIT should never be set if
CONFIG_COMPAT is not set, but with x86 we could encounter a 32-bit
application without CONFIG_COMPAT, in which case it should use the
default mmap_rnd_bits, not compat, since there is no compat.
-Dan
next prev parent reply other threads:[~2015-12-01 18:19 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-26 22:59 [PATCH v4 0/4] Allow customizable random offset to mmap_base address Daniel Cashman
2015-11-26 22:59 ` Daniel Cashman
2015-11-26 22:59 ` Daniel Cashman
2015-11-26 22:59 ` [PATCH v4 1/4] mm: mmap: Add new /proc tunable for mmap_base ASLR Daniel Cashman
2015-11-26 22:59 ` Daniel Cashman
2015-11-26 22:59 ` Daniel Cashman
2015-11-26 22:59 ` [PATCH v4 2/4] arm: mm: support ARCH_MMAP_RND_BITS Daniel Cashman
2015-11-26 22:59 ` Daniel Cashman
2015-11-26 22:59 ` Daniel Cashman
2015-11-26 22:59 ` [PATCH v4 3/4] arm64: " Daniel Cashman
2015-11-26 22:59 ` Daniel Cashman
2015-11-26 22:59 ` Daniel Cashman
2015-11-26 22:59 ` [PATCH v4 4/4] x86: " Daniel Cashman
2015-11-26 22:59 ` Daniel Cashman
2015-11-26 22:59 ` Daniel Cashman
2015-12-01 0:03 ` Kees Cook
2015-12-01 0:03 ` Kees Cook
2015-12-01 0:03 ` Kees Cook
2015-12-01 18:19 ` Daniel Cashman [this message]
2015-12-01 18:19 ` Daniel Cashman
2015-12-01 18:19 ` Daniel Cashman
2015-11-30 23:54 ` [PATCH v4 1/4] mm: mmap: Add new /proc tunable for mmap_base ASLR Andrew Morton
2015-11-30 23:54 ` Andrew Morton
2015-11-30 23:54 ` Andrew Morton
2015-12-01 0:01 ` Andrew Morton
2015-12-01 0:01 ` Andrew Morton
2015-12-01 0:01 ` Andrew Morton
2015-12-01 0:04 ` Kees Cook
2015-12-01 0:04 ` Kees Cook
2015-12-01 0:04 ` Kees Cook
2015-12-01 0:18 ` Andrew Morton
2015-12-01 0:18 ` Andrew Morton
2015-12-01 0:18 ` Andrew Morton
2015-12-01 0:47 ` Daniel Cashman
2015-12-01 0:47 ` Daniel Cashman
2015-12-01 0:47 ` Daniel Cashman
2015-12-01 0:55 ` Eric W. Biederman
2015-12-01 0:55 ` Eric W. Biederman
2015-12-01 0:55 ` Eric W. Biederman
2015-12-01 22:09 ` Andrew Morton
2015-12-01 22:09 ` Andrew Morton
2015-12-01 22:09 ` Andrew Morton
2015-12-01 1:00 ` Kees Cook
2015-12-01 1:00 ` Kees Cook
2015-12-01 1:00 ` Kees Cook
2015-12-01 0:05 ` Kees Cook
2015-12-01 0:05 ` Kees Cook
2015-12-01 0:05 ` Kees Cook
2015-11-26 23:24 ` [PATCH v4 0/4] Allow customizable random offset to mmap_base address Daniel Cashman
2015-11-26 23:24 ` Daniel Cashman
2015-11-26 23:24 ` Daniel Cashman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=565DE4B4.5050305@android.com \
--to=dcashman@android.com \
--cc=aarcange@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=bp@suse.de \
--cc=catalin.marinas@arm.com \
--cc=corbet@lwn.net \
--cc=dcashman@google.com \
--cc=dzickus@redhat.com \
--cc=ebiederm@xmission.com \
--cc=hecmargi@upv.es \
--cc=hpa@zytor.com \
--cc=jeffv@google.com \
--cc=jpoimboe@redhat.com \
--cc=keescook@chromium.org \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux@arm.linux.org.uk \
--cc=mgorman@suse.de \
--cc=mingo@kernel.org \
--cc=n-horiguchi@ah.jp.nec.com \
--cc=nnk@google.com \
--cc=rientjes@google.com \
--cc=salyzyn@android.com \
--cc=tglx@linutronix.de \
--cc=will.deacon@arm.com \
--cc=x86@kernel.org \
--cc=xypron.glpk@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.