From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ozlabs.org (ozlabs.org [IPv6:2401:3900:2:1::2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 3wBYtJ3cfnzDq7W for ; Tue, 25 Apr 2017 03:56:08 +1000 (AEST) Received: from ozlabs.org (ozlabs.org [103.22.144.67]) by bilbo.ozlabs.org (Postfix) with ESMTP id 3wBYtJ2Rttz8t08 for ; Tue, 25 Apr 2017 03:56:08 +1000 (AEST) Received: from mail-io0-x235.google.com (mail-io0-x235.google.com [IPv6:2607:f8b0:4001:c06::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3wBYtH0n8Fz9sMN for ; Tue, 25 Apr 2017 03:56:06 +1000 (AEST) Received: by mail-io0-x235.google.com with SMTP id k87so200896977ioi.0 for ; Mon, 24 Apr 2017 10:56:06 -0700 (PDT) MIME-Version: 1.0 Sender: keescook@google.com In-Reply-To: <8737cxswuk.fsf@concordia.ellerman.id.au> References: <1492698980-19510-1-git-send-email-mpe@ellerman.id.au> <1492995750.2418.4.camel@gmail.com> <8737cxswuk.fsf@concordia.ellerman.id.au> From: Kees Cook Date: Mon, 24 Apr 2017 10:56:04 -0700 Message-ID: Subject: Re: [kernel-hardening] Re: [PATCH v2] powerpc/mm: Add support for runtime configuration of ASLR limits To: Michael Ellerman Cc: Balbir Singh , "linuxppc-dev@ozlabs.org" , Bhupesh Sharma , "kernel-hardening@lists.openwall.com" Content-Type: text/plain; charset=UTF-8 List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , On Mon, Apr 24, 2017 at 7:29 AM, Michael Ellerman wrote: > Balbir Singh writes: > >> On Fri, 2017-04-21 at 00:36 +1000, Michael Ellerman wrote: >>> Add powerpc support for mmap_rnd_bits and mmap_rnd_compat_bits, which are two >>> sysctls that allow a user to configure the number of bits of randomness used for >>> ASLR. > ... >> >> Could we please suggest that this should not be sent to stable or back-ported >> as the 128T default is new? > > I'm not sure I follow. I didn't tag it for stable. Do you mean we should > explicitly mark it as not-for-stable? > > If someone sends it to stable@vger I'll be pinged before it goes in and > nak it, if someone wants to backport it (incorrectly) to their own tree > then good luck to them :) > >>> diff --git a/arch/powerpc/mm/mmap.c b/arch/powerpc/mm/mmap.c >>> index a5d9ef59debe..6141cfff634e 100644 >>> --- a/arch/powerpc/mm/mmap.c >>> +++ b/arch/powerpc/mm/mmap.c >>> @@ -59,13 +59,14 @@ static inline int mmap_is_legacy(void) >>> >>> unsigned long arch_mmap_rnd(void) >>> { >>> - unsigned long rnd; >>> + unsigned long shift, rnd; >>> >>> - /* 8MB for 32bit, 1GB for 64bit */ >>> + shift = mmap_rnd_bits; >>> +#ifdef CONFIG_COMPAT >>> if (is_32bit_task()) >>> - rnd = get_random_long() % (1<<(23-PAGE_SHIFT)); >>> - else >>> - rnd = get_random_long() % (1UL<<(30-PAGE_SHIFT)); >>> + shift = mmap_rnd_compat_bits; >>> +#endif >>> + rnd = get_random_long() % (1 << shift); >> >> Nitpick, 1 should be 1UL? Nice catch! > No, shift can only be 29 at most IIRC? The largest value in the kconfigs is 33? > But it's a bit fragile, so I'll change it. Thanks! -Kees -- Kees Cook Pixel Security