Re: [RFC PATCH v2 0/2] Randomization of address chosen by mmap.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: Ilya Smith <blackzert@xxxxxxxxx>
- Subject: Re: [RFC PATCH v2 0/2] Randomization of address chosen by mmap.
- From: Michal Hocko <mhocko@xxxxxxxxxx>
- Date: Mon, 26 Mar 2018 10:46:50 +0200
- Cc: Matthew Wilcox <willy@xxxxxxxxxxxxx>, rth@xxxxxxxxxxx, ink@xxxxxxxxxxxxxxxxxxxx, mattst88@xxxxxxxxx, vgupta@xxxxxxxxxxxx, linux@xxxxxxxxxxxxxxx, tony.luck@xxxxxxxxx, fenghua.yu@xxxxxxxxx, ralf@xxxxxxxxxxxxxx, jejb@xxxxxxxxxxxxxxxx, Helge Deller <deller@xxxxxx>, benh@xxxxxxxxxxxxxxxxxxx, paulus@xxxxxxxxx, mpe@xxxxxxxxxxxxxx, schwidefsky@xxxxxxxxxx, heiko.carstens@xxxxxxxxxx, ysato@xxxxxxxxxxxxxxxxxxxx, dalias@xxxxxxxx, davem@xxxxxxxxxxxxx, tglx@xxxxxxxxxxxxx, mingo@xxxxxxxxxx, hpa@xxxxxxxxx, x86@xxxxxxxxxx, nyc@xxxxxxxxxxxxxx, viro@xxxxxxxxxxxxxxxxxx, arnd@xxxxxxxx, gregkh@xxxxxxxxxxxxxxxxxxx, deepa.kernel@xxxxxxxxx, Hugh Dickins <hughd@xxxxxxxxxx>, kstewart@xxxxxxxxxxxxxxxxxxx, pombredanne@xxxxxxxx, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, steve.capper@xxxxxxx, punit.agrawal@xxxxxxx, aneesh.kumar@xxxxxxxxxxxxxxxxxx, npiggin@xxxxxxxxx, Kees Cook <keescook@xxxxxxxxxxxx>, bhsharma@xxxxxxxxxx, riel@xxxxxxxxxx, nitin.m.gupta@xxxxxxxxxx, "Kirill A. Shutemov" <kirill.shutemov@xxxxxxxxxxxxxxx>, Dan Williams <dan.j.williams@xxxxxxxxx>, Jan Kara <jack@xxxxxxx>, ross.zwisler@xxxxxxxxxxxxxxx, Jerome Glisse <jglisse@xxxxxxxxxx>, Andrea Arcangeli <aarcange@xxxxxxxxxx>, Oleg Nesterov <oleg@xxxxxxxxxx>, linux-alpha@xxxxxxxxxxxxxxx, LKML <linux-kernel@xxxxxxxxxxxxxxx>, linux-snps-arc@xxxxxxxxxxxxxxxxxxx, linux-ia64@xxxxxxxxxxxxxxx, linux-metag@xxxxxxxxxxxxxxx, linux-mips@xxxxxxxxxxxxxx, linux-parisc@xxxxxxxxxxxxxxx, linuxppc-dev@xxxxxxxxxxxxxxxx, linux-s390@xxxxxxxxxxxxxxx, linux-sh@xxxxxxxxxxxxxxx, sparclinux@xxxxxxxxxxxxxxx, Linux-MM <linux-mm@xxxxxxxxx>
- In-reply-to: <651E0DB6-4507-4DA1-AD46-9C26ED9792A8@gmail.com>
- References: <1521736598-12812-1-git-send-email-blackzert@gmail.com> <20180323124806.GA5624@bombadil.infradead.org> <651E0DB6-4507-4DA1-AD46-9C26ED9792A8@gmail.com>
- User-agent: Mutt/1.9.4 (2018-02-28)
On Fri 23-03-18 20:55:49, Ilya Smith wrote:
>
> > On 23 Mar 2018, at 15:48, Matthew Wilcox <willy@xxxxxxxxxxxxx> wrote:
> >
> > On Thu, Mar 22, 2018 at 07:36:36PM +0300, Ilya Smith wrote:
> >> Current implementation doesn't randomize address returned by mmap.
> >> All the entropy ends with choosing mmap_base_addr at the process
> >> creation. After that mmap build very predictable layout of address
> >> space. It allows to bypass ASLR in many cases. This patch make
> >> randomization of address on any mmap call.
> >
> > Why should this be done in the kernel rather than libc? libc is perfectly
> > capable of specifying random numbers in the first argument of mmap.
> Well, there is following reasons:
> 1. It should be done in any libc implementation, what is not possible IMO;
Is this really so helpful?
> 2. User mode is not that layer which should be responsible for choosing
> random address or handling entropy;
Why?
> 3. Memory fragmentation is unpredictable in this case
>
> Off course user mode could use random ‘hint’ address, but kernel may
> discard this address if it is occupied for example and allocate just before
> closest vma. So this solution doesn’t give that much security like
> randomization address inside kernel.
The userspace can use the new MAP_FIXED_NOREPLACE to probe for the
address range atomically and chose a different range on failure.
--
Michal Hocko
SUSE Labs
--
To unsubscribe from this list: send the line "unsubscribe linux-ia64" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
[Index of Archives]
[Linux Kernel]
[Sparc Linux]
[DCCP]
[Linux ARM]
[Yosemite News]
[Linux SCSI]
[Linux x86_64]
[Linux for Ham Radio]
