Received: by 10.213.65.68 with SMTP id h4csp584606imn; Fri, 23 Mar 2018 10:57:08 -0700 (PDT) X-Google-Smtp-Source: AG47ELv+M82hPvoads77sIurwLwijXHX5b/oRNeimJ+BjTHhuAqW734uiYcPSMvdtoUpQINvQE06 X-Received: by 10.99.49.143 with SMTP id x137mr22134571pgx.424.1521827828207; Fri, 23 Mar 2018 10:57:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1521827828; cv=none; d=google.com; s=arc-20160816; b=DR6tSgshiqQBqRPrUFjByEC/Uk88vgU9cgcD/3BpYS1Pd0Zh2okO81WTP/vmb074lw RtpfvNSn2qVEDJLkhJ/ysq1u9G2CJM6/8wbB94i0VcxXmCmcY3Zlr4s4dbBadnM6MDfD TrBvCfExC9m4sNnmeJ3rThR6KUjPdGEoW8nudrbVU4t/N+JZ+SB4uE0ENslijATIg2H2 ACsXiYPF6BYIccBJKMMHCg05+NYmP1fFzTGim89KS9p9D3IfW/H2RQ3C85DxM6869KLP ge8dUn7p16umbnJYK0JCuQmCVCnt1lnAcxIU++vWhQZSW3fNgE1NZ+Vkz6sbA2mbKdaz 5V8A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:references:message-id :content-transfer-encoding:cc:date:in-reply-to:from:subject :mime-version:dkim-signature:arc-authentication-results; bh=Nn/LegfdgCnPMfgxrP8ldElW5x41AbmrS9XnJZIcO0M=; b=y7QDsGV0X97p6eBUeRIG8xMhNx7iJnDo9+Fu5JpllWscIE4EFrjl24tnOjefjL0fIO ysSQD5zRJn2lvUx+julh7RsKMq6Zart7XriiELfRv56FBO/2CJOYuYzIzbqxOQFJXRZd rYJjBBepNXXpKSefnVO1ZEpav34zuWpsBqPbgPB7YaVaS/lFdeAo6/w9Ms6s+xGpnGh+ CmvE7NO4a/NHTqrfqlVt58vjoPVzJBuTNAQY/jUW82k6bLA9yvn00zrAnuJrqWbjC1Q8 JTS/jGdpkChp+tsJcTEMKvxGWidV8oYkyt3HW23UH88rKix83gO7iTWFSh1j9sRpfby8 i+eg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=dmuwuz6Z; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b13si6974644pfi.53.2018.03.23.10.56.52; Fri, 23 Mar 2018 10:57:08 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=dmuwuz6Z; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751961AbeCWR4A (ORCPT + 99 others); Fri, 23 Mar 2018 13:56:00 -0400 Received: from mail-lf0-f67.google.com ([209.85.215.67]:37547 "EHLO mail-lf0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751668AbeCWRzy (ORCPT ); Fri, 23 Mar 2018 13:55:54 -0400 Received: by mail-lf0-f67.google.com with SMTP id m16-v6so15782505lfc.4; Fri, 23 Mar 2018 10:55:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=Nn/LegfdgCnPMfgxrP8ldElW5x41AbmrS9XnJZIcO0M=; b=dmuwuz6Z424tcCQofiCkpe7cXUJw3+yS9d8dSuF6KIrQ3AS98qcM3znkAh+yQ8N861 DQUFRDwaQ8zsA9zfeG1lYzBYGpXJi8Q50XApUrKoNifIvTjyQXebt0GhEeFeh8udWnN1 SaV+sgwIzdJcB/Q+xKm4AeFiWecFUaKndxiCasm/VGFuPIpnt4oIuMGZ2lfUg8gMc7EF TLbBhWhnBsA501jUsXGVCUu1Ta1OuIi+DgH6N9txRSK0LYwrDOwwO4wBeB3FY9sG34Ee y4n5+NevXgWYxnIIpB+Zzgls02Nrk6ePhuN+gOhnMpVoienq2TVmDFk/zgtFS2MEb0+f QLog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=Nn/LegfdgCnPMfgxrP8ldElW5x41AbmrS9XnJZIcO0M=; b=Do8rnjwlBpNtQGCVpAichvIKGiKHrZfhOszSuBMM/SaaejJTN1/n2iUXuQkGKqYdZi WD3sdE8G2qC+mPox3KY18L1FFGoYT9JltmLgYMGAZnq4nKM6Bkc0IRZNHTVxp2gS94q2 0e+968GFudGSEwABCaP0Lv2FdlS5NZIvjwqJvJGMlh2eFa+CAUx4u+ansJYKwz25pcci BvvY3YlaTI+aJVp3c8ii1O9aco/yH1pJ/EmmRFsWURFK7HlqeYCg0RnP6yKhEmcKcZoY GK27X2ja4w6SNN8qJSUtxgeo+QOZVhJTERrYVjdXqtU8sLil8Q6Xwa6Whw5pe2qH4Wc1 wufA== X-Gm-Message-State: AElRT7HOUUj0fUGvzJhRxeevC+OT0L1jOhj04MCXKwpPCVmDYhERfxbJ xXWu/uLnuW8QPcRVvQU+Vc4= X-Received: by 10.46.76.25 with SMTP id z25mr21154931lja.148.1521827752056; Fri, 23 Mar 2018 10:55:52 -0700 (PDT) Received: from [192.168.1.3] (broadband-188-255-70-164.moscow.rt.ru. [188.255.70.164]) by smtp.gmail.com with ESMTPSA id e8sm851332ljj.6.2018.03.23.10.55.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 23 Mar 2018 10:55:51 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) Subject: Re: [RFC PATCH v2 0/2] Randomization of address chosen by mmap. From: Ilya Smith In-Reply-To: <20180323124806.GA5624@bombadil.infradead.org> Date: Fri, 23 Mar 2018 20:55:49 +0300 Cc: rth@twiddle.net, ink@jurassic.park.msu.ru, mattst88@gmail.com, vgupta@synopsys.com, linux@armlinux.org.uk, tony.luck@intel.com, fenghua.yu@intel.com, ralf@linux-mips.org, jejb@parisc-linux.org, Helge Deller , benh@kernel.crashing.org, paulus@samba.org, mpe@ellerman.id.au, schwidefsky@de.ibm.com, heiko.carstens@de.ibm.com, ysato@users.sourceforge.jp, dalias@libc.org, davem@davemloft.net, tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, x86@kernel.org, nyc@holomorphy.com, viro@zeniv.linux.org.uk, arnd@arndb.de, gregkh@linuxfoundation.org, deepa.kernel@gmail.com, Michal Hocko , Hugh Dickins , kstewart@linuxfoundation.org, pombredanne@nexb.com, Andrew Morton , steve.capper@arm.com, punit.agrawal@arm.com, aneesh.kumar@linux.vnet.ibm.com, npiggin@gmail.com, Kees Cook , bhsharma@redhat.com, riel@redhat.com, nitin.m.gupta@oracle.com, "Kirill A. Shutemov" , Dan Williams , Jan Kara , ross.zwisler@linux.intel.com, Jerome Glisse , Andrea Arcangeli , Oleg Nesterov , linux-alpha@vger.kernel.org, LKML , linux-snps-arc@lists.infradead.org, linux-ia64@vger.kernel.org, linux-metag@vger.kernel.org, linux-mips@linux-mips.org, linux-parisc@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-s390@vger.kernel.org, linux-sh@vger.kernel.org, sparclinux@vger.kernel.org, Linux-MM Content-Transfer-Encoding: quoted-printable Message-Id: <651E0DB6-4507-4DA1-AD46-9C26ED9792A8@gmail.com> References: <1521736598-12812-1-git-send-email-blackzert@gmail.com> <20180323124806.GA5624@bombadil.infradead.org> To: Matthew Wilcox X-Mailer: Apple Mail (2.3445.5.20) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > On 23 Mar 2018, at 15:48, Matthew Wilcox wrote: >=20 > On Thu, Mar 22, 2018 at 07:36:36PM +0300, Ilya Smith wrote: >> Current implementation doesn't randomize address returned by mmap. >> All the entropy ends with choosing mmap_base_addr at the process >> creation. After that mmap build very predictable layout of address >> space. It allows to bypass ASLR in many cases. This patch make >> randomization of address on any mmap call. >=20 > Why should this be done in the kernel rather than libc? libc is = perfectly > capable of specifying random numbers in the first argument of mmap. Well, there is following reasons: 1. It should be done in any libc implementation, what is not possible = IMO; 2. User mode is not that layer which should be responsible for choosing random address or handling entropy; 3. Memory fragmentation is unpredictable in this case Off course user mode could use random =E2=80=98hint=E2=80=99 address, = but kernel may discard this address if it is occupied for example and allocate just = before closest vma. So this solution doesn=E2=80=99t give that much security = like=20 randomization address inside kernel.=