Received: by 2002:a25:b794:0:0:0:0:0 with SMTP id n20csp6402719ybh; Wed, 7 Aug 2019 23:26:54 -0700 (PDT) X-Google-Smtp-Source: APXvYqxv5eCZ9CjDQMiMjANiYnsqCJvExJVQGwRLie6UG1q5k0QY0XWG4pmfo3GXPmiCF2aDR8OW X-Received: by 2002:a17:90a:f488:: with SMTP id bx8mr2329800pjb.91.1565245614272; Wed, 07 Aug 2019 23:26:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1565245614; cv=none; d=google.com; s=arc-20160816; b=yKQiWbhTd+S7kBYl9pbsmriI40I1+K3vn8cH25FYeKSRIGyhL1ktMZ5nSyYBoIz63N qtFT1iFC8tem25Z+Cv+IOFh+Vt7hECGozZ5NKR8G0uaUx/NtLl6v0XCJeB3aC11lQRRx S1Gvty+6VsJej0vouk+TH8Bn/IeuNq+Hy1n/d17AcNJHGNPKIAXgZPyRshJcxooLeiF1 LsjaWeRiS8A95VoI6sdLL8O+Se1MF/Y8e6F3gp8Bml+OKGjkb5ilgJzc4tFsFy8XwGTk lLn3pgh/xG0JIsjWnYRrI0EMf9DSHv6iKRaUA5JzachYp7iYOSnl6SSF43QUZahJm3YB n6XQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=wVOEOj3ZQH/LmpW3WBqdwFnDIfuDrBVXLtErTwdcowY=; b=MlJWU3MfXTfBN0SeC6FUD9aFPlS9aBYJLwABuGD0QbFZfCdDbwqt2yWh0/PVEu9ahV f4jzYfu04rf6ufiOWIru+mv5WSVuQlM6+0vgHQU5m7iUrFNJB6f9GnGvInARSvL5afCN ZR58BqwSzrGf3D0aHMbl5Zq4dgg9eqKY/CQtFSIgdlLB9WvF8FA8v1Lk0beLVXR7692e HgchM3bm7sVW00iaK6Tf5HZYOQaBPkZD0l6k2YlwrT8A6LRptgFgdybG/WQyULxbY3qy WIXn8UwE9Ke/sJahYAHtnTqIhOnbl7erxyTB8yiZTjfctnOWs8aZii8lMGWhZSL2WEut jNLQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n1si1190337pjo.28.2019.08.07.23.26.39; Wed, 07 Aug 2019 23:26:54 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731264AbfHHGYm (ORCPT + 99 others); Thu, 8 Aug 2019 02:24:42 -0400 Received: from relay3-d.mail.gandi.net ([217.70.183.195]:57413 "EHLO relay3-d.mail.gandi.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726187AbfHHGYl (ORCPT ); Thu, 8 Aug 2019 02:24:41 -0400 X-Originating-IP: 79.86.19.127 Received: from alex.numericable.fr (127.19.86.79.rev.sfr.net [79.86.19.127]) (Authenticated sender: alex@ghiti.fr) by relay3-d.mail.gandi.net (Postfix) with ESMTPSA id 94D2C6000B; Thu, 8 Aug 2019 06:24:35 +0000 (UTC) From: Alexandre Ghiti To: Andrew Morton Cc: Paul Walmsley , Luis Chamberlain , Christoph Hellwig , Russell King , Catalin Marinas , Will Deacon , Ralf Baechle , Paul Burton , James Hogan , Palmer Dabbelt , Albert Ou , Alexander Viro , Kees Cook , linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-mips@vger.kernel.org, linux-riscv@lists.infradead.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, Alexandre Ghiti Subject: [PATCH v6 06/14] arm: Properly account for stack randomization and stack guard gap Date: Thu, 8 Aug 2019 02:17:48 -0400 Message-Id: <20190808061756.19712-7-alex@ghiti.fr> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190808061756.19712-1-alex@ghiti.fr> References: <20190808061756.19712-1-alex@ghiti.fr> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This commit takes care of stack randomization and stack guard gap when computing mmap base address and checks if the task asked for randomization. This fixes the problem uncovered and not fixed for arm here: https://lkml.kernel.org/r/20170622200033.25714-1-riel@redhat.com Signed-off-by: Alexandre Ghiti Acked-by: Kees Cook Reviewed-by: Luis Chamberlain --- arch/arm/mm/mmap.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c index f866870db749..bff3d00bda5b 100644 --- a/arch/arm/mm/mmap.c +++ b/arch/arm/mm/mmap.c @@ -18,8 +18,9 @@ (((pgoff)<> (PAGE_SHIFT - 12)) static int mmap_is_legacy(struct rlimit *rlim_stack) { @@ -35,6 +36,15 @@ static int mmap_is_legacy(struct rlimit *rlim_stack) static unsigned long mmap_base(unsigned long rnd, struct rlimit *rlim_stack) { unsigned long gap = rlim_stack->rlim_cur; + unsigned long pad = stack_guard_gap; + + /* Account for stack randomization if necessary */ + if (current->flags & PF_RANDOMIZE) + pad += (STACK_RND_MASK << PAGE_SHIFT); + + /* Values close to RLIM_INFINITY can overflow. */ + if (gap + pad > gap) + gap += pad; if (gap < MIN_GAP) gap = MIN_GAP; -- 2.20.1