On Fri 23-03-18 20:55:49, Ilya Smith wrote: > > > On 23 Mar 2018, at 15:48, Matthew Wilcox <willy at infradead.org> wrote: > > > > On Thu, Mar 22, 2018 at 07:36:36PM +0300, Ilya Smith wrote: > >> Current implementation doesn't randomize address returned by mmap. > >> All the entropy ends with choosing mmap_base_addr at the process > >> creation. After that mmap build very predictable layout of address > >> space. It allows to bypass ASLR in many cases. This patch make > >> randomization of address on any mmap call. > > > > Why should this be done in the kernel rather than libc? libc is perfectly > > capable of specifying random numbers in the first argument of mmap. > Well, there is following reasons: > 1. It should be done in any libc implementation, what is not possible IMO; Is this really so helpful? > 2. User mode is not that layer which should be responsible for choosing > random address or handling entropy; Why? > 3. Memory fragmentation is unpredictable in this case > > Off course user mode could use random ?hint? address, but kernel may > discard this address if it is occupied for example and allocate just before > closest vma. So this solution doesn?t give that much security like > randomization address inside kernel. The userspace can use the new MAP_FIXED_NOREPLACE to probe for the address range atomically and chose a different range on failure. -- Michal Hocko SUSE Labs
