From: Kees Cook <[email protected]> When an architecture fully supports randomizing the ELF load location, a per-arch mmap_rnd() function is used to find a randomized mmap base. In preparation for randomizing the location of ET_DYN binaries separately from mmap, this renames and exports these functions as arch_mmap_rnd(). Additionally introduces CONFIG_ARCH_HAS_ELF_RANDOMIZE for describing this feature on architectures that support it (which is a superset of ARCH_BINFMT_ELF_RANDOMIZE_PIE, since s390 already supports a separated ET_DYN ASLR from mmap ASLR without the ARCH_BINFMT_ELF_RANDOMIZE_PIE logic).
Signed-off-by: Kees Cook <[email protected]> Cc: Hector Marco-Gisbert <[email protected]> Cc: Russell King <[email protected]> Reviewed-by: Ingo Molnar <[email protected]> Cc: Catalin Marinas <[email protected]> Cc: Will Deacon <[email protected]> Cc: Ralf Baechle <[email protected]> Cc: Benjamin Herrenschmidt <[email protected]> Cc: Paul Mackerras <[email protected]> Cc: Michael Ellerman <[email protected]> Cc: Martin Schwidefsky <[email protected]> Cc: Heiko Carstens <[email protected]> Cc: Alexander Viro <[email protected]> Cc: Oleg Nesterov <[email protected]> Cc: Andy Lutomirski <[email protected]> Cc: "David A. Long" <[email protected]> Cc: Andrey Ryabinin <[email protected]> Cc: Arun Chandran <[email protected]> Cc: Yann Droneaud <[email protected]> Cc: Min-Hua Chen <[email protected]> Cc: Paul Burton <[email protected]> Cc: Alex Smith <[email protected]> Cc: Markos Chandras <[email protected]> Cc: Vineeth Vijayan <[email protected]> Cc: Jeff Bailey <[email protected]> Cc: Michael Holzheu <[email protected]> Cc: Ben Hutchings <[email protected]> Cc: Behan Webster <[email protected]> Cc: Ismael Ripoll <[email protected]> Cc: Jan-Simon Mller <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]> [ms commit 2b68f6caeac2 ported only x86 part as other archs need special care..] Signed-off-by: Dmitry Safonov <[email protected]> --- arch/Kconfig | 7 +++++++ arch/x86/Kconfig | 1 + arch/x86/mm/mmap.c | 4 ++-- include/linux/elf-randomize.h | 10 ++++++++++ 4 files changed, 20 insertions(+), 2 deletions(-) create mode 100644 include/linux/elf-randomize.h diff --git a/arch/Kconfig b/arch/Kconfig index b5a4cb176d36..2b3b7d550a46 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -466,6 +466,13 @@ config HAVE_STACK_VALIDATION Architecture supports the 'objtool check' host tool command, which performs compile-time stack metadata validation. +config ARCH_HAS_ELF_RANDOMIZE + bool + help + An architecture supports choosing randomized locations for + stack, mmap, brk, and ET_DYN. Defined functions: + - arch_mmap_rnd() + # # ABI hall of shame # diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 6ad29a57f171..29902c4630b4 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -86,6 +86,7 @@ config X86 select ARCH_HAS_KCOV if X86_64 select HAVE_USER_RETURN_NOTIFIER select ARCH_BINFMT_ELF_RANDOMIZE_PIE + select ARCH_HAS_ELF_RANDOMIZE select HAVE_ARCH_JUMP_LABEL select HAVE_TEXT_POKE_SMP select HAVE_GENERIC_HARDIRQS diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c index 0e426764499a..cb7cd6e3e686 100644 --- a/arch/x86/mm/mmap.c +++ b/arch/x86/mm/mmap.c @@ -65,7 +65,7 @@ static int mmap_is_legacy(void) return sysctl_legacy_va_layout; } -static unsigned long mmap_rnd(void) +unsigned long arch_mmap_rnd(void) { unsigned long rnd; @@ -114,7 +114,7 @@ void arch_pick_mmap_layout(struct mm_struct *mm) unsigned long random_factor = 0UL; if (current->flags & PF_RANDOMIZE) - random_factor = mmap_rnd(); + random_factor = arch_mmap_rnd(); mm->mmap_legacy_base = mmap_legacy_base(random_factor); diff --git a/include/linux/elf-randomize.h b/include/linux/elf-randomize.h new file mode 100644 index 000000000000..7a4eda02d2b1 --- /dev/null +++ b/include/linux/elf-randomize.h @@ -0,0 +1,10 @@ +#ifndef _ELF_RANDOMIZE_H +#define _ELF_RANDOMIZE_H + +#ifndef CONFIG_ARCH_HAS_ELF_RANDOMIZE +static inline unsigned long arch_mmap_rnd(void) { return 0; } +#else +extern unsigned long arch_mmap_rnd(void); +#endif + +#endif -- 2.12.2 _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
