The patch titled
Subject: mm-mmap-add-new-proc-tunable-for-mmap_base-aslr-v4
has been added to the -mm tree. Its filename is
mm-mmap-add-new-proc-tunable-for-mmap_base-aslr-v4.patch
This patch should soon appear at
http://ozlabs.org/~akpm/mmots/broken-out/mm-mmap-add-new-proc-tunable-for-mmap_base-aslr-v4.patch
and later at
http://ozlabs.org/~akpm/mmotm/broken-out/mm-mmap-add-new-proc-tunable-for-mmap_base-aslr-v4.patch
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/SubmitChecklist when testing your code ***
The -mm tree is included into linux-next and is updated
there every 3-4 working days
------------------------------------------------------
From: Daniel Cashman <dcashman@xxxxxxxxxxx>
Subject: mm-mmap-add-new-proc-tunable-for-mmap_base-aslr-v4
ASLR only uses as few as 8 bits to generate the random offset for the
mmap base address on 32 bit architectures. This value was chosen to
prevent a poorly chosen value from dividing the address space in such
a way as to prevent large allocations. This may not be an issue on all
platforms. Allow the specification of a minimum number of bits so that
platforms desiring greater ASLR protection may determine where to place
the trade-off.
Signed-off-by: Daniel Cashman <dcashman@xxxxxxxxxxx>
Cc: Russell King <linux@xxxxxxxxxxxxxxxx>
Cc: Kees Cook <keescook@xxxxxxxxxxxx>
Cc: Ingo Molnar <mingo@xxxxxxxxxx>
Cc: Jonathan Corbet <corbet@xxxxxxx>
Cc: Don Zickus <dzickus@xxxxxxxxxx>
Cc: Eric W. Biederman <ebiederm@xxxxxxxxxxxx>
Cc: Heinrich Schuchardt <xypron.glpk@xxxxxx>
Cc: Josh Poimboeuf <jpoimboe@xxxxxxxxxx>
Cc: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx>
Cc: Naoya Horiguchi <n-horiguchi@xxxxxxxxxxxxx>
Cc: Andrea Arcangeli <aarcange@xxxxxxxxxx>
Cc: Mel Gorman <mgorman@xxxxxxx>
Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Cc: David Rientjes <rientjes@xxxxxxxxxx>
Cc: Mark Salyzyn <salyzyn@xxxxxxxxxxx>
Cc: Jeff Vander Stoep <jeffv@xxxxxxxxxx>
Cc: Nick Kralevich <nnk@xxxxxxxxxx>
Cc: Catalin Marinas <catalin.marinas@xxxxxxx>
Cc: Will Deacon <will.deacon@xxxxxxx>
Cc: "H. Peter Anvin" <hpa@xxxxxxxxx>
Cc: Hector Marco-Gisbert <hecmargi@xxxxxx>
Cc: Borislav Petkov <bp@xxxxxxx>
Cc: Ralf Baechle <ralf@xxxxxxxxxxxxxx>
Cc; Heiko Carstens <heiko.carstens@xxxxxxxxxx>
Cc; Martin Schwidefsky <schwidefsky@xxxxxxxxxx>
Cc: Benjamin Herrenschmidt <benh@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
Documentation/sysctl/vm.txt | 4 ++--
arch/Kconfig | 8 ++++++--
include/linux/mm.h | 12 ++++++------
kernel/sysctl.c | 12 ++++++------
mm/mmap.c | 12 ++++++------
5 files changed, 26 insertions(+), 22 deletions(-)
diff -puN Documentation/sysctl/vm.txt~mm-mmap-add-new-proc-tunable-for-mmap_base-aslr-v4 Documentation/sysctl/vm.txt
--- a/Documentation/sysctl/vm.txt~mm-mmap-add-new-proc-tunable-for-mmap_base-aslr-v4
+++ a/Documentation/sysctl/vm.txt
@@ -496,7 +496,7 @@ tuning address space randomization. Thi
by the architecture's minimum and maximum supported values.
This value can be changed after boot using the
-/proc/sys/kernel/mmap_rnd_bits tunable
+/proc/sys/vm/mmap_rnd_bits tunable
==============================================================
@@ -510,7 +510,7 @@ space randomization. This value will be
architecture's minimum and maximum supported values.
This value can be changed after boot using the
-/proc/sys/kernel/mmap_rnd_compat_bits tunable
+/proc/sys/vm/mmap_rnd_compat_bits tunable
==============================================================
diff -puN arch/Kconfig~mm-mmap-add-new-proc-tunable-for-mmap_base-aslr-v4 arch/Kconfig
--- a/arch/Kconfig~mm-mmap-add-new-proc-tunable-for-mmap_base-aslr-v4
+++ a/arch/Kconfig
@@ -542,7 +542,7 @@ config ARCH_MMAP_RND_BITS
by the architecture's minimum and maximum supported values.
This value can be changed after boot using the
- /proc/sys/kernel/mmap_rnd_bits tunable
+ /proc/sys/vm/mmap_rnd_bits tunable
config HAVE_ARCH_MMAP_RND_COMPAT_BITS
bool
@@ -560,9 +560,13 @@ config ARCH_MMAP_RND_COMPAT_BITS_MIN
config ARCH_MMAP_RND_COMPAT_BITS_MAX
int
+config ARCH_MMAP_RND_COMPAT_BITS_DEFAULT
+ int
+
config ARCH_MMAP_RND_COMPAT_BITS
int "Number of bits to use for ASLR of mmap base address for compatible applications" if EXPERT
range ARCH_MMAP_RND_COMPAT_BITS_MIN ARCH_MMAP_RND_COMPAT_BITS_MAX
+ default ARCH_MMAP_RND_COMPAT_BITS_DEFAULT if ARCH_MMAP_RND_COMPAT_BITS_DEFAULT
default ARCH_MMAP_RND_COMPAT_BITS_MIN
depends on HAVE_ARCH_MMAP_RND_COMPAT_BITS
help
@@ -573,7 +577,7 @@ config ARCH_MMAP_RND_COMPAT_BITS
supported values.
This value can be changed after boot using the
- /proc/sys/kernel/mmap_rnd_compat_bits tunable
+ /proc/sys/vm/mmap_rnd_compat_bits tunable
config HAVE_COPY_THREAD_TLS
bool
diff -puN include/linux/mm.h~mm-mmap-add-new-proc-tunable-for-mmap_base-aslr-v4 include/linux/mm.h
--- a/include/linux/mm.h~mm-mmap-add-new-proc-tunable-for-mmap_base-aslr-v4
+++ a/include/linux/mm.h
@@ -52,14 +52,14 @@ extern int sysctl_legacy_va_layout;
#endif
#ifdef CONFIG_HAVE_ARCH_MMAP_RND_BITS
-extern int mmap_rnd_bits_min;
-extern int mmap_rnd_bits_max;
-extern int mmap_rnd_bits;
+extern const int mmap_rnd_bits_min;
+extern const int mmap_rnd_bits_max;
+extern int mmap_rnd_bits __read_mostly;
#endif
#ifdef CONFIG_HAVE_ARCH_MMAP_RND_COMPAT_BITS
-extern int mmap_rnd_compat_bits_min;
-extern int mmap_rnd_compat_bits_max;
-extern int mmap_rnd_compat_bits;
+extern const int mmap_rnd_compat_bits_min;
+extern const int mmap_rnd_compat_bits_max;
+extern int mmap_rnd_compat_bits __read_mostly;
#endif
#include <asm/page.h>
diff -puN kernel/sysctl.c~mm-mmap-add-new-proc-tunable-for-mmap_base-aslr-v4 kernel/sysctl.c
--- a/kernel/sysctl.c~mm-mmap-add-new-proc-tunable-for-mmap_base-aslr-v4
+++ a/kernel/sysctl.c
@@ -1573,10 +1573,10 @@ static struct ctl_table vm_table[] = {
.procname = "mmap_rnd_bits",
.data = &mmap_rnd_bits,
.maxlen = sizeof(mmap_rnd_bits),
- .mode = 0644,
+ .mode = 0600,
.proc_handler = proc_dointvec_minmax,
- .extra1 = &mmap_rnd_bits_min,
- .extra2 = &mmap_rnd_bits_max,
+ .extra1 = (void *) &mmap_rnd_bits_min,
+ .extra2 = (void *) &mmap_rnd_bits_max,
},
#endif
#ifdef CONFIG_HAVE_ARCH_MMAP_RND_COMPAT_BITS
@@ -1584,10 +1584,10 @@ static struct ctl_table vm_table[] = {
.procname = "mmap_rnd_compat_bits",
.data = &mmap_rnd_compat_bits,
.maxlen = sizeof(mmap_rnd_compat_bits),
- .mode = 0644,
+ .mode = 0600,
.proc_handler = proc_dointvec_minmax,
- .extra1 = &mmap_rnd_compat_bits_min,
- .extra2 = &mmap_rnd_compat_bits_max,
+ .extra1 = (void *) &mmap_rnd_compat_bits_min,
+ .extra2 = (void *) &mmap_rnd_compat_bits_max,
},
#endif
{ }
diff -puN mm/mmap.c~mm-mmap-add-new-proc-tunable-for-mmap_base-aslr-v4 mm/mmap.c
--- a/mm/mmap.c~mm-mmap-add-new-proc-tunable-for-mmap_base-aslr-v4
+++ a/mm/mmap.c
@@ -59,14 +59,14 @@
#endif
#ifdef CONFIG_HAVE_ARCH_MMAP_RND_BITS
-int mmap_rnd_bits_min = CONFIG_ARCH_MMAP_RND_BITS_MIN;
-int mmap_rnd_bits_max = CONFIG_ARCH_MMAP_RND_BITS_MAX;
-int mmap_rnd_bits = CONFIG_ARCH_MMAP_RND_BITS;
+const int mmap_rnd_bits_min = CONFIG_ARCH_MMAP_RND_BITS_MIN;
+const int mmap_rnd_bits_max = CONFIG_ARCH_MMAP_RND_BITS_MAX;
+int mmap_rnd_bits __read_mostly = CONFIG_ARCH_MMAP_RND_BITS;
#endif
#ifdef CONFIG_HAVE_ARCH_MMAP_RND_COMPAT_BITS
-int mmap_rnd_compat_bits_min = CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN;
-int mmap_rnd_compat_bits_max = CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX;
-int mmap_rnd_compat_bits = CONFIG_ARCH_MMAP_RND_COMPAT_BITS;
+const int mmap_rnd_compat_bits_min = CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN;
+const int mmap_rnd_compat_bits_max = CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX;
+int mmap_rnd_compat_bits __read_mostly = CONFIG_ARCH_MMAP_RND_COMPAT_BITS;
#endif
_
Patches currently in -mm which might be from dcashman@xxxxxxxxxxx are
mm-mmap-add-new-proc-tunable-for-mmap_base-aslr-v4.patch
arm64-mm-support-arch_mmap_rnd_bits-v4.patch
--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
