Commit 7f9cae42 authored by dcashman's avatar dcashman Committed by mohancm100
Browse files

FROMLIST: mm: mmap: Add new /proc tunable for mmap_base ASLR. 

(cherry picked from commit https://lkml.org/lkml/2015/12/21/337

)

ASLR  only uses as few as 8 bits to generate the random offset for the
mmap base address on 32 bit architectures. This value was chosen to
prevent a poorly chosen value from dividing the address space in such
a way as to prevent large allocations. This may not be an issue on all
platforms. Allow the specification of a minimum number of bits so that
platforms desiring greater ASLR protection may determine where to place
the trade-off.

Bug: 24047224
Signed-off-by: default avatarDaniel Cashman <dcashman@android.com>
Signed-off-by: default avatarDaniel Cashman <dcashman@google.com>
Change-Id: Ia4742ca554b8e4f9a3ff9ad6818b956ebd67893f
parent 442a2781

Documentation/sysctl/vm.txt

+29 −0
Original line number Diff line number Diff line
@@ -42,6 +42,8 @@ Currently, these files are in /proc/sys/vm: 
- min_slab_ratio

- min_unmapped_ratio

- mmap_min_addr

- mmap_rnd_bits

- mmap_rnd_compat_bits

- nr_hugepages

- nr_overcommit_hugepages

- nr_trim_pages         (only if CONFIG_MMU=n)
@@ -490,6 +492,33 @@ against future potential kernel bugs. 


==============================================================



mmap_rnd_bits:



This value can be used to select the number of bits to use to

determine the random offset to the base address of vma regions

resulting from mmap allocations on architectures which support

tuning address space randomization.  This value will be bounded

by the architecture's minimum and maximum supported values.



This value can be changed after boot using the

/proc/sys/vm/mmap_rnd_bits tunable



==============================================================



mmap_rnd_compat_bits:



This value can be used to select the number of bits to use to

determine the random offset to the base address of vma regions

resulting from mmap allocations for applications run in

compatibility mode on architectures which support tuning address

space randomization.  This value will be bounded by the

architecture's minimum and maximum supported values.



This value can be changed after boot using the

/proc/sys/vm/mmap_rnd_compat_bits tunable



==============================================================



nr_hugepages



Change the minimum size of the hugepage pool.

arch/Kconfig

+68 −0
Original line number Diff line number Diff line
@@ -484,6 +484,74 @@ config HAVE_IRQ_EXIT_ON_IRQ_STACK 
	  This spares a stack switch and improves cache usage on softirq

	  processing.



config HAVE_ARCH_MMAP_RND_BITS

	bool

	help

	  An arch should select this symbol if it supports setting a variable

	  number of bits for use in establishing the base address for mmap

	  allocations, has MMU enabled and provides values for both:

	  - ARCH_MMAP_RND_BITS_MIN

	  - ARCH_MMAP_RND_BITS_MAX



config ARCH_MMAP_RND_BITS_MIN

	int



config ARCH_MMAP_RND_BITS_MAX

	int



config ARCH_MMAP_RND_BITS_DEFAULT

	int



config ARCH_MMAP_RND_BITS

	int "Number of bits to use for ASLR of mmap base address" if EXPERT

	range ARCH_MMAP_RND_BITS_MIN ARCH_MMAP_RND_BITS_MAX

	default ARCH_MMAP_RND_BITS_DEFAULT if ARCH_MMAP_RND_BITS_DEFAULT

	default ARCH_MMAP_RND_BITS_MIN

	depends on HAVE_ARCH_MMAP_RND_BITS

	help

	  This value can be used to select the number of bits to use to

	  determine the random offset to the base address of vma regions

	  resulting from mmap allocations. This value will be bounded

	  by the architecture's minimum and maximum supported values.



	  This value can be changed after boot using the

	  /proc/sys/vm/mmap_rnd_bits tunable



config HAVE_ARCH_MMAP_RND_COMPAT_BITS

	bool

	help

	  An arch should select this symbol if it supports running applications

	  in compatibility mode, supports setting a variable number of bits for

	  use in establishing the base address for mmap allocations, has MMU

	  enabled and provides values for both:

	  - ARCH_MMAP_RND_COMPAT_BITS_MIN

	  - ARCH_MMAP_RND_COMPAT_BITS_MAX



config ARCH_MMAP_RND_COMPAT_BITS_MIN

	int



config ARCH_MMAP_RND_COMPAT_BITS_MAX

	int



config ARCH_MMAP_RND_COMPAT_BITS_DEFAULT

	int



config ARCH_MMAP_RND_COMPAT_BITS

	int "Number of bits to use for ASLR of mmap base address for compatible applications" if EXPERT

	range ARCH_MMAP_RND_COMPAT_BITS_MIN ARCH_MMAP_RND_COMPAT_BITS_MAX

	default ARCH_MMAP_RND_COMPAT_BITS_DEFAULT if ARCH_MMAP_RND_COMPAT_BITS_DEFAULT

	default ARCH_MMAP_RND_COMPAT_BITS_MIN

	depends on HAVE_ARCH_MMAP_RND_COMPAT_BITS

	help

	  This value can be used to select the number of bits to use to

	  determine the random offset to the base address of vma regions

	  resulting from mmap allocations for compatible applications This

	  value will be bounded by the architecture's minimum and maximum

	  supported values.



	  This value can be changed after boot using the

	  /proc/sys/vm/mmap_rnd_compat_bits tunable



#

# ABI hall of shame

#

include/linux/mm.h

+11 −0
Original line number Diff line number Diff line
@@ -48,6 +48,17 @@ extern int sysctl_legacy_va_layout; 
#define sysctl_legacy_va_layout 0

#endif



#ifdef CONFIG_HAVE_ARCH_MMAP_RND_BITS

extern const int mmap_rnd_bits_min;

extern const int mmap_rnd_bits_max;

extern int mmap_rnd_bits __read_mostly;

#endif

#ifdef CONFIG_HAVE_ARCH_MMAP_RND_COMPAT_BITS

extern const int mmap_rnd_compat_bits_min;

extern const int mmap_rnd_compat_bits_max;

extern int mmap_rnd_compat_bits __read_mostly;

#endif



#include <asm/page.h>

#include <asm/pgtable.h>

#include <asm/processor.h>

kernel/sysctl.c

+21 −0
Original line number Diff line number Diff line
@@ -1539,6 +1539,27 @@ static struct ctl_table vm_table[] = { 
		.mode		= 0644,

		.proc_handler	= proc_dointvec_minmax,

		.extra1		= &zero,

#endif

#ifdef CONFIG_HAVE_ARCH_MMAP_RND_BITS

	{

		.procname	= "mmap_rnd_bits",

		.data		= &mmap_rnd_bits,

		.maxlen		= sizeof(mmap_rnd_bits),

		.mode		= 0600,

		.proc_handler	= proc_dointvec_minmax,

		.extra1		= (void *)&mmap_rnd_bits_min,

		.extra2		= (void *)&mmap_rnd_bits_max,

	},

#endif

#ifdef CONFIG_HAVE_ARCH_MMAP_RND_COMPAT_BITS

	{

		.procname	= "mmap_rnd_compat_bits",

		.data		= &mmap_rnd_compat_bits,

		.maxlen		= sizeof(mmap_rnd_compat_bits),

		.mode		= 0600,

		.proc_handler	= proc_dointvec_minmax,

		.extra1		= (void *)&mmap_rnd_compat_bits_min,

		.extra2		= (void *)&mmap_rnd_compat_bits_max,

	},

#endif

	{ }

mm/mmap.c

+12 −0
Original line number Diff line number Diff line
@@ -61,6 +61,18 @@ 
#define arch_rebalance_pgtables(addr, len)		(addr)

#endif



#ifdef CONFIG_HAVE_ARCH_MMAP_RND_BITS

const int mmap_rnd_bits_min = CONFIG_ARCH_MMAP_RND_BITS_MIN;

const int mmap_rnd_bits_max = CONFIG_ARCH_MMAP_RND_BITS_MAX;

int mmap_rnd_bits __read_mostly = CONFIG_ARCH_MMAP_RND_BITS;

#endif

#ifdef CONFIG_HAVE_ARCH_MMAP_RND_COMPAT_BITS

const int mmap_rnd_compat_bits_min = CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN;

const int mmap_rnd_compat_bits_max = CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX;

int mmap_rnd_compat_bits __read_mostly = CONFIG_ARCH_MMAP_RND_COMPAT_BITS;

#endif





static void unmap_region(struct mm_struct *mm,

		struct vm_area_struct *vma, struct vm_area_struct *prev,

		unsigned long start, unsigned long end);