mirror of
				git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
				synced 2025-09-04 20:19:47 +08:00 
			
		
		
		
	powerpc: Ensure random space between stack and mmaps
get_random_int() returns the same value within a 1 jiffy interval. This means that the mmap and stack regions will almost always end up the same distance apart, making a relative offset based attack possible. To fix this, shift the randomness we use for the mmap region by 1 bit. Signed-off-by: Anton Blanchard <anton@samba.org> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
This commit is contained in:
		
							parent
							
								
									912f9ee21c
								
							
						
					
					
						commit
						a5adc91a4b
					
				| @ -46,6 +46,14 @@ static inline int mmap_is_legacy(void) | |||||||
| 	return sysctl_legacy_va_layout; | 	return sysctl_legacy_va_layout; | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | /*
 | ||||||
|  |  * Since get_random_int() returns the same value within a 1 jiffy window, | ||||||
|  |  * we will almost always get the same randomisation for the stack and mmap | ||||||
|  |  * region. This will mean the relative distance between stack and mmap will | ||||||
|  |  * be the same. | ||||||
|  |  * | ||||||
|  |  * To avoid this we can shift the randomness by 1 bit. | ||||||
|  |  */ | ||||||
| static unsigned long mmap_rnd(void) | static unsigned long mmap_rnd(void) | ||||||
| { | { | ||||||
| 	unsigned long rnd = 0; | 	unsigned long rnd = 0; | ||||||
| @ -53,11 +61,11 @@ static unsigned long mmap_rnd(void) | |||||||
| 	if (current->flags & PF_RANDOMIZE) { | 	if (current->flags & PF_RANDOMIZE) { | ||||||
| 		/* 8MB for 32bit, 1GB for 64bit */ | 		/* 8MB for 32bit, 1GB for 64bit */ | ||||||
| 		if (is_32bit_task()) | 		if (is_32bit_task()) | ||||||
| 			rnd = (long)(get_random_int() % (1<<(23-PAGE_SHIFT))); | 			rnd = (long)(get_random_int() % (1<<(22-PAGE_SHIFT))); | ||||||
| 		else | 		else | ||||||
| 			rnd = (long)(get_random_int() % (1<<(30-PAGE_SHIFT))); | 			rnd = (long)(get_random_int() % (1<<(29-PAGE_SHIFT))); | ||||||
| 	} | 	} | ||||||
| 	return rnd << PAGE_SHIFT; | 	return (rnd << PAGE_SHIFT) * 2; | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| static inline unsigned long mmap_base(void) | static inline unsigned long mmap_base(void) | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user
	 Anton Blanchard
						Anton Blanchard