The patch titled
Subject: arm64, mm: make randomization selected by generic topdown mmap layout
has been added to the -mm tree. Its filename is
arm64-mm-make-randomization-selected-by-generic-topdown-mmap-layout.patch
This patch should soon appear at
http://ozlabs.org/~akpm/mmots/broken-out/arm64-mm-make-randomization-selected-by-generic-topdown-mmap-layout.patch
and later at
http://ozlabs.org/~akpm/mmotm/broken-out/arm64-mm-make-randomization-selected-by-generic-topdown-mmap-layout.patch
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next and is updated
there every 3-4 working days
------------------------------------------------------
From: Alexandre Ghiti <alex@xxxxxxxx>
Subject: arm64, mm: make randomization selected by generic topdown mmap layout
This commits selects ARCH_HAS_ELF_RANDOMIZE when an arch uses the generic
topdown mmap layout functions so that this security feature is on by
default.
Note that this commit also removes the possibility for arm64 to have elf
randomization and no MMU: without MMU, the security added by randomization
is worth nothing.
Link: http://lkml.kernel.org/r/20190730055113.23635-6-alex@xxxxxxxx
Signed-off-by: Alexandre Ghiti <alex@xxxxxxxx>
Acked-by: Catalin Marinas <catalin.marinas@xxxxxxx>
Acked-by: Kees Cook <keescook@xxxxxxxxxxxx>
Reviewed-by: Christoph Hellwig <hch@xxxxxx>
Reviewed-by: Luis Chamberlain <mcgrof@xxxxxxxxxx>
Cc: Albert Ou <aou@xxxxxxxxxxxxxxxxx>
Cc: Alexander Viro <viro@xxxxxxxxxxxxxxxxxx>
Cc: Christoph Hellwig <hch@xxxxxxxxxxxxx>
Cc: James Hogan <jhogan@xxxxxxxxxx>
Cc: Palmer Dabbelt <palmer@xxxxxxxxxx>
Cc: Paul Burton <paul.burton@xxxxxxxx>
Cc: Ralf Baechle <ralf@xxxxxxxxxxxxxx>
Cc: Russell King <linux@xxxxxxxxxxxxxxx>
Cc: Will Deacon <will.deacon@xxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
arch/Kconfig | 1 +
arch/arm64/Kconfig | 1 -
arch/arm64/kernel/process.c | 8 --------
mm/util.c | 11 +++++++++--
4 files changed, 10 insertions(+), 11 deletions(-)
--- a/arch/arm64/Kconfig~arm64-mm-make-randomization-selected-by-generic-topdown-mmap-layout
+++ a/arch/arm64/Kconfig
@@ -16,7 +16,6 @@ config ARM64
select ARCH_HAS_DMA_MMAP_PGPROT
select ARCH_HAS_DMA_PREP_COHERENT
select ARCH_HAS_ACPI_TABLE_UPGRADE if ACPI
- select ARCH_HAS_ELF_RANDOMIZE
select ARCH_HAS_FAST_MULTIPLIER
select ARCH_HAS_FORTIFY_SOURCE
select ARCH_HAS_GCOV_PROFILE_ALL
--- a/arch/arm64/kernel/process.c~arm64-mm-make-randomization-selected-by-generic-topdown-mmap-layout
+++ a/arch/arm64/kernel/process.c
@@ -548,14 +548,6 @@ unsigned long arch_align_stack(unsigned
return sp & ~0xf;
}
-unsigned long arch_randomize_brk(struct mm_struct *mm)
-{
- if (is_compat_task())
- return randomize_page(mm->brk, SZ_32M);
- else
- return randomize_page(mm->brk, SZ_1G);
-}
-
/*
* Called from setup_new_exec() after (COMPAT_)SET_PERSONALITY.
*/
--- a/arch/Kconfig~arm64-mm-make-randomization-selected-by-generic-topdown-mmap-layout
+++ a/arch/Kconfig
@@ -705,6 +705,7 @@ config HAVE_ARCH_COMPAT_MMAP_BASES
config ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT
bool
depends on MMU
+ select ARCH_HAS_ELF_RANDOMIZE
config HAVE_COPY_THREAD_TLS
bool
--- a/mm/util.c~arm64-mm-make-randomization-selected-by-generic-topdown-mmap-layout
+++ a/mm/util.c
@@ -321,7 +321,15 @@ unsigned long randomize_stack_top(unsign
}
#ifdef CONFIG_ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT
-#ifdef CONFIG_ARCH_HAS_ELF_RANDOMIZE
+unsigned long arch_randomize_brk(struct mm_struct *mm)
+{
+ /* Is the current task 32bit ? */
+ if (!IS_ENABLED(CONFIG_64BIT) || is_compat_task())
+ return randomize_page(mm->brk, SZ_32M);
+
+ return randomize_page(mm->brk, SZ_1G);
+}
+
unsigned long arch_mmap_rnd(void)
{
unsigned long rnd;
@@ -335,7 +343,6 @@ unsigned long arch_mmap_rnd(void)
return rnd << PAGE_SHIFT;
}
-#endif /* CONFIG_ARCH_HAS_ELF_RANDOMIZE */
static int mmap_is_legacy(struct rlimit *rlim_stack)
{
_
Patches currently in -mm which might be from alex@xxxxxxxx are
mm-fs-move-randomize_stack_top-from-fs-to-mm.patch
arm64-make-use-of-is_compat_task-instead-of-hardcoding-this-test.patch
arm64-consider-stack-randomization-for-mmap-base-only-when-necessary.patch
arm64-mm-move-generic-mmap-layout-functions-to-mm.patch
arm64-mm-make-randomization-selected-by-generic-topdown-mmap-layout.patch
arm-properly-account-for-stack-randomization-and-stack-guard-gap.patch
arm-use-stack_top-when-computing-mmap-base-address.patch
arm-use-generic-mmap-top-down-layout-and-brk-randomization.patch
mips-properly-account-for-stack-randomization-and-stack-guard-gap.patch
mips-use-stack_top-when-computing-mmap-base-address.patch
mips-adjust-brk-randomization-offset-to-fit-generic-version.patch
mips-replace-arch-specific-way-to-determine-32bit-task-with-generic-version.patch
mips-use-generic-mmap-top-down-layout-and-brk-randomization.patch
riscv-make-mmap-allocation-top-down-by-default.patch
