[PATCH 4/4] x86: mm: support ARCH_MMAP_RND_BITS.

, which is sensibly bounded, so that platform developers may choose where to place this compromise. Keep default values as new minimums. Signed-off-by: Daniel Cashman --- arch/x86/Kconfig | 16 arch/x86/mm/mmap.c | 12 ++-- 2 files changed, 22 insertions(+), 6 deletions

[PATCH 3/4] arm64: mm: support ARCH_MMAP_RND_BITS.

that platform developers may choose where to place this compromise. Keep default values as new minimums. Signed-off-by: Daniel Cashman --- arch/arm64/Kconfig | 23 +++ arch/arm64/mm/mmap.c | 6 -- 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/arch/arm64

[PATCH 1/4] mm: mmap: Add new /proc tunable for mmap_base ASLR.

platforms. Allow the specification of a minimum number of bits so that platforms desiring greater ASLR protection may determine where to place the trade-off. Signed-off-by: Daniel Cashman --- Documentation/sysctl/vm.txt | 29 arch/Kconfig| 64

[PATCH 2/4] arm: mm: support ARCH_MMAP_RND_BITS.

, so that platform developers may choose where to place this compromise. Keep 8 as the minimum acceptable value. Signed-off-by: Daniel Cashman --- arch/arm/Kconfig | 10 ++ arch/arm/mm/mmap.c | 3 +-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/arch/arm/Kconfig b

[PATCH 0/4] Allow customizable random offset to mmap_base address.

From: dcashman Address Space Layout Randomization (ASLR) provides a barrier to exploitation of user-space processes in the presence of security vulnerabilities by making it more difficult to find desired code/data which could help an attack. This is done by adding a random offset to the

[PATCH v3 1/4] mm: mmap: Add new /proc tunable for mmap_base ASLR.

is may not be an issue on all platforms. Allow the specification of a minimum number of bits so that platforms desiring greater ASLR protection may determine where to place the trade-off. Signed-off-by: Daniel Cashman <dcash...@google.com> --- Documentation/sysctl/vm.txt | 29 ++

[PATCH v3 0/4] Allow customizable random offset to mmap_base address.

From: dcashman Address Space Layout Randomization (ASLR) provides a barrier to exploitation of user-space processes in the presence of security vulnerabilities by making it more difficult to find desired code/data which could help an attack. This is done by adding a

[PATCH v3 3/4] arm64: mm: support ARCH_MMAP_RND_BITS.

which is sensibly bounded, so that platform developers may choose where to place this compromise. Keep default values as new minimums. Signed-off-by: Daniel Cashman <dcash...@google.com> --- arch/arm64/Kconfig | 23 +++ arch/arm64/mm/mmap.c | 6 -- 2 files changed, 2

Re: [PATCH v3 1/4] mm: mmap: Add new /proc tunable for mmap_base ASLR.

On 11/18/2015 03:20 PM, Daniel Cashman wrote: > == > > +mmap_rnd_bits: > + > +This value can be used to select the number of bits to use to > +determine the random offset to the base address of vma regions >

[PATCH 0/4] Allow customizable random offset to mmap_base address.

From: dcashman Address Space Layout Randomization (ASLR) provides a barrier to exploitation of user-space processes in the presence of security vulnerabilities by making it more difficult to find desired code/data which could help an attack. This is done by adding a

[PATCH 4/4] x86: mm: support ARCH_MMAP_RND_BITS.

eplace it with a Kconfig option, which is sensibly bounded, so that platform developers may choose where to place this compromise. Keep default values as new minimums. Signed-off-by: Daniel Cashman <dcash...@google.com> --- arch/x86/Kconfig | 16 arch/x86/mm/mmap.c | 12 +++

[PATCH 1/4] mm: mmap: Add new /proc tunable for mmap_base ASLR.

is may not be an issue on all platforms. Allow the specification of a minimum number of bits so that platforms desiring greater ASLR protection may determine where to place the trade-off. Signed-off-by: Daniel Cashman <dcash...@google.com> --- Documentation/sysctl/vm.txt | 29 ++

[PATCH 2/4] arm: mm: support ARCH_MMAP_RND_BITS.

which is sensibly bounded, so that platform developers may choose where to place this compromise. Keep 8 as the minimum acceptable value. Signed-off-by: Daniel Cashman <dcash...@google.com> --- arch/arm/Kconfig | 10 ++ arch/arm/mm/mmap.c | 3 +-- 2 files changed, 11 inse

[PATCH 3/4] arm64: mm: support ARCH_MMAP_RND_BITS.

which is sensibly bounded, so that platform developers may choose where to place this compromise. Keep default values as new minimums. Signed-off-by: Daniel Cashman <dcash...@google.com> --- arch/arm64/Kconfig | 23 +++ arch/arm64/mm/mmap.c | 6 -- 2 files changed, 2

Re: [PATCH v3 4/4] x86: mm: support ARCH_MMAP_RND_BITS.

On 11/18/2015 03:20 PM, Daniel Cashman wrote: > - /* > - * 8 bits of randomness in 32bit mmaps, 20 address space bits > - * 28 bits of randomness in 64bit mmaps, 40 address space bits > - */ This should be removed. -- To unsubscribe from this list: send the line

Re: [PATCH 1/4] mm: mmap: Add new /proc tunable for mmap_base ASLR.

> I think the min/max values should be const, since they're determined > at build time and should never change. Ok. Also, I just submitted the patch-set again with [PATCH v3] instead of [PATCH] so I'd prefer discussion there; sorry for the mistake. -Dan -- To unsubscribe from this list: send the

[PATCH v3 2/4] arm: mm: support ARCH_MMAP_RND_BITS.

which is sensibly bounded, so that platform developers may choose where to place this compromise. Keep 8 as the minimum acceptable value. Signed-off-by: Daniel Cashman <dcash...@google.com> --- arch/arm/Kconfig | 10 ++ arch/arm/mm/mmap.c | 3 +-- 2 files changed, 11 inse

[PATCH v3 4/4] x86: mm: support ARCH_MMAP_RND_BITS.

eplace it with a Kconfig option, which is sensibly bounded, so that platform developers may choose where to place this compromise. Keep default values as new minimums. Signed-off-by: Daniel Cashman <dcash...@google.com> --- arch/x86/Kconfig | 16 arch/x86/mm/mmap.c | 12 +++

Re: [PATCH v2 2/2] arm: mm: support ARCH_MMAP_RND_BITS.

On 11/08/2015 07:47 PM, Michael Ellerman wrote: > On Fri, 2015-11-06 at 12:52 -0800, Kees Cook wrote: >> On Thu, Nov 5, 2015 at 10:44 AM, Daniel Cashman wrote: >>> On 11/04/2015 10:30 AM, Daniel Cashman wrote: >>>> On 11/3/15 3:21 PM, Kees Cook wrote: >>>&g

Re: [PATCH v2 2/2] arm: mm: support ARCH_MMAP_RND_BITS.

On 11/08/2015 07:47 PM, Michael Ellerman wrote: > On Fri, 2015-11-06 at 12:52 -0800, Kees Cook wrote: >> On Thu, Nov 5, 2015 at 10:44 AM, Daniel Cashman <dcash...@android.com> wrote: >>> On 11/04/2015 10:30 AM, Daniel Cashman wrote: >>>> On 11/3/15 3:21 PM,

Re: [PATCH v2 2/2] arm: mm: support ARCH_MMAP_RND_BITS.

On 11/04/2015 10:30 AM, Daniel Cashman wrote: > On 11/3/15 3:21 PM, Kees Cook wrote: >> On Tue, Nov 3, 2015 at 3:14 PM, Daniel Cashman wrote: >>> On 11/03/2015 11:19 AM, Kees Cook wrote: >>>> Do you have patches for x86 and arm64? >>> >>> I was h

Re: [PATCH v2 2/2] arm: mm: support ARCH_MMAP_RND_BITS.

On 11/04/2015 10:30 AM, Daniel Cashman wrote: > On 11/3/15 3:21 PM, Kees Cook wrote: >> On Tue, Nov 3, 2015 at 3:14 PM, Daniel Cashman <dcash...@android.com> wrote: >>> On 11/03/2015 11:19 AM, Kees Cook wrote: >>>> Do you have patches for x86 and arm64? >&g

Re: [PATCH v2 1/2] mm: mmap: Add new /proc tunable for mmap_base ASLR.

On 11/4/15 11:21 AM, Eric W. Biederman wrote: > Michal Hocko writes: > >> On Tue 03-11-15 10:10:03, Daniel Cashman wrote: >> [...] >>> +This value can be changed after boot using the >>> +/proc/sys/kernel/mmap_rnd_bits tunable >> >> Why is this no

Re: [PATCH v2 1/2] mm: mmap: Add new /proc tunable for mmap_base ASLR.

On 11/3/15 5:31 PM, Andrew Morton wrote: > On Tue, 03 Nov 2015 18:40:31 -0600 ebied...@xmission.com (Eric W. Biederman) > wrote: > >> Andrew Morton writes: >> >>> On Tue, 3 Nov 2015 10:10:03 -0800 Daniel Cashman >>> wrote: >>> >>>

Re: [PATCH v2 2/2] arm: mm: support ARCH_MMAP_RND_BITS.

On 11/3/15 3:21 PM, Kees Cook wrote: > On Tue, Nov 3, 2015 at 3:14 PM, Daniel Cashman wrote: >> On 11/03/2015 11:19 AM, Kees Cook wrote: >>> Do you have patches for x86 and arm64? >> >> I was holding off on those until I could gauge upstream reception. If >>

Re: [PATCH v2 2/2] arm: mm: support ARCH_MMAP_RND_BITS.

On 11/3/15 3:18 PM, Kees Cook wrote: > On Tue, Nov 3, 2015 at 2:39 PM, Russell King - ARM Linux > wrote: >> On Tue, Nov 03, 2015 at 11:19:44AM -0800, Kees Cook wrote: >>> On Tue, Nov 3, 2015 at 10:10 AM, Daniel Cashman >>> wrote: >>>> From: dcashman

Re: [PATCH v2 1/2] mm: mmap: Add new /proc tunable for mmap_base ASLR.

On 11/3/15 5:31 PM, Andrew Morton wrote: > On Tue, 03 Nov 2015 18:40:31 -0600 ebied...@xmission.com (Eric W. Biederman) > wrote: > >> Andrew Morton <a...@linux-foundation.org> writes: >> >>> On Tue, 3 Nov 2015 10:10:03 -0800 Daniel Cashman <dcash...

Re: [PATCH v2 1/2] mm: mmap: Add new /proc tunable for mmap_base ASLR.

On 11/4/15 11:21 AM, Eric W. Biederman wrote: > Michal Hocko <mho...@kernel.org> writes: > >> On Tue 03-11-15 10:10:03, Daniel Cashman wrote: >> [...] >>> +This value can be changed after boot using the >>> +/proc/sys/kernel/mmap_rnd_bits tunable >

Re: [PATCH v2 2/2] arm: mm: support ARCH_MMAP_RND_BITS.

On 11/3/15 3:18 PM, Kees Cook wrote: > On Tue, Nov 3, 2015 at 2:39 PM, Russell King - ARM Linux > <li...@arm.linux.org.uk> wrote: >> On Tue, Nov 03, 2015 at 11:19:44AM -0800, Kees Cook wrote: >>> On Tue, Nov 3, 2015 at 10:10 AM, Daniel Cashman <dcash...@android.com>

Re: [PATCH v2 2/2] arm: mm: support ARCH_MMAP_RND_BITS.

On 11/3/15 3:21 PM, Kees Cook wrote: > On Tue, Nov 3, 2015 at 3:14 PM, Daniel Cashman <dcash...@android.com> wrote: >> On 11/03/2015 11:19 AM, Kees Cook wrote: >>> Do you have patches for x86 and arm64? >> >> I was holding off on those until I could gauge u

Re: [PATCH v2 2/2] arm: mm: support ARCH_MMAP_RND_BITS.

On 11/03/2015 11:19 AM, Kees Cook wrote: > Do you have patches for x86 and arm64? I was holding off on those until I could gauge upstream reception. If desired, I could put those together and add them as [PATCH 3/4] and [PATCH 4/4]. Thank You, Dan -- To unsubscribe from this list: send the

Re: [PATCH 1/2] mm: mmap: Add new /proc tunable for mmap_base ASLR.

On 11/01/2015 01:50 PM, Eric W. Biederman wrote: > Daniel Cashman writes: > >> On 10/28/2015 08:41 PM, Eric W. Biederman wrote: >>> Dan Cashman writes: >>> >>>>>> This all would be much cleaner if the arm architecture code were just to >>>

[PATCH v2 2/2] arm: mm: support ARCH_MMAP_RND_BITS.

, so that platform developers may choose where to place this compromise. Keep 8 as the minimum acceptable value. Signed-off-by: Daniel Cashman --- Changes in v2: - Changed arch/arm/Kconfig and arch/arm/mm/mmap.c to reflect changes in [PATCH v2 1/2], specifically the movement of variables

[PATCH v2 1/2] mm: mmap: Add new /proc tunable for mmap_base ASLR.

platforms. Allow the specification of a minimum number of bits so that platforms desiring greater ASLR protection may determine where to place the trade-off. Signed-off-by: Daniel Cashman --- Changes in v2: - Added HAVE_ARCH_MMAP_RND_BITS as Kconfig boolean selector. - Moved

[PATCH v2 1/2] mm: mmap: Add new /proc tunable for mmap_base ASLR.

is may not be an issue on all platforms. Allow the specification of a minimum number of bits so that platforms desiring greater ASLR protection may determine where to place the trade-off. Signed-off-by: Daniel Cashman <dcash...@google.com> --- Changes in v2: - Added HAVE_ARCH_MMAP_RND_BIT

[PATCH v2 2/2] arm: mm: support ARCH_MMAP_RND_BITS.

which is sensibly bounded, so that platform developers may choose where to place this compromise. Keep 8 as the minimum acceptable value. Signed-off-by: Daniel Cashman <dcash...@google.com> --- Changes in v2: - Changed arch/arm/Kconfig and arch/arm/mm/mmap.c to reflect changes in [

Re: [PATCH 1/2] mm: mmap: Add new /proc tunable for mmap_base ASLR.

On 11/01/2015 01:50 PM, Eric W. Biederman wrote: > Daniel Cashman <dcash...@android.com> writes: > >> On 10/28/2015 08:41 PM, Eric W. Biederman wrote: >>> Dan Cashman <dcash...@android.com> writes: >>> >>>>>> This all would be much clean

Re: [PATCH v2 2/2] arm: mm: support ARCH_MMAP_RND_BITS.

On 11/03/2015 11:19 AM, Kees Cook wrote: > Do you have patches for x86 and arm64? I was holding off on those until I could gauge upstream reception. If desired, I could put those together and add them as [PATCH 3/4] and [PATCH 4/4]. Thank You, Dan -- To unsubscribe from this list: send the

Re: [PATCH 1/2] mm: mmap: Add new /proc tunable for mmap_base ASLR.

On 10/28/2015 08:41 PM, Eric W. Biederman wrote: > Dan Cashman writes: > This all would be much cleaner if the arm architecture code were just to register the sysctl itself. As it sits this looks like a patchset that does not meaninfully bisect, and would result in code

Re: [PATCH 1/2] mm: mmap: Add new /proc tunable for mmap_base ASLR.

On 10/28/2015 08:41 PM, Eric W. Biederman wrote: > Dan Cashman writes: > This all would be much cleaner if the arm architecture code were just to register the sysctl itself. As it sits this looks like a patchset that does not meaninfully bisect, and

[PATCH 2/2] arm: mm: support ARCH_MMAP_RND_BITS.

, so that platform developers may choose where to place this compromise. Keep 8 as the minimum acceptable value. Signed-off-by: Daniel Cashman --- arch/arm/Kconfig | 24 arch/arm/mm/mmap.c | 7 +-- 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/arch

[PATCH 1/2] mm: mmap: Add new /proc tunable for mmap_base ASLR.

platforms. Allow the specification of a minimum number of bits so that platforms desiring greater ASLR protection may determine where to place the trade-off. Signed-off-by: Daniel Cashman --- Documentation/sysctl/kernel.txt | 14 ++ include/linux/mm.h | 6 ++ kernel

[PATCH 2/2] arm: mm: support ARCH_MMAP_RND_BITS.

which is sensibly bounded, so that platform developers may choose where to place this compromise. Keep 8 as the minimum acceptable value. Signed-off-by: Daniel Cashman <dcash...@google.com> --- arch/arm/Kconfig | 24 arch/arm/mm/mmap.c | 7 +-- 2 files

[PATCH 1/2] mm: mmap: Add new /proc tunable for mmap_base ASLR.

is may not be an issue on all platforms. Allow the specification of a minimum number of bits so that platforms desiring greater ASLR protection may determine where to place the trade-off. Signed-off-by: Daniel Cashman <dcash...@google.com> --- Documentation/sysctl/kernel.txt | 14 +++

<    1   2