, which is sensibly bounded, so that platform
developers may choose where to place this compromise. Keep default
values as new minimums.
Signed-off-by: Daniel Cashman
---
arch/x86/Kconfig | 16
arch/x86/mm/mmap.c | 12 ++--
2 files changed, 22 insertions(+), 6 deletions
that platform developers may choose where to
place this compromise. Keep default values as new minimums.
Signed-off-by: Daniel Cashman
---
arch/arm64/Kconfig | 23 +++
arch/arm64/mm/mmap.c | 6 --
2 files changed, 27 insertions(+), 2 deletions(-)
diff --git a/arch/arm64
platforms. Allow the specification of a minimum number of bits so that
platforms desiring greater ASLR protection may determine where to place
the trade-off.
Signed-off-by: Daniel Cashman
---
Documentation/sysctl/vm.txt | 29
arch/Kconfig| 64
, so that platform developers may choose where to
place this compromise. Keep 8 as the minimum acceptable value.
Signed-off-by: Daniel Cashman
---
arch/arm/Kconfig | 10 ++
arch/arm/mm/mmap.c | 3 +--
2 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/arch/arm/Kconfig b
From: dcashman
Address Space Layout Randomization (ASLR) provides a barrier to exploitation of
user-space processes in the presence of security vulnerabilities by making it
more difficult to find desired code/data which could help an attack. This is
done by adding a random offset to the
is may not be an issue on all
platforms. Allow the specification of a minimum number of bits so that
platforms desiring greater ASLR protection may determine where to place
the trade-off.
Signed-off-by: Daniel Cashman <dcash...@google.com>
---
Documentation/sysctl/vm.txt | 29 ++
From: dcashman
Address Space Layout Randomization (ASLR) provides a barrier to exploitation of
user-space processes in the presence of security vulnerabilities by making it
more difficult to find desired code/data which could help an attack. This is
done by adding a
which
is sensibly bounded, so that platform developers may choose where to
place this compromise. Keep default values as new minimums.
Signed-off-by: Daniel Cashman <dcash...@google.com>
---
arch/arm64/Kconfig | 23 +++
arch/arm64/mm/mmap.c | 6 --
2 files changed, 2
On 11/18/2015 03:20 PM, Daniel Cashman wrote:
> ==
>
> +mmap_rnd_bits:
> +
> +This value can be used to select the number of bits to use to
> +determine the random offset to the base address of vma regions
>
From: dcashman
Address Space Layout Randomization (ASLR) provides a barrier to exploitation of
user-space processes in the presence of security vulnerabilities by making it
more difficult to find desired code/data which could help an attack. This is
done by adding a
eplace it
with a Kconfig option, which is sensibly bounded, so that platform
developers may choose where to place this compromise. Keep default
values as new minimums.
Signed-off-by: Daniel Cashman <dcash...@google.com>
---
arch/x86/Kconfig | 16
arch/x86/mm/mmap.c | 12 +++
is may not be an issue on all
platforms. Allow the specification of a minimum number of bits so that
platforms desiring greater ASLR protection may determine where to place
the trade-off.
Signed-off-by: Daniel Cashman <dcash...@google.com>
---
Documentation/sysctl/vm.txt | 29 ++
which
is sensibly bounded, so that platform developers may choose where to
place this compromise. Keep 8 as the minimum acceptable value.
Signed-off-by: Daniel Cashman <dcash...@google.com>
---
arch/arm/Kconfig | 10 ++
arch/arm/mm/mmap.c | 3 +--
2 files changed, 11 inse
which
is sensibly bounded, so that platform developers may choose where to
place this compromise. Keep default values as new minimums.
Signed-off-by: Daniel Cashman <dcash...@google.com>
---
arch/arm64/Kconfig | 23 +++
arch/arm64/mm/mmap.c | 6 --
2 files changed, 2
On 11/18/2015 03:20 PM, Daniel Cashman wrote:
> - /*
> - * 8 bits of randomness in 32bit mmaps, 20 address space bits
> - * 28 bits of randomness in 64bit mmaps, 40 address space bits
> - */
This should be removed.
--
To unsubscribe from this list: send the line
> I think the min/max values should be const, since they're determined
> at build time and should never change.
Ok. Also, I just submitted the patch-set again with [PATCH v3] instead
of [PATCH] so I'd prefer discussion there; sorry for the mistake.
-Dan
--
To unsubscribe from this list: send the
which
is sensibly bounded, so that platform developers may choose where to
place this compromise. Keep 8 as the minimum acceptable value.
Signed-off-by: Daniel Cashman <dcash...@google.com>
---
arch/arm/Kconfig | 10 ++
arch/arm/mm/mmap.c | 3 +--
2 files changed, 11 inse
eplace it
with a Kconfig option, which is sensibly bounded, so that platform
developers may choose where to place this compromise. Keep default
values as new minimums.
Signed-off-by: Daniel Cashman <dcash...@google.com>
---
arch/x86/Kconfig | 16
arch/x86/mm/mmap.c | 12 +++
On 11/08/2015 07:47 PM, Michael Ellerman wrote:
> On Fri, 2015-11-06 at 12:52 -0800, Kees Cook wrote:
>> On Thu, Nov 5, 2015 at 10:44 AM, Daniel Cashman wrote:
>>> On 11/04/2015 10:30 AM, Daniel Cashman wrote:
>>>> On 11/3/15 3:21 PM, Kees Cook wrote:
>>>&g
On 11/08/2015 07:47 PM, Michael Ellerman wrote:
> On Fri, 2015-11-06 at 12:52 -0800, Kees Cook wrote:
>> On Thu, Nov 5, 2015 at 10:44 AM, Daniel Cashman <dcash...@android.com> wrote:
>>> On 11/04/2015 10:30 AM, Daniel Cashman wrote:
>>>> On 11/3/15 3:21 PM,
On 11/04/2015 10:30 AM, Daniel Cashman wrote:
> On 11/3/15 3:21 PM, Kees Cook wrote:
>> On Tue, Nov 3, 2015 at 3:14 PM, Daniel Cashman wrote:
>>> On 11/03/2015 11:19 AM, Kees Cook wrote:
>>>> Do you have patches for x86 and arm64?
>>>
>>> I was h
On 11/04/2015 10:30 AM, Daniel Cashman wrote:
> On 11/3/15 3:21 PM, Kees Cook wrote:
>> On Tue, Nov 3, 2015 at 3:14 PM, Daniel Cashman <dcash...@android.com> wrote:
>>> On 11/03/2015 11:19 AM, Kees Cook wrote:
>>>> Do you have patches for x86 and arm64?
>&g
On 11/4/15 11:21 AM, Eric W. Biederman wrote:
> Michal Hocko writes:
>
>> On Tue 03-11-15 10:10:03, Daniel Cashman wrote:
>> [...]
>>> +This value can be changed after boot using the
>>> +/proc/sys/kernel/mmap_rnd_bits tunable
>>
>> Why is this no
On 11/3/15 5:31 PM, Andrew Morton wrote:
> On Tue, 03 Nov 2015 18:40:31 -0600 ebied...@xmission.com (Eric W. Biederman)
> wrote:
>
>> Andrew Morton writes:
>>
>>> On Tue, 3 Nov 2015 10:10:03 -0800 Daniel Cashman
>>> wrote:
>>>
>>>
On 11/3/15 3:21 PM, Kees Cook wrote:
> On Tue, Nov 3, 2015 at 3:14 PM, Daniel Cashman wrote:
>> On 11/03/2015 11:19 AM, Kees Cook wrote:
>>> Do you have patches for x86 and arm64?
>>
>> I was holding off on those until I could gauge upstream reception. If
>>
On 11/3/15 3:18 PM, Kees Cook wrote:
> On Tue, Nov 3, 2015 at 2:39 PM, Russell King - ARM Linux
> wrote:
>> On Tue, Nov 03, 2015 at 11:19:44AM -0800, Kees Cook wrote:
>>> On Tue, Nov 3, 2015 at 10:10 AM, Daniel Cashman
>>> wrote:
>>>> From: dcashman
On 11/3/15 5:31 PM, Andrew Morton wrote:
> On Tue, 03 Nov 2015 18:40:31 -0600 ebied...@xmission.com (Eric W. Biederman)
> wrote:
>
>> Andrew Morton <a...@linux-foundation.org> writes:
>>
>>> On Tue, 3 Nov 2015 10:10:03 -0800 Daniel Cashman <dcash...
On 11/4/15 11:21 AM, Eric W. Biederman wrote:
> Michal Hocko <mho...@kernel.org> writes:
>
>> On Tue 03-11-15 10:10:03, Daniel Cashman wrote:
>> [...]
>>> +This value can be changed after boot using the
>>> +/proc/sys/kernel/mmap_rnd_bits tunable
>
On 11/3/15 3:18 PM, Kees Cook wrote:
> On Tue, Nov 3, 2015 at 2:39 PM, Russell King - ARM Linux
> <li...@arm.linux.org.uk> wrote:
>> On Tue, Nov 03, 2015 at 11:19:44AM -0800, Kees Cook wrote:
>>> On Tue, Nov 3, 2015 at 10:10 AM, Daniel Cashman <dcash...@android.com>
On 11/3/15 3:21 PM, Kees Cook wrote:
> On Tue, Nov 3, 2015 at 3:14 PM, Daniel Cashman <dcash...@android.com> wrote:
>> On 11/03/2015 11:19 AM, Kees Cook wrote:
>>> Do you have patches for x86 and arm64?
>>
>> I was holding off on those until I could gauge u
On 11/03/2015 11:19 AM, Kees Cook wrote:
> Do you have patches for x86 and arm64?
I was holding off on those until I could gauge upstream reception. If
desired, I could put those together and add them as [PATCH 3/4] and
[PATCH 4/4].
Thank You,
Dan
--
To unsubscribe from this list: send the
On 11/01/2015 01:50 PM, Eric W. Biederman wrote:
> Daniel Cashman writes:
>
>> On 10/28/2015 08:41 PM, Eric W. Biederman wrote:
>>> Dan Cashman writes:
>>>
>>>>>> This all would be much cleaner if the arm architecture code were just to
>>>
, so that platform developers may choose where to
place this compromise. Keep 8 as the minimum acceptable value.
Signed-off-by: Daniel Cashman
---
Changes in v2:
- Changed arch/arm/Kconfig and arch/arm/mm/mmap.c to reflect changes
in [PATCH v2 1/2], specifically the movement of variables
platforms. Allow the specification of a minimum number of bits so that
platforms desiring greater ASLR protection may determine where to place
the trade-off.
Signed-off-by: Daniel Cashman
---
Changes in v2:
- Added HAVE_ARCH_MMAP_RND_BITS as Kconfig boolean selector.
- Moved
is may not be an issue on all
platforms. Allow the specification of a minimum number of bits so that
platforms desiring greater ASLR protection may determine where to place
the trade-off.
Signed-off-by: Daniel Cashman <dcash...@google.com>
---
Changes in v2:
- Added HAVE_ARCH_MMAP_RND_BIT
which
is sensibly bounded, so that platform developers may choose where to
place this compromise. Keep 8 as the minimum acceptable value.
Signed-off-by: Daniel Cashman <dcash...@google.com>
---
Changes in v2:
- Changed arch/arm/Kconfig and arch/arm/mm/mmap.c to reflect changes
in [
On 11/01/2015 01:50 PM, Eric W. Biederman wrote:
> Daniel Cashman <dcash...@android.com> writes:
>
>> On 10/28/2015 08:41 PM, Eric W. Biederman wrote:
>>> Dan Cashman <dcash...@android.com> writes:
>>>
>>>>>> This all would be much clean
On 11/03/2015 11:19 AM, Kees Cook wrote:
> Do you have patches for x86 and arm64?
I was holding off on those until I could gauge upstream reception. If
desired, I could put those together and add them as [PATCH 3/4] and
[PATCH 4/4].
Thank You,
Dan
--
To unsubscribe from this list: send the
On 10/28/2015 08:41 PM, Eric W. Biederman wrote:
> Dan Cashman writes:
>
This all would be much cleaner if the arm architecture code were just to
register the sysctl itself.
As it sits this looks like a patchset that does not meaninfully bisect,
and would result in code
On 10/28/2015 08:41 PM, Eric W. Biederman wrote:
> Dan Cashman writes:
>
This all would be much cleaner if the arm architecture code were just to
register the sysctl itself.
As it sits this looks like a patchset that does not meaninfully bisect,
and
, so that platform developers may choose where to
place this compromise. Keep 8 as the minimum acceptable value.
Signed-off-by: Daniel Cashman
---
arch/arm/Kconfig | 24
arch/arm/mm/mmap.c | 7 +--
2 files changed, 29 insertions(+), 2 deletions(-)
diff --git a/arch
platforms. Allow the specification of a minimum number of bits so that
platforms desiring greater ASLR protection may determine where to place
the trade-off.
Signed-off-by: Daniel Cashman
---
Documentation/sysctl/kernel.txt | 14 ++
include/linux/mm.h | 6 ++
kernel
which
is sensibly bounded, so that platform developers may choose where to
place this compromise. Keep 8 as the minimum acceptable value.
Signed-off-by: Daniel Cashman <dcash...@google.com>
---
arch/arm/Kconfig | 24
arch/arm/mm/mmap.c | 7 +--
2 files
is may not be an issue on all
platforms. Allow the specification of a minimum number of bits so that
platforms desiring greater ASLR protection may determine where to place
the trade-off.
Signed-off-by: Daniel Cashman <dcash...@google.com>
---
Documentation/sysctl/kernel.txt | 14 +++
101 - 144 of 144 matches
Mail list logo