Re: [PATCH v6 09/14] mips: Properly account for stack randomization and stack guard gap

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 8/8/19 11:16 AM, Sergei Shtylyov wrote:
Hello!

On 08.08.2019 9:17, Alexandre Ghiti wrote:

This commit takes care of stack randomization and stack guard gap when
computing mmap base address and checks if the task asked for randomization.

This fixes the problem uncovered and not fixed for arm here:
https://lkml.kernel.org/r/20170622200033.25714-1-riel@xxxxxxxxxx

Signed-off-by: Alexandre Ghiti <alex@xxxxxxxx>
Acked-by: Kees Cook <keescook@xxxxxxxxxxxx>
Acked-by: Paul Burton <paul.burton@xxxxxxxx>
Reviewed-by: Luis Chamberlain <mcgrof@xxxxxxxxxx>
---
  arch/mips/mm/mmap.c | 14 ++++++++++++--
  1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/arch/mips/mm/mmap.c b/arch/mips/mm/mmap.c
index d79f2b432318..f5c778113384 100644
--- a/arch/mips/mm/mmap.c
+++ b/arch/mips/mm/mmap.c
@@ -21,8 +21,9 @@ unsigned long shm_align_mask = PAGE_SIZE - 1;    /* Sane caches */
  EXPORT_SYMBOL(shm_align_mask);
    /* gap between mmap and stack */
-#define MIN_GAP (128*1024*1024UL)
-#define MAX_GAP ((TASK_SIZE)/6*5)
+#define MIN_GAP        (128*1024*1024UL)
+#define MAX_GAP        ((TASK_SIZE)/6*5)

   Could add spaces around *, while touching this anyway? And parens
around TASK_SIZE shouldn't be needed...


I did not fix checkpatch warnings here since this code gets removed afterwards.


+#define STACK_RND_MASK    (0x7ff >> (PAGE_SHIFT - 12))
    static int mmap_is_legacy(struct rlimit *rlim_stack)
  {
@@ -38,6 +39,15 @@ static int mmap_is_legacy(struct rlimit *rlim_stack)
  static unsigned long mmap_base(unsigned long rnd, struct rlimit *rlim_stack)
  {
      unsigned long gap = rlim_stack->rlim_cur;
+    unsigned long pad = stack_guard_gap;
+
+    /* Account for stack randomization if necessary */
+    if (current->flags & PF_RANDOMIZE)
+        pad += (STACK_RND_MASK << PAGE_SHIFT);

   Parens not needed here.


Belt and braces approach here as I'm never sure about priorities.

Thanks for your time,

Alex



+
+    /* Values close to RLIM_INFINITY can overflow. */
+    if (gap + pad > gap)
+        gap += pad;
        if (gap < MIN_GAP)
          gap = MIN_GAP;



_______________________________________________
linux-riscv mailing list
linux-riscv@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/linux-riscv




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux