Re: [PATCH] [RFC] Introduce mmap randomization

Hi! > Inter-mmap randomization will decrease the predictability of later > mmap() allocations, which should help make data structures harder to > find in memory. In addition, this patch will also introduce unmapped > gaps between pages, preventing linear overruns from one mapping to > another

Re: [PATCH] [RFC] Introduce mmap randomization

Hi! > Inter-mmap randomization will decrease the predictability of later > mmap() allocations, which should help make data structures harder to > find in memory. In addition, this patch will also introduce unmapped > gaps between pages, preventing linear overruns from one mapping to > another

Re: [PATCH] [RFC] Introduce mmap randomization

On Tue 2016-07-26 11:22:26, william.c.robe...@intel.com wrote: > From: William Roberts > > This patch introduces the ability randomize mmap locations where the > address is not requested, for instance when ld is allocating pages for > shared libraries. It chooses to

Re: [PATCH] [RFC] Introduce mmap randomization

On Tue 2016-07-26 11:22:26, william.c.robe...@intel.com wrote: > From: William Roberts > > This patch introduces the ability randomize mmap locations where the > address is not requested, for instance when ld is allocating pages for > shared libraries. It chooses to randomize based on the

RE: [PATCH] [RFC] Introduce mmap randomization

> > > > > I would highly recommend studying those prior use cases and answering > > those concerns before progressing too much further. As I've mentioned > > elsewhere, you'll need to quantify the increased difficulty to the > > attacker that your patch imposes. Personally, I would assess that

RE: [PATCH] [RFC] Introduce mmap randomization

> > > > > I would highly recommend studying those prior use cases and answering > > those concerns before progressing too much further. As I've mentioned > > elsewhere, you'll need to quantify the increased difficulty to the > > attacker that your patch imposes. Personally, I would assess that

RE: [PATCH] [RFC] Introduce mmap randomization

> > > > No, I mean changes to mm/mmap.o. > >From UML build: NEW: 1610 : 1610: 55 push %rbp 1611: 48 89 e5mov%rsp,%rbp 1614: 41 54 push %r12 1616: 48 8d 45 e8 lea

RE: [PATCH] [RFC] Introduce mmap randomization

> > > > No, I mean changes to mm/mmap.o. > >From UML build: NEW: 1610 : 1610: 55 push %rbp 1611: 48 89 e5mov%rsp,%rbp 1614: 41 54 push %r12 1616: 48 8d 45 e8 lea

RE: [PATCH] [RFC] Introduce mmap randomization

...@linux-foundation.org; > keesc...@chromium.org; gre...@linuxfoundation.org; n...@google.com; > je...@google.com; saly...@android.com; dcash...@android.com > Subject: Re: [PATCH] [RFC] Introduce mmap randomization > > On Tue, Jul 26, 2016 at 09:06:30PM +, Roberts, William C wrot

RE: [PATCH] [RFC] Introduce mmap randomization

...@chromium.org; gre...@linuxfoundation.org; n...@google.com; > je...@google.com; saly...@android.com; dcash...@android.com > Subject: Re: [PATCH] [RFC] Introduce mmap randomization > > On Tue, Jul 26, 2016 at 09:06:30PM +, Roberts, William C wrote: > > > From: ow

Re: [PATCH] [RFC] Introduce mmap randomization

On Tue, Aug 2, 2016 at 9:57 AM, Roberts, William C wrote: > @nnk, disabling ASLR via set_arch() on Android, is that only for 32 bit > address spaces where > you had that problem? Yes. Only 32 bit address spaces had the fragmentation problem. -- Nick Kralevich |

Re: [PATCH] [RFC] Introduce mmap randomization

On Tue, Aug 2, 2016 at 9:57 AM, Roberts, William C wrote: > @nnk, disabling ASLR via set_arch() on Android, is that only for 32 bit > address spaces where > you had that problem? Yes. Only 32 bit address spaces had the fragmentation problem. -- Nick Kralevich | Android Security |

RE: [PATCH] [RFC] Introduce mmap randomization

vger.kernel.org; kernel-harden...@lists.openwall.com; > a...@linux-foundation.org; keesc...@chromium.org; > gre...@linuxfoundation.org; je...@google.com; saly...@android.com; > dcash...@android.com > Subject: Re: [PATCH] [RFC] Introduce mmap randomization > > On Tue, Jul 26, 2016 at 1:

RE: [PATCH] [RFC] Introduce mmap randomization

foundation.org; keesc...@chromium.org; > gre...@linuxfoundation.org; je...@google.com; saly...@android.com; > dcash...@android.com > Subject: Re: [PATCH] [RFC] Introduce mmap randomization > > On Tue, Jul 26, 2016 at 1:59 PM, Jason Cooper wrote: > >> > One thing

Re: [kernel-hardening] Re: [PATCH] [RFC] Introduce mmap randomization

> > It's very hard to quantify the benefits of fine-grained > > randomization, > > ?  N = # of possible addresses.  The bigger N is, the more chances the > attacker will trip up before finding what they were looking for. If the attacker is forcing the creation of many objects with a function

Re: [kernel-hardening] Re: [PATCH] [RFC] Introduce mmap randomization

> > It's very hard to quantify the benefits of fine-grained > > randomization, > > ?  N = # of possible addresses.  The bigger N is, the more chances the > attacker will trip up before finding what they were looking for. If the attacker is forcing the creation of many objects with a function

Re: [kernel-hardening] Re: [PATCH] [RFC] Introduce mmap randomization

Hi Daniel, On Fri, Jul 29, 2016 at 06:10:02AM -0400, Daniel Micay wrote: > > > In the Project Zero Stagefright post > > > (http://googleprojectzero.blogspot.com/2015/09/stagefrightened.html) > > > , we see that the linear allocation of memory combined with the > > > low number of bits in the

Re: [kernel-hardening] Re: [PATCH] [RFC] Introduce mmap randomization

Hi Daniel, On Fri, Jul 29, 2016 at 06:10:02AM -0400, Daniel Micay wrote: > > > In the Project Zero Stagefright post > > > (http://googleprojectzero.blogspot.com/2015/09/stagefrightened.html) > > > , we see that the linear allocation of memory combined with the > > > low number of bits in the

Re: [kernel-hardening] Re: [PATCH] [RFC] Introduce mmap randomization

> > In the Project Zero Stagefright post > > (http://googleprojectzero.blogspot.com/2015/09/stagefrightened.html) > > , > > we see that the linear allocation of memory combined with the low > > number of bits in the initial mmap offset resulted in a much more > > predictable layout which aided the

Re: [kernel-hardening] Re: [PATCH] [RFC] Introduce mmap randomization

> > In the Project Zero Stagefright post > > (http://googleprojectzero.blogspot.com/2015/09/stagefrightened.html) > > , > > we see that the linear allocation of memory combined with the low > > number of bits in the initial mmap offset resulted in a much more > > predictable layout which aided the

Re: [PATCH] [RFC] Introduce mmap randomization

On Wed, Jul 27, 2016 at 09:59:35AM -0700, Nick Kralevich wrote: > On Tue, Jul 26, 2016 at 1:59 PM, Jason Cooper wrote: > >> > One thing I didn't make clear in my commit message is why this is good. > >> > Right > >> > now, if you know An address within in a process, you

Re: [PATCH] [RFC] Introduce mmap randomization

On Wed, Jul 27, 2016 at 09:59:35AM -0700, Nick Kralevich wrote: > On Tue, Jul 26, 2016 at 1:59 PM, Jason Cooper wrote: > >> > One thing I didn't make clear in my commit message is why this is good. > >> > Right > >> > now, if you know An address within in a process, you know all offsets > >> >

Re: [PATCH] [RFC] Introduce mmap randomization

On Tue, Jul 26, 2016 at 1:59 PM, Jason Cooper wrote: >> > One thing I didn't make clear in my commit message is why this is good. >> > Right >> > now, if you know An address within in a process, you know all offsets done >> > with >> > mmap(). For instance, an offset To

Re: [PATCH] [RFC] Introduce mmap randomization

On Tue, Jul 26, 2016 at 1:59 PM, Jason Cooper wrote: >> > One thing I didn't make clear in my commit message is why this is good. >> > Right >> > now, if you know An address within in a process, you know all offsets done >> > with >> > mmap(). For instance, an offset To libX can yield libY by

Re: [PATCH] [RFC] Introduce mmap randomization

On 07/26/2016 02:44 PM, Jason Cooper wrote: >> > I'd likely need to take a small sample of programs and examine them, >> > especially considering That as gaps are harder to find, it forces the >> > randomization down and randomization can Be directly altered with >> > length on mmap(), versus

Re: [PATCH] [RFC] Introduce mmap randomization

On 07/26/2016 02:44 PM, Jason Cooper wrote: >> > I'd likely need to take a small sample of programs and examine them, >> > especially considering That as gaps are harder to find, it forces the >> > randomization down and randomization can Be directly altered with >> > length on mmap(), versus

Re: [PATCH] [RFC] Introduce mmap randomization

On Tue, Jul 26, 2016 at 09:06:30PM +, Roberts, William C wrote: > > From: owner-linux...@kvack.org [mailto:owner-linux...@kvack.org] On > > Behalf Of Jason Cooper > > On Tue, Jul 26, 2016 at 08:13:23PM +, Roberts, William C wrote: > > > > > From: Jason Cooper [mailto:ja...@lakedaemon.net]

Re: [PATCH] [RFC] Introduce mmap randomization

On Tue, Jul 26, 2016 at 09:06:30PM +, Roberts, William C wrote: > > From: owner-linux...@kvack.org [mailto:owner-linux...@kvack.org] On > > Behalf Of Jason Cooper > > On Tue, Jul 26, 2016 at 08:13:23PM +, Roberts, William C wrote: > > > > > From: Jason Cooper [mailto:ja...@lakedaemon.net]

Re: [PATCH] [RFC] Introduce mmap randomization

gt;; Jeffrey Vander Stoep >> <je...@google.com>; saly...@android.com; Daniel Cashman >> <dcash...@android.com> >> Subject: Re: [PATCH] [RFC] Introduce mmap randomization >> >> My apologies in advance if I misunderstand the purposes of this patch. >>

Re: [PATCH] [RFC] Introduce mmap randomization

l.org; lkml > ker...@vger.kernel.org>; kernel-harden...@lists.openwall.com; Andrew >> Morton ; Kees Cook ; >> Greg KH ; Jeffrey Vander Stoep >> ; saly...@android.com; Daniel Cashman >> >> Subject: Re: [PATCH] [RFC] Introduce mmap randomization >> >&g

RE: [PATCH] [RFC] Introduce mmap randomization

el.org; kernel- > harden...@lists.openwall.com; a...@linux-foundation.org; > keesc...@chromium.org; gre...@linuxfoundation.org; n...@google.com; > je...@google.com; saly...@android.com; dcash...@android.com > Subject: Re: [PATCH] [RFC] Introduce mmap randomization > > Hi William, >

RE: [PATCH] [RFC] Introduce mmap randomization

nwall.com; a...@linux-foundation.org; > keesc...@chromium.org; gre...@linuxfoundation.org; n...@google.com; > je...@google.com; saly...@android.com; dcash...@android.com > Subject: Re: [PATCH] [RFC] Introduce mmap randomization > > Hi William, > > On Tue, Jul 26, 2016 at

RE: [PATCH] [RFC] Introduce mmap randomization

en...@lists.openwall.com; Andrew > Morton <a...@linux-foundation.org>; Kees Cook <keesc...@chromium.org>; > Greg KH <gre...@linuxfoundation.org>; Jeffrey Vander Stoep > <je...@google.com>; saly...@android.com; Daniel Cashman > <dcash...@android.com> > Subj

RE: [PATCH] [RFC] Introduce mmap randomization

t; Morton ; Kees Cook ; > Greg KH ; Jeffrey Vander Stoep > ; saly...@android.com; Daniel Cashman > > Subject: Re: [PATCH] [RFC] Introduce mmap randomization > > My apologies in advance if I misunderstand the purposes of this patch. > > IIUC, this patch adds a random gap bet

Re: [PATCH] [RFC] Introduce mmap randomization

Hi William, On Tue, Jul 26, 2016 at 08:13:23PM +, Roberts, William C wrote: > > > From: Jason Cooper [mailto:ja...@lakedaemon.net] > > > On Tue, Jul 26, 2016 at 11:22:26AM -0700, william.c.robe...@intel.com > > > wrote: > > > > Performance Measurements: > > > > Using strace with -T option

Re: [PATCH] [RFC] Introduce mmap randomization

Hi William, On Tue, Jul 26, 2016 at 08:13:23PM +, Roberts, William C wrote: > > > From: Jason Cooper [mailto:ja...@lakedaemon.net] > > > On Tue, Jul 26, 2016 at 11:22:26AM -0700, william.c.robe...@intel.com > > > wrote: > > > > Performance Measurements: > > > > Using strace with -T option

Re: [PATCH] [RFC] Introduce mmap randomization

My apologies in advance if I misunderstand the purposes of this patch. IIUC, this patch adds a random gap between various mmap() mappings, with the goal of ensuring that both the mmap base address and gaps between pages are randomized. If that's the goal, please note that this behavior has

Re: [PATCH] [RFC] Introduce mmap randomization

My apologies in advance if I misunderstand the purposes of this patch. IIUC, this patch adds a random gap between various mmap() mappings, with the goal of ensuring that both the mmap base address and gaps between pages are randomized. If that's the goal, please note that this behavior has

RE: [PATCH] [RFC] Introduce mmap randomization

linux-kernel@vger.kernel.org; kernel- > > harden...@lists.openwall.com; a...@linux-foundation.org; > > keesc...@chromium.org; gre...@linuxfoundation.org; n...@google.com; > > je...@google.com; saly...@android.com; dcash...@android.com > > Subject: Re: [PATCH] [RFC] Introduce mmap ra

RE: [PATCH] [RFC] Introduce mmap randomization

t; > harden...@lists.openwall.com; a...@linux-foundation.org; > > keesc...@chromium.org; gre...@linuxfoundation.org; n...@google.com; > > je...@google.com; saly...@android.com; dcash...@android.com > > Subject: Re: [PATCH] [RFC] Introduce mmap randomization > > >

RE: [PATCH] [RFC] Introduce mmap randomization

openwall.com; a...@linux-foundation.org; > keesc...@chromium.org; gre...@linuxfoundation.org; n...@google.com; > je...@google.com; saly...@android.com; dcash...@android.com > Subject: Re: [PATCH] [RFC] Introduce mmap randomization > > Hi William! > > On Tue, Jul 26, 2016 at 11:22:

RE: [PATCH] [RFC] Introduce mmap randomization

ation.org; > keesc...@chromium.org; gre...@linuxfoundation.org; n...@google.com; > je...@google.com; saly...@android.com; dcash...@android.com > Subject: Re: [PATCH] [RFC] Introduce mmap randomization > > Hi William! > > On Tue, Jul 26, 2016 at 11:22:26AM -0700, william.c.robe...@int

Re: [PATCH] [RFC] Introduce mmap randomization

Hi William! On Tue, Jul 26, 2016 at 11:22:26AM -0700, william.c.robe...@intel.com wrote: > From: William Roberts > > This patch introduces the ability randomize mmap locations where the > address is not requested, for instance when ld is allocating pages for >

Re: [PATCH] [RFC] Introduce mmap randomization

Hi William! On Tue, Jul 26, 2016 at 11:22:26AM -0700, william.c.robe...@intel.com wrote: > From: William Roberts > > This patch introduces the ability randomize mmap locations where the > address is not requested, for instance when ld is allocating pages for > shared libraries. It chooses to