Received: by 10.213.65.68 with SMTP id h4csp58686imn; Tue, 27 Mar 2018 21:51:46 -0700 (PDT) X-Google-Smtp-Source: AIpwx48XEW6RnU0DA0obQEeFHQd4d3N4Htz9aENCg774GdI2raicPdMStobXfJLbDO+IxiV3jpZy X-Received: by 2002:a17:902:ac8a:: with SMTP id h10-v6mr2195760plr.290.1522212705981; Tue, 27 Mar 2018 21:51:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522212705; cv=none; d=google.com; s=arc-20160816; b=IZkdKYm/txGurM88p7dGYI1vIeZGOA+Ks0ERuUvAYzfm7Oq98QAcXNT4yosqVozCfP EhypwZwcp1QiMBxrE3gg8A45q5qMhxo+ZEnpoC+8t76pPi78GKIV0NeDnGHfEAT7AK8b oJAb6v4FKBJlH0fFAOCT5HLnKTjlPHIqNuM+FNrvrFafGQeEILh+KZ+FrDNmZ2jJy7aq IQvQZQE8HpOuo8uk7HQil0dP4i/e3/xnft5vtrSIt5LiGR9fwNVuAfm4PcqYSH7iSFQe l0nocRLkyG1MzzfKOBkr+cg/erYJv3MjV+I4kaNsD5oKKaVz1fHJSiNjITDJOrD7b66r jrCQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature :arc-authentication-results; bh=enV9j3dbSLXmAE1CBSurMgsE0cKUXCQgdF0KSwOCHnE=; b=hSOKoPem+lx6fNJXcGTgx8o7X1whR9804asOlpECM2pD5PMK3gP7/L6OKqFfSELrCm MvaBZYi+IPeAgzKqeTMG07Zd3Xfq66RwwdIAYkmDoHB6TIQJbeQGwI67mJakIAQcAeOa C+NsVT97u6ULQTT0/Gp0N4bKJwZqY/dPLAHiAKQ1O55kIkUUIbb5p6rEyyQ3S4br48H3 ORyg/DHXQDsDfqAZRo+CfzPaW9G4XpdwFcJNDHCx64V6Q33Rp1poNz82AytBTAorTegz D1DCNk2eYEZoTkKX6t5wEP3kIvaceP7zhatsMC9f/3wJvXE9YboNl6ULB4X/LM2AmF3F xAKw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@landley-net.20150623.gappssmtp.com header.s=20150623 header.b=PvZKSr/5; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f34-v6si2850116plf.362.2018.03.27.21.51.16; Tue, 27 Mar 2018 21:51:45 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@landley-net.20150623.gappssmtp.com header.s=20150623 header.b=PvZKSr/5; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751231AbeC1EuO (ORCPT + 99 others); Wed, 28 Mar 2018 00:50:14 -0400 Received: from mail-it0-f65.google.com ([209.85.214.65]:53116 "EHLO mail-it0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751200AbeC1EuK (ORCPT ); Wed, 28 Mar 2018 00:50:10 -0400 Received: by mail-it0-f65.google.com with SMTP id k135-v6so2032699ite.2 for ; Tue, 27 Mar 2018 21:50:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=landley-net.20150623.gappssmtp.com; s=20150623; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=enV9j3dbSLXmAE1CBSurMgsE0cKUXCQgdF0KSwOCHnE=; b=PvZKSr/5lu8kkzPgJFwDeGIIgehcO0pJMExSOQMvX1d07pqNd7BKWSDlCMlmV8FKqL pYuI0stPRaIycQKFf/1mCSl4SmbMnFufKPdGkVgOtBP4ELyxEthTyLyufmxxGDplntUo Uc5nHc2odODWMwDtXS2rK/9lvN/KvcXESpybSTerrNWKr1+JdLwtMtyFrUGSUKlCudcz zMMODKhjexRgusrmIQo5wLin8V8ssj+IjQ3nnfseZM071AsxJhua+0iH2GmFA6KIUNxZ RRh8LiocKOUL/T45FwidmdEV4AsktUfHP+o7qscoicCsEUFq4SljN0uihSUFYfs2KIHT 78JQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=enV9j3dbSLXmAE1CBSurMgsE0cKUXCQgdF0KSwOCHnE=; b=SwyHJXP/jwOBQqAGs/d6aQbvFvyULhJ7N0ByTgmLexsANulLMU3uV5JvvQ65Fw1i6K V5ffeZopZn150Z/pwaL+yv4IV0IH5aP4FTqfLvY+W+YmryR9T72bjXnhga8KbH54lsb0 xqcxTeG3/jGyUsRgTlCKMXKsVzdlTYfilmbDRd8kxaoHT7UAnaya65alkoh17WoTmC/y HFwY5wyUVvZAKCL4N08LUaXXKSXqp/CJNYM8i8kG66eGUHx10l2WozQaF6AW9z19A1gG dkwKO/+NJXQ2lwPogrPGtCfA8PFyn79AoZ99zMUafHuyOlRbGrXZyoyG0/+/ZAexUpkA e+bw== X-Gm-Message-State: AElRT7HlZQDihLszcn+FHfF3hCVHZRYl3insrxEDInbg9FroqG1ard/C 7BzeKrT9TqxFwtxVCIt04na4ag== X-Received: by 2002:a24:195:: with SMTP id 143-v6mr1970811itk.35.1522212609695; Tue, 27 Mar 2018 21:50:09 -0700 (PDT) Received: from [192.168.43.158] ([172.58.140.121]) by smtp.googlemail.com with ESMTPSA id z125-v6sm1998486itb.2.2018.03.27.21.50.03 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 27 Mar 2018 21:50:09 -0700 (PDT) Subject: Re: [RFC PATCH v2 0/2] Randomization of address chosen by mmap. To: Matthew Wilcox , Rich Felker Cc: Ilya Smith , rth@twiddle.net, ink@jurassic.park.msu.ru, mattst88@gmail.com, vgupta@synopsys.com, linux@armlinux.org.uk, tony.luck@intel.com, fenghua.yu@intel.com, jhogan@kernel.org, ralf@linux-mips.org, jejb@parisc-linux.org, deller@gmx.de, benh@kernel.crashing.org, paulus@samba.org, mpe@ellerman.id.au, schwidefsky@de.ibm.com, heiko.carstens@de.ibm.com, ysato@users.sourceforge.jp, davem@davemloft.net, tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, x86@kernel.org, nyc@holomorphy.com, viro@zeniv.linux.org.uk, arnd@arndb.de, gregkh@linuxfoundation.org, deepa.kernel@gmail.com, mhocko@suse.com, hughd@google.com, kstewart@linuxfoundation.org, pombredanne@nexb.com, akpm@linux-foundation.org, steve.capper@arm.com, punit.agrawal@arm.com, paul.burton@mips.com, aneesh.kumar@linux.vnet.ibm.com, npiggin@gmail.com, keescook@chromium.org, bhsharma@redhat.com, riel@redhat.com, nitin.m.gupta@oracle.com, kirill.shutemov@linux.intel.com, dan.j.williams@intel.com, jack@suse.cz, ross.zwisler@linux.intel.com, jglisse@redhat.com, aarcange@redhat.com, oleg@redhat.com, linux-alpha@vger.kernel.org, linux-kernel@vger.kernel.org, linux-snps-arc@lists.infradead.org, linux-arm-kernel@lists.infradead.org, linux-ia64@vger.kernel.org, linux-metag@vger.kernel.org, linux-mips@linux-mips.org, linux-parisc@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-s390@vger.kernel.org, linux-sh@vger.kernel.org, sparclinux@vger.kernel.org, linux-mm@kvack.org References: <1521736598-12812-1-git-send-email-blackzert@gmail.com> <20180323124806.GA5624@bombadil.infradead.org> <20180323180024.GB1436@brightrain.aerifal.cx> <20180323190618.GA23763@bombadil.infradead.org> From: Rob Landley Message-ID: <7e41ef7a-0bac-02fe-21fd-a1ed86c22230@landley.net> Date: Tue, 27 Mar 2018 23:50:02 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <20180323190618.GA23763@bombadil.infradead.org> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 03/23/2018 02:06 PM, Matthew Wilcox wrote: > On Fri, Mar 23, 2018 at 02:00:24PM -0400, Rich Felker wrote: >> On Fri, Mar 23, 2018 at 05:48:06AM -0700, Matthew Wilcox wrote: >>> On Thu, Mar 22, 2018 at 07:36:36PM +0300, Ilya Smith wrote: >>>> Current implementation doesn't randomize address returned by mmap. >>>> All the entropy ends with choosing mmap_base_addr at the process >>>> creation. After that mmap build very predictable layout of address >>>> space. It allows to bypass ASLR in many cases. This patch make >>>> randomization of address on any mmap call. >>> >>> Why should this be done in the kernel rather than libc? libc is perfectly >>> capable of specifying random numbers in the first argument of mmap. >> >> Generally libc does not have a view of the current vm maps, and thus >> in passing "random numbers", they would have to be uniform across the >> whole vm space and thus non-uniform once the kernel rounds up to avoid >> existing mappings. > > I'm aware that you're the musl author, but glibc somehow manages to > provide etext, edata and end, demonstrating that it does know where at > least some of the memory map lies. You can parse /proc/self/maps, but it's really expensive and disgusting. Rob