From: Daniel Cashman <dcashman@...>
commit 9e08f57d684ac2f40685f55f659564bfd91a971e upstream.
x86: arch_mmap_rnd() uses hard-coded values, 8 for 32-bit and 28 for
64-bit, to generate the random offset for the mmap base address. This
value represents a compromise between increased ASLR effectiveness and
avoiding address-space fragmentation. Replace it with a Kconfig option,
which is sensibly bounded, so that platform developers may choose where
to place this compromise. Keep default values as new minimums.
Signed-off-by: Daniel Cashman <dcashman@...>
Cc: Russell King <linux@...>
Acked-by: Kees Cook <keescook@...>
Cc: Ingo Molnar <mingo@...>
Cc: Jonathan Corbet <corbet@...>
Cc: Don Zickus <dzickus@...>
Cc: Eric W. Biederman <ebiederm@...>
Cc: Heinrich Schuchardt <xypron.glpk@...>
Cc: Josh Poimboeuf <jpoimboe@...>
Cc: Kirill A. Shutemov <kirill.shutemov@...>
Cc: Naoya Horiguchi <n-horiguchi@...>
Cc: Andrea Arcangeli <aarcange@...>
Cc: Mel Gorman <mgorman@...>
Cc: Thomas Gleixner <tglx@...>
Cc: David Rientjes <rientjes@...>
Cc: Mark Salyzyn <salyzyn@...>
Cc: Jeff Vander Stoep <jeffv@...>
Cc: Nick Kralevich <nnk@...>
Cc: Catalin Marinas <catalin.marinas@...>
Cc: Will Deacon <will.deacon@...>
Cc: "H. Peter Anvin" <hpa@...>
Cc: Hector Marco-Gisbert <hecmargi@...>
Cc: Borislav Petkov <bp@...>
Cc: Ralf Baechle <ralf@...>
Cc: Heiko Carstens <heiko.carstens@...>
Cc: Martin Schwidefsky <schwidefsky@...>
Cc: Benjamin Herrenschmidt <benh@...>
Signed-off-by: Andrew Morton <akpm@...>
Signed-off-by: Linus Torvalds <torvalds@...>
Signed-off-by: Ben Hutchings <ben.hutchings@...>
---
arch/x86/Kconfig | 16 ++++++++++++++++
arch/x86/mm/mmap.c | 12 ++++++------
2 files changed, 22 insertions(+), 6 deletions(-)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 436639a31624..ffbfa85271a3 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -82,6 +82,8 @@ config X86
select HAVE_ARCH_KASAN if X86_64 && SPARSEMEM_VMEMMAP
select HAVE_ARCH_KGDB
select HAVE_ARCH_KMEMCHECK
+ select HAVE_ARCH_MMAP_RND_BITS if MMU
+ select HAVE_ARCH_MMAP_RND_COMPAT_BITS if MMU && COMPAT
select HAVE_ARCH_SECCOMP_FILTER
select HAVE_ARCH_SOFT_DIRTY if X86_64
select HAVE_ARCH_TRACEHOOK
@@ -183,6 +185,20 @@ config HAVE_LATENCYTOP_SUPPORT
config MMU
def_bool y
+config ARCH_MMAP_RND_BITS_MIN
+ default 28 if 64BIT
+ default 8
+
+config ARCH_MMAP_RND_BITS_MAX
+ default 32 if 64BIT
+ default 16
+
+config ARCH_MMAP_RND_COMPAT_BITS_MIN
+ default 8
+
+config ARCH_MMAP_RND_COMPAT_BITS_MAX
+ default 16
+
config SBUS
bool
diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c
index 307f60ecfc6d..389939f74dd5 100644
--- a/arch/x86/mm/mmap.c
+++ b/arch/x86/mm/mmap.c
@@ -69,14 +69,14 @@ unsigned long arch_mmap_rnd(void)
{
unsigned long rnd;
- /*
- * 8 bits of randomness in 32bit mmaps, 20 address space bits
- * 28 bits of randomness in 64bit mmaps, 40 address space bits
- */
if (mmap_is_ia32())
- rnd = (unsigned long)get_random_int() % (1<<8);
+#ifdef CONFIG_COMPAT
+ rnd = (unsigned long)get_random_int() & ((1 << mmap_rnd_compat_bits) - 1);
+#else
+ rnd = (unsigned long)get_random_int() & ((1 << mmap_rnd_bits) - 1);
+#endif
else
- rnd = (unsigned long)get_random_int() % (1<<28);
+ rnd = (unsigned long)get_random_int() & ((1 << mmap_rnd_bits) - 1);
return rnd << PAGE_SHIFT;
}
--
2.10.2
--
Ben Hutchings
Software Developer, Codethink Ltd.
