The patch titled
i386 and x86_64: randomize brk()
has been added to the -mm tree. Its filename is
i386-and-x86_64-randomize-brk.patch
*** Remember to use Documentation/SubmitChecklist when testing your code ***
See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
out what to do about this
------------------------------------------------------
Subject: i386 and x86_64: randomize brk()
From: Jiri Kosina <jkosina@xxxxxxx>
Randomize the location of the heap (brk) for i386 and x86_64. The range is
randomized in the range starting at current brk location up to 0x02000000
offset for both architectures. This, together with
pie-executable-randomization.patch and
pie-executable-randomization-fix.patch, should make the address space
randomization on i386 and x86_64 complete.
Signed-off-by: Jiri Kosina <jkosina@xxxxxxx>
Cc: Arjan van de Ven <arjan@xxxxxxxxxxxxx>
Cc: Ingo Molnar <mingo@xxxxxxx>
Cc: Andi Kleen <ak@xxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
arch/i386/kernel/process.c | 14 ++++++++++++++
arch/x86_64/kernel/process.c | 14 ++++++++++++++
fs/binfmt_elf.c | 7 +++++++
3 files changed, 35 insertions(+)
diff -puN arch/i386/kernel/process.c~i386-and-x86_64-randomize-brk arch/i386/kernel/process.c
--- a/arch/i386/kernel/process.c~i386-and-x86_64-randomize-brk
+++ a/arch/i386/kernel/process.c
@@ -973,3 +973,17 @@ unsigned long arch_align_stack(unsigned
sp -= get_random_int() % 8192;
return sp & ~0xf;
}
+
+unsigned long arch_randomize_brk(unsigned long brk)
+{
+ unsigned long new_brk;
+ unsigned long range_end;
+
+ range_end = brk + 0x02000000;
+ new_brk = randomize_range(brk, range_end, 0);
+ if (new_brk)
+ return new_brk;
+ else
+ return brk;
+}
+
diff -puN arch/x86_64/kernel/process.c~i386-and-x86_64-randomize-brk arch/x86_64/kernel/process.c
--- a/arch/x86_64/kernel/process.c~i386-and-x86_64-randomize-brk
+++ a/arch/x86_64/kernel/process.c
@@ -906,3 +906,17 @@ unsigned long arch_align_stack(unsigned
sp -= get_random_int() % 8192;
return sp & ~0xf;
}
+
+unsigned long arch_randomize_brk(unsigned long brk)
+{
+ unsigned long new_brk;
+ unsigned long range_end;
+
+ range_end = brk + 0x02000000;
+ new_brk = randomize_range(brk, range_end, 0);
+ if (new_brk)
+ return new_brk;
+ else
+ return brk;
+}
+
diff -puN fs/binfmt_elf.c~i386-and-x86_64-randomize-brk fs/binfmt_elf.c
--- a/fs/binfmt_elf.c~i386-and-x86_64-randomize-brk
+++ a/fs/binfmt_elf.c
@@ -47,6 +47,9 @@ static int load_elf_binary(struct linux_
static int load_elf_library(struct file *);
static unsigned long elf_map (struct file *, unsigned long, struct elf_phdr *, int, int, unsigned long);
+/* overriden by architectures supporting brk randomization */
+unsigned long __weak arch_randomize_brk(unsigned long brk) { return brk; }
+
/*
* If we don't support core dumping, then supply a NULL so we
* don't even try.
@@ -1081,6 +1084,10 @@ static int load_elf_binary(struct linux_
current->mm->end_data = end_data;
current->mm->start_stack = bprm->p;
+ if (current->flags & PF_RANDOMIZE)
+ current->mm->brk = current->mm->start_brk =
+ arch_randomize_brk(current->mm->brk);
+
if (current->personality & MMAP_PAGE_ZERO) {
/* Why this, you ask??? Well SVr4 maps page 0 as read-only,
and some applications "depend" upon this behavior.
_
Patches currently in -mm which might be from jkosina@xxxxxxx are
git-hid.patch
adbhid-produce-all-capslock-key-events.patch
keyboard-capsshift-lock.patch
console-keyboard-events-and-accessibility.patch
console-keyboard-events-and-accessibility-fix.patch
console-keyboard-events-and-accessibility-fix-2.patch
git-ipwireless_cs.patch
pie-executable-randomization.patch
pie-executable-randomization-fix.patch
pie-executable-randomization-fix-2.patch
pie-executable-randomization-fix-3.patch
i386-and-x86_64-randomize-brk.patch
add-config_vt_unicode.patch
get-rid-of-input-bit-duplicate-defines.patch
-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
