Received: by 10.213.65.68 with SMTP id h4csp1158803imn; Mon, 26 Mar 2018 01:48:15 -0700 (PDT) X-Google-Smtp-Source: AG47ELvpLAErhFYZdcmZfoPw+Ly4SdFy3/vgVLn3ZXdLRnDZLhswthNa3upFGeT26ocUpKi/f7TV X-Received: by 2002:a17:902:564:: with SMTP id 91-v6mr10733606plf.63.1522054095855; Mon, 26 Mar 2018 01:48:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522054095; cv=none; d=google.com; s=arc-20160816; b=zx1VwREMA4Sgam2Xzho6toyb4RFZVHRrxFf7T2NkmHxhqF6I9uHRRoAJo8GHVAOisy TMbrFDI/b3ijnyDS2aQOOMULZlLX7TZlDgdlqXq2uxNg9F9dyN8JnXcWeXfX0028B3fd WD2uHTvJC2kWoZql5blS185GjNt9uOXzYmMWon28AF7H8l1mbPcI7Tram8UrScRd+DlD Hs3DgWl927h0DDPQBCEyClzSXPSmpB2DNchAKHi7b44zqzNMcmdy7WzvUZ4t0jcRncdJ EMsJJzZVg/0Jp0faDdDcQPS7AApKTZcKbiuCzf7lLy1TBqsSlzDWCGmoeBd7xgyCpK0U dY/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-transfer-encoding:content-disposition:mime-version :references:message-id:subject:cc:to:from:date :arc-authentication-results; bh=pGkfvXoVNhLYd4duUzwgh2sgbUUx7V5d5EGSjlVnHzU=; b=DdN/DP4+PhY3mAo2CtlJYpuIcCf6rm2n93mIhkN5VjXAyHWzKBoMHphaW2cGEIHfHP eE3E1rgvRMTaxeg8w6WBP2esw0K1jpM3m1rkjDaGVlEbfgLc3xP0v23RJdAKJBX/TMsq TDQNGWqZuUUQL1EsebWQ1KigAj6J8fFRLOX3iFoDcqcxONmOg0taMRfGWkR3tc5WLD5i /7ruDM6amGFaOn4LzVx5M2hKJM0MeV55Jfvc1AlfFVfCZ/+KMs21SZiYKoFw9hHKFZ3H 9/rJ5ZjW8RxldwdCeo58xqWHD56HIlmxDdX9pLaLch585y5dRtdQOXZPYPziBmfg2UvN rcwA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i3-v6si14456068pli.274.2018.03.26.01.48.01; Mon, 26 Mar 2018 01:48:15 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751789AbeCZIrD (ORCPT + 99 others); Mon, 26 Mar 2018 04:47:03 -0400 Received: from mx2.suse.de ([195.135.220.15]:40521 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750972AbeCZIq7 (ORCPT ); Mon, 26 Mar 2018 04:46:59 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id 6BC01AEFA; Mon, 26 Mar 2018 08:46:56 +0000 (UTC) Date: Mon, 26 Mar 2018 10:46:50 +0200 From: Michal Hocko To: Ilya Smith Cc: Matthew Wilcox , rth@twiddle.net, ink@jurassic.park.msu.ru, mattst88@gmail.com, vgupta@synopsys.com, linux@armlinux.org.uk, tony.luck@intel.com, fenghua.yu@intel.com, ralf@linux-mips.org, jejb@parisc-linux.org, Helge Deller , benh@kernel.crashing.org, paulus@samba.org, mpe@ellerman.id.au, schwidefsky@de.ibm.com, heiko.carstens@de.ibm.com, ysato@users.sourceforge.jp, dalias@libc.org, davem@davemloft.net, tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, x86@kernel.org, nyc@holomorphy.com, viro@zeniv.linux.org.uk, arnd@arndb.de, gregkh@linuxfoundation.org, deepa.kernel@gmail.com, Hugh Dickins , kstewart@linuxfoundation.org, pombredanne@nexb.com, Andrew Morton , steve.capper@arm.com, punit.agrawal@arm.com, aneesh.kumar@linux.vnet.ibm.com, npiggin@gmail.com, Kees Cook , bhsharma@redhat.com, riel@redhat.com, nitin.m.gupta@oracle.com, "Kirill A. Shutemov" , Dan Williams , Jan Kara , ross.zwisler@linux.intel.com, Jerome Glisse , Andrea Arcangeli , Oleg Nesterov , linux-alpha@vger.kernel.org, LKML , linux-snps-arc@lists.infradead.org, linux-ia64@vger.kernel.org, linux-metag@vger.kernel.org, linux-mips@linux-mips.org, linux-parisc@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-s390@vger.kernel.org, linux-sh@vger.kernel.org, sparclinux@vger.kernel.org, Linux-MM Subject: Re: [RFC PATCH v2 0/2] Randomization of address chosen by mmap. Message-ID: <20180326084650.GC5652@dhcp22.suse.cz> References: <1521736598-12812-1-git-send-email-blackzert@gmail.com> <20180323124806.GA5624@bombadil.infradead.org> <651E0DB6-4507-4DA1-AD46-9C26ED9792A8@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <651E0DB6-4507-4DA1-AD46-9C26ED9792A8@gmail.com> User-Agent: Mutt/1.9.4 (2018-02-28) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri 23-03-18 20:55:49, Ilya Smith wrote: > > > On 23 Mar 2018, at 15:48, Matthew Wilcox wrote: > > > > On Thu, Mar 22, 2018 at 07:36:36PM +0300, Ilya Smith wrote: > >> Current implementation doesn't randomize address returned by mmap. > >> All the entropy ends with choosing mmap_base_addr at the process > >> creation. After that mmap build very predictable layout of address > >> space. It allows to bypass ASLR in many cases. This patch make > >> randomization of address on any mmap call. > > > > Why should this be done in the kernel rather than libc? libc is perfectly > > capable of specifying random numbers in the first argument of mmap. > Well, there is following reasons: > 1. It should be done in any libc implementation, what is not possible IMO; Is this really so helpful? > 2. User mode is not that layer which should be responsible for choosing > random address or handling entropy; Why? > 3. Memory fragmentation is unpredictable in this case > > Off course user mode could use random ‘hint’ address, but kernel may > discard this address if it is occupied for example and allocate just before > closest vma. So this solution doesn’t give that much security like > randomization address inside kernel. The userspace can use the new MAP_FIXED_NOREPLACE to probe for the address range atomically and chose a different range on failure. -- Michal Hocko SUSE Labs