From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753403AbcCLPQ7 (ORCPT ); Sat, 12 Mar 2016 10:16:59 -0500 Received: from torg.zytor.com ([198.137.202.12]:35992 "EHLO terminus.zytor.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1753098AbcCLPQm (ORCPT ); Sat, 12 Mar 2016 10:16:42 -0500 Date: Sat, 12 Mar 2016 07:15:38 -0800 From: tip-bot for Hector Marco-Gisbert Message-ID: Cc: arjan@linux.intel.com, mingo@kernel.org, iripoll@upv.es, keescook@chromium.org, linux-kernel@vger.kernel.org, hpa@zytor.com, tglx@linutronix.de, hecmargi@upv.es, peterz@infradead.org, torvalds@linux-foundation.org Reply-To: arjan@linux.intel.com, mingo@kernel.org, keescook@chromium.org, iripoll@upv.es, hpa@zytor.com, linux-kernel@vger.kernel.org, peterz@infradead.org, hecmargi@upv.es, tglx@linutronix.de, torvalds@linux-foundation.org In-Reply-To: <1457639460-5242-1-git-send-email-hecmargi@upv.es> References: <1457639460-5242-1-git-send-email-hecmargi@upv.es> To: linux-tip-commits@vger.kernel.org Subject: [tip:x86/mm] x86/mm/32: Enable full randomization on i386 and X86_32 Git-Commit-ID: 8b8addf891de8a00e4d39fc32f93f7c5eb8feceb X-Mailer: tip-git-log-daemon Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 Content-Disposition: inline Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Commit-ID: 8b8addf891de8a00e4d39fc32f93f7c5eb8feceb Gitweb: http://git.kernel.org/tip/8b8addf891de8a00e4d39fc32f93f7c5eb8feceb Author: Hector Marco-Gisbert AuthorDate: Thu, 10 Mar 2016 20:51:00 +0100 Committer: Ingo Molnar CommitDate: Fri, 11 Mar 2016 09:53:19 +0100 x86/mm/32: Enable full randomization on i386 and X86_32 Currently on i386 and on X86_64 when emulating X86_32 in legacy mode, only the stack and the executable are randomized but not other mmapped files (libraries, vDSO, etc.). This patch enables randomization for the libraries, vDSO and mmap requests on i386 and in X86_32 in legacy mode. By default on i386 there are 8 bits for the randomization of the libraries, vDSO and mmaps which only uses 1MB of VA. This patch preserves the original randomness, using 1MB of VA out of 3GB or 4GB. We think that 1MB out of 3GB is not a big cost for having the ASLR. The first obvious security benefit is that all objects are randomized (not only the stack and the executable) in legacy mode which highly increases the ASLR effectiveness, otherwise the attackers may use these non-randomized areas. But also sensitive setuid/setgid applications are more secure because currently, attackers can disable the randomization of these applications by setting the ulimit stack to "unlimited". This is a very old and widely known trick to disable the ASLR in i386 which has been allowed for too long. Another trick used to disable the ASLR was to set the ADDR_NO_RANDOMIZE personality flag, but fortunately this doesn't work on setuid/setgid applications because there is security checks which clear Security-relevant flags. This patch always randomizes the mmap_legacy_base address, removing the possibility to disable the ASLR by setting the stack to "unlimited". Signed-off-by: Hector Marco-Gisbert Acked-by: Ismael Ripoll Ripoll Acked-by: Kees Cook Acked-by: Arjan van de Ven Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: akpm@linux-foundation.org Cc: kees Cook Link: http://lkml.kernel.org/r/1457639460-5242-1-git-send-email-hecmargi@upv.es Signed-off-by: Ingo Molnar --- arch/x86/mm/mmap.c | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c index 96bd1e2..389939f 100644 --- a/arch/x86/mm/mmap.c +++ b/arch/x86/mm/mmap.c @@ -94,18 +94,6 @@ static unsigned long mmap_base(unsigned long rnd) } /* - * Bottom-up (legacy) layout on X86_32 did not support randomization, X86_64 - * does, but not when emulating X86_32 - */ -static unsigned long mmap_legacy_base(unsigned long rnd) -{ - if (mmap_is_ia32()) - return TASK_UNMAPPED_BASE; - else - return TASK_UNMAPPED_BASE + rnd; -} - -/* * This function, called very early during the creation of a new * process VM image, sets up which VM layout function to use: */ @@ -116,7 +104,7 @@ void arch_pick_mmap_layout(struct mm_struct *mm) if (current->flags & PF_RANDOMIZE) random_factor = arch_mmap_rnd(); - mm->mmap_legacy_base = mmap_legacy_base(random_factor); + mm->mmap_legacy_base = TASK_UNMAPPED_BASE + random_factor; if (mmap_is_legacy()) { mm->mmap_base = mm->mmap_legacy_base;