Re: [PATCH v6 09/14] mips: Properly account for stack randomization and stack guard gap

From: Alexandre Ghiti
Date: Fri Aug 09 2019 - 05:44:48 EST

Next message: Bharath Vedartham: "Re: [Linux-kernel-mentees][PATCH v4 1/1] sgi-gru: Remove *pte_lookup functions"
Previous message: Bharath Vedartham: "Re: [Linux-kernel-mentees][PATCH v4 1/1] sgi-gru: Remove *pte_lookup functions"
In reply to: Sergei Shtylyov: "Re: [PATCH v6 09/14] mips: Properly account for stack randomization and stack guard gap"
Next in thread: Alexandre Ghiti: "[PATCH v6 10/14] mips: Use STACK_TOP when computing mmap base address"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 8/8/19 11:16 AM, Sergei Shtylyov wrote:

Hello!

On 08.08.2019 9:17, Alexandre Ghiti wrote:

This commit takes care of stack randomization and stack guard gap when
computing mmap base address and checks if the task asked for randomization.

This fixes the problem uncovered and not fixed for arm here:
https://lkml.kernel.org/r/20170622200033.25714-1-riel@xxxxxxxxxx

Signed-off-by: Alexandre Ghiti <alex@xxxxxxxx>
Acked-by: Kees Cook <keescook@xxxxxxxxxxxx>
Acked-by: Paul Burton <paul.burton@xxxxxxxx>
Reviewed-by: Luis Chamberlain <mcgrof@xxxxxxxxxx>
---
Â arch/mips/mm/mmap.c | 14 ++++++++++++--
Â 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/arch/mips/mm/mmap.c b/arch/mips/mm/mmap.c
index d79f2b432318..f5c778113384 100644
--- a/arch/mips/mm/mmap.c
+++ b/arch/mips/mm/mmap.c
@@ -21,8 +21,9 @@ unsigned long shm_align_mask = PAGE_SIZE - 1;ÂÂÂ /* Sane caches */
Â EXPORT_SYMBOL(shm_align_mask);
Â Â /* gap between mmap and stack */
-#define MIN_GAP (128*1024*1024UL)
-#define MAX_GAP ((TASK_SIZE)/6*5)
+#define MIN_GAPÂÂÂÂÂÂÂ (128*1024*1024UL)
+#define MAX_GAPÂÂÂÂÂÂÂ ((TASK_SIZE)/6*5)

ÂÂ Could add spaces around *, while touching this anyway? And parens
around TASK_SIZE shouldn't be needed...

I did not fix checkpatch warnings here since this code gets removed afterwards.

+#define STACK_RND_MASKÂÂÂ (0x7ff >> (PAGE_SHIFT - 12))
Â Â static int mmap_is_legacy(struct rlimit *rlim_stack)
Â {
@@ -38,6 +39,15 @@ static int mmap_is_legacy(struct rlimit *rlim_stack)
Â static unsigned long mmap_base(unsigned long rnd, struct rlimit *rlim_stack)
Â {
ÂÂÂÂÂ unsigned long gap = rlim_stack->rlim_cur;
+ÂÂÂ unsigned long pad = stack_guard_gap;
+
+ÂÂÂ /* Account for stack randomization if necessary */
+ÂÂÂ if (current->flags & PF_RANDOMIZE)
+ÂÂÂÂÂÂÂ pad += (STACK_RND_MASK << PAGE_SHIFT);

ÂÂ Parens not needed here.

Belt and braces approach here as I'm never sure about priorities.

Thanks for your time,

Alex

+
+ÂÂÂ /* Values close to RLIM_INFINITY can overflow. */
+ÂÂÂ if (gap + pad > gap)
+ÂÂÂÂÂÂÂ gap += pad;
Â ÂÂÂÂÂ if (gap < MIN_GAP)
ÂÂÂÂÂÂÂÂÂ gap = MIN_GAP;

_______________________________________________
linux-riscv mailing list
linux-riscv@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/linux-riscv

Next message: Bharath Vedartham: "Re: [Linux-kernel-mentees][PATCH v4 1/1] sgi-gru: Remove *pte_lookup functions"
Previous message: Bharath Vedartham: "Re: [Linux-kernel-mentees][PATCH v4 1/1] sgi-gru: Remove *pte_lookup functions"
In reply to: Sergei Shtylyov: "Re: [PATCH v6 09/14] mips: Properly account for stack randomization and stack guard gap"
Next in thread: Alexandre Ghiti: "[PATCH v6 10/14] mips: Use STACK_TOP when computing mmap base address"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]