Hi Alexandre, On Wed, Apr 17, 2019 at 01:22:44AM -0400, Alexandre Ghiti wrote: > This commit takes care of stack randomization and stack guard gap when > computing mmap base address and checks if the task asked for randomization. > This fixes the problem uncovered and not fixed for mips here: > https://www.mail-archive.com/linux-kernel@xxxxxxxxxxxxxxx/msg1429066.html > > Signed-off-by: Alexandre Ghiti <alex@xxxxxxxx> For patches 8-10: Acked-by: Paul Burton <paul.burton@xxxxxxxx> Thanks for improving this, Paul > --- > arch/mips/mm/mmap.c | 14 ++++++++++++-- > 1 file changed, 12 insertions(+), 2 deletions(-) > > diff --git a/arch/mips/mm/mmap.c b/arch/mips/mm/mmap.c > index 2f616ebeb7e0..3ff82c6f7e24 100644 > --- a/arch/mips/mm/mmap.c > +++ b/arch/mips/mm/mmap.c > @@ -21,8 +21,9 @@ unsigned long shm_align_mask = PAGE_SIZE - 1; /* Sane caches */ > EXPORT_SYMBOL(shm_align_mask); > > /* gap between mmap and stack */ > -#define MIN_GAP (128*1024*1024UL) > -#define MAX_GAP ((TASK_SIZE)/6*5) > +#define MIN_GAP (128*1024*1024UL) > +#define MAX_GAP ((TASK_SIZE)/6*5) > +#define STACK_RND_MASK (0x7ff >> (PAGE_SHIFT - 12)) > > static int mmap_is_legacy(struct rlimit *rlim_stack) > { > @@ -38,6 +39,15 @@ static int mmap_is_legacy(struct rlimit *rlim_stack) > static unsigned long mmap_base(unsigned long rnd, struct rlimit *rlim_stack) > { > unsigned long gap = rlim_stack->rlim_cur; > + unsigned long pad = stack_guard_gap; > + > + /* Account for stack randomization if necessary */ > + if (current->flags & PF_RANDOMIZE) > + pad += (STACK_RND_MASK << PAGE_SHIFT); > + > + /* Values close to RLIM_INFINITY can overflow. */ > + if (gap + pad > gap) > + gap += pad; > > if (gap < MIN_GAP) > gap = MIN_GAP; > -- > 2.20.1 >
