All of lore.kernel.org
 help / color / mirror / Atom feed
* + mm-mmap-add-new-proc-tunable-for-mmap_base-aslr-v4.patch added to -mm tree
@ 2015-11-30 23:58 akpm
  0 siblings, 0 replies; only message in thread
From: akpm @ 2015-11-30 23:58 UTC (permalink / raw)
  To: dcashman, aarcange, benh, bp, catalin.marinas, corbet, dzickus,
	ebiederm, hecmargi, hpa, jeffv, jpoimboe, keescook,
	kirill.shutemov, linux, mgorman, mingo, n-horiguchi, nnk, ralf,
	rientjes, salyzyn, tglx, will.deacon, xypron.glpk, mm-commits


The patch titled
     Subject: mm-mmap-add-new-proc-tunable-for-mmap_base-aslr-v4
has been added to the -mm tree.  Its filename is
     mm-mmap-add-new-proc-tunable-for-mmap_base-aslr-v4.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/mm-mmap-add-new-proc-tunable-for-mmap_base-aslr-v4.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/mm-mmap-add-new-proc-tunable-for-mmap_base-aslr-v4.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/SubmitChecklist when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Daniel Cashman <dcashman@android.com>
Subject: mm-mmap-add-new-proc-tunable-for-mmap_base-aslr-v4

ASLR  only uses as few as 8 bits to generate the random offset for the
mmap base address on 32 bit architectures. This value was chosen to
prevent a poorly chosen value from dividing the address space in such
a way as to prevent large allocations. This may not be an issue on all
platforms. Allow the specification of a minimum number of bits so that
platforms desiring greater ASLR protection may determine where to place
the trade-off.

Signed-off-by: Daniel Cashman <dcashman@android.com>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Kees Cook <keescook@chromium.org>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Don Zickus <dzickus@redhat.com>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Mel Gorman <mgorman@suse.de>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: David Rientjes <rientjes@google.com>
Cc: Mark Salyzyn <salyzyn@android.com>
Cc: Jeff Vander Stoep <jeffv@google.com>
Cc: Nick Kralevich <nnk@google.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Hector Marco-Gisbert <hecmargi@upv.es>
Cc: Borislav Petkov <bp@suse.de>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc; Heiko Carstens <heiko.carstens@de.ibm.com>
Cc; Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 Documentation/sysctl/vm.txt |    4 ++--
 arch/Kconfig                |    8 ++++++--
 include/linux/mm.h          |   12 ++++++------
 kernel/sysctl.c             |   12 ++++++------
 mm/mmap.c                   |   12 ++++++------
 5 files changed, 26 insertions(+), 22 deletions(-)

diff -puN Documentation/sysctl/vm.txt~mm-mmap-add-new-proc-tunable-for-mmap_base-aslr-v4 Documentation/sysctl/vm.txt
--- a/Documentation/sysctl/vm.txt~mm-mmap-add-new-proc-tunable-for-mmap_base-aslr-v4
+++ a/Documentation/sysctl/vm.txt
@@ -496,7 +496,7 @@ tuning address space randomization.  Thi
 by the architecture's minimum and maximum supported values.
 
 This value can be changed after boot using the
-/proc/sys/kernel/mmap_rnd_bits tunable
+/proc/sys/vm/mmap_rnd_bits tunable
 
 ==============================================================
 
@@ -510,7 +510,7 @@ space randomization.  This value will be
 architecture's minimum and maximum supported values.
 
 This value can be changed after boot using the
-/proc/sys/kernel/mmap_rnd_compat_bits tunable
+/proc/sys/vm/mmap_rnd_compat_bits tunable
 
 ==============================================================
 
diff -puN arch/Kconfig~mm-mmap-add-new-proc-tunable-for-mmap_base-aslr-v4 arch/Kconfig
--- a/arch/Kconfig~mm-mmap-add-new-proc-tunable-for-mmap_base-aslr-v4
+++ a/arch/Kconfig
@@ -542,7 +542,7 @@ config ARCH_MMAP_RND_BITS
 	  by the architecture's minimum and maximum supported values.
 
 	  This value can be changed after boot using the
-	  /proc/sys/kernel/mmap_rnd_bits tunable
+	  /proc/sys/vm/mmap_rnd_bits tunable
 
 config HAVE_ARCH_MMAP_RND_COMPAT_BITS
 	bool
@@ -560,9 +560,13 @@ config ARCH_MMAP_RND_COMPAT_BITS_MIN
 config ARCH_MMAP_RND_COMPAT_BITS_MAX
 	int
 
+config ARCH_MMAP_RND_COMPAT_BITS_DEFAULT
+	int
+
 config ARCH_MMAP_RND_COMPAT_BITS
 	int "Number of bits to use for ASLR of mmap base address for compatible applications" if EXPERT
 	range ARCH_MMAP_RND_COMPAT_BITS_MIN ARCH_MMAP_RND_COMPAT_BITS_MAX
+	default ARCH_MMAP_RND_COMPAT_BITS_DEFAULT if ARCH_MMAP_RND_COMPAT_BITS_DEFAULT
 	default ARCH_MMAP_RND_COMPAT_BITS_MIN
 	depends on HAVE_ARCH_MMAP_RND_COMPAT_BITS
 	help
@@ -573,7 +577,7 @@ config ARCH_MMAP_RND_COMPAT_BITS
 	  supported values.
 
 	  This value can be changed after boot using the
-	  /proc/sys/kernel/mmap_rnd_compat_bits tunable
+	  /proc/sys/vm/mmap_rnd_compat_bits tunable
 
 config HAVE_COPY_THREAD_TLS
 	bool
diff -puN include/linux/mm.h~mm-mmap-add-new-proc-tunable-for-mmap_base-aslr-v4 include/linux/mm.h
--- a/include/linux/mm.h~mm-mmap-add-new-proc-tunable-for-mmap_base-aslr-v4
+++ a/include/linux/mm.h
@@ -52,14 +52,14 @@ extern int sysctl_legacy_va_layout;
 #endif
 
 #ifdef CONFIG_HAVE_ARCH_MMAP_RND_BITS
-extern int mmap_rnd_bits_min;
-extern int mmap_rnd_bits_max;
-extern int mmap_rnd_bits;
+extern const int mmap_rnd_bits_min;
+extern const int mmap_rnd_bits_max;
+extern int mmap_rnd_bits __read_mostly;
 #endif
 #ifdef CONFIG_HAVE_ARCH_MMAP_RND_COMPAT_BITS
-extern int mmap_rnd_compat_bits_min;
-extern int mmap_rnd_compat_bits_max;
-extern int mmap_rnd_compat_bits;
+extern const int mmap_rnd_compat_bits_min;
+extern const int mmap_rnd_compat_bits_max;
+extern int mmap_rnd_compat_bits __read_mostly;
 #endif
 
 #include <asm/page.h>
diff -puN kernel/sysctl.c~mm-mmap-add-new-proc-tunable-for-mmap_base-aslr-v4 kernel/sysctl.c
--- a/kernel/sysctl.c~mm-mmap-add-new-proc-tunable-for-mmap_base-aslr-v4
+++ a/kernel/sysctl.c
@@ -1573,10 +1573,10 @@ static struct ctl_table vm_table[] = {
 		.procname	= "mmap_rnd_bits",
 		.data		= &mmap_rnd_bits,
 		.maxlen		= sizeof(mmap_rnd_bits),
-		.mode		= 0644,
+		.mode		= 0600,
 		.proc_handler	= proc_dointvec_minmax,
-		.extra1		= &mmap_rnd_bits_min,
-		.extra2		= &mmap_rnd_bits_max,
+		.extra1		= (void *) &mmap_rnd_bits_min,
+		.extra2		= (void *) &mmap_rnd_bits_max,
 	},
 #endif
 #ifdef CONFIG_HAVE_ARCH_MMAP_RND_COMPAT_BITS
@@ -1584,10 +1584,10 @@ static struct ctl_table vm_table[] = {
 		.procname	= "mmap_rnd_compat_bits",
 		.data		= &mmap_rnd_compat_bits,
 		.maxlen		= sizeof(mmap_rnd_compat_bits),
-		.mode		= 0644,
+		.mode		= 0600,
 		.proc_handler	= proc_dointvec_minmax,
-		.extra1		= &mmap_rnd_compat_bits_min,
-		.extra2		= &mmap_rnd_compat_bits_max,
+		.extra1		= (void *) &mmap_rnd_compat_bits_min,
+		.extra2		= (void *) &mmap_rnd_compat_bits_max,
 	},
 #endif
 	{ }
diff -puN mm/mmap.c~mm-mmap-add-new-proc-tunable-for-mmap_base-aslr-v4 mm/mmap.c
--- a/mm/mmap.c~mm-mmap-add-new-proc-tunable-for-mmap_base-aslr-v4
+++ a/mm/mmap.c
@@ -59,14 +59,14 @@
 #endif
 
 #ifdef CONFIG_HAVE_ARCH_MMAP_RND_BITS
-int mmap_rnd_bits_min = CONFIG_ARCH_MMAP_RND_BITS_MIN;
-int mmap_rnd_bits_max = CONFIG_ARCH_MMAP_RND_BITS_MAX;
-int mmap_rnd_bits = CONFIG_ARCH_MMAP_RND_BITS;
+const int mmap_rnd_bits_min = CONFIG_ARCH_MMAP_RND_BITS_MIN;
+const int mmap_rnd_bits_max = CONFIG_ARCH_MMAP_RND_BITS_MAX;
+int mmap_rnd_bits __read_mostly = CONFIG_ARCH_MMAP_RND_BITS;
 #endif
 #ifdef CONFIG_HAVE_ARCH_MMAP_RND_COMPAT_BITS
-int mmap_rnd_compat_bits_min = CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN;
-int mmap_rnd_compat_bits_max = CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX;
-int mmap_rnd_compat_bits = CONFIG_ARCH_MMAP_RND_COMPAT_BITS;
+const int mmap_rnd_compat_bits_min = CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN;
+const int mmap_rnd_compat_bits_max = CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX;
+int mmap_rnd_compat_bits __read_mostly = CONFIG_ARCH_MMAP_RND_COMPAT_BITS;
 #endif
 
 
_

Patches currently in -mm which might be from dcashman@android.com are

mm-mmap-add-new-proc-tunable-for-mmap_base-aslr-v4.patch
arm64-mm-support-arch_mmap_rnd_bits-v4.patch


^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2015-11-30 23:58 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-11-30 23:58 + mm-mmap-add-new-proc-tunable-for-mmap_base-aslr-v4.patch added to -mm tree akpm

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.