Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1762072AbYBEWfi (ORCPT ); Tue, 5 Feb 2008 17:35:38 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1760259AbYBEWfa (ORCPT ); Tue, 5 Feb 2008 17:35:30 -0500 Received: from styx.suse.cz ([82.119.242.94]:52757 "EHLO mail.suse.cz" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1759634AbYBEWf3 (ORCPT ); Tue, 5 Feb 2008 17:35:29 -0500 Date: Tue, 5 Feb 2008 23:35:27 +0100 (CET) From: Jiri Kosina To: Arjan van de Ven , Ingo Molnar , Pavel Machek cc: Hugh Dickins , kernel list , Abel Bernabeu Subject: Re: brk randomization breaks columns In-Reply-To: <20080205085841.51713a5d@laptopd505.fenrus.org> Message-ID: References: <20080204122837.GA1647@elf.ucw.cz> <20080205070001.7bc8058f@laptopd505.fenrus.org> <20080205154648.GA24331@elf.ucw.cz> <20080205085841.51713a5d@laptopd505.fenrus.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 5664 Lines: 165 On Tue, 5 Feb 2008, Arjan van de Ven wrote: > the combo of a config option + sysctl sounds the right way forward then > ;( OK, so I propose the one below (unested yet, but should be trivial). Does anyone have any objections? From: Jiri Kosina ASLR: add possibility for more fine-grained tweaking Some prehistoric binaries don't like when start of brk area is located anywhere else than just after code+bss. This patch adds possibility to configure the default behavior of address space randomization. In addition to that, randomize_va_space now can have value of '2', which means full randomization including brk space. Also, documentation of randomize_va_space is added. Signed-off-by: Jiri Kosina diff --git a/Documentation/sysctl/kernel.txt b/Documentation/sysctl/kernel.txt index 8984a53..0373bbe 100644 --- a/Documentation/sysctl/kernel.txt +++ b/Documentation/sysctl/kernel.txt @@ -41,6 +41,7 @@ show up in /proc/sys/kernel: - pid_max - powersave-nap [ PPC only ] - printk +- randomize_va_space - real-root-dev ==> Documentation/initrd.txt - reboot-cmd [ SPARC only ] - rtsig-max @@ -280,6 +281,37 @@ send before ratelimiting kicks in. ============================================================== +randomize-va-space: + +This option can be used to select the type of process address +space randomization is used in the system, for architectures +that support this feature. + +One of the following numeric values is possible: + +0 - [none] + Turn the process address space randomization off by default. + +1 - [conservative] + Conservative address space randomization makes the addresses of + mmap base and VDSO page randomized. This, among other things, + implies that shared libraries will be loaded to random addresses. + Also for PIE binaries, the location of code start is randomized. + +2 - [full] + + This includes all the features that Conservative randomization + provides. In addition to that, also start of the brk area is + randomized. + There a few legacy applications out there (such as some ancient + versions of libc.so.5 from 1996), that assume that brk area starts + just after the end of the code+bss. These applications break when + start of the brk area is randomized. There are however no known + non-legacy applications that would be broken this way, so for most + systems it is safe to chose Full randomization. + +============================================================== + reboot-cmd: (Sparc only) ??? This seems to be a way to give an argument to the Sparc diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index 4628c42..d9f23d5 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -1077,7 +1077,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) current->mm->start_stack = bprm->p; #ifdef arch_randomize_brk - if (current->flags & PF_RANDOMIZE) + if (current->flags & PF_RANDOMIZE && randomize_va_space == 2) current->mm->brk = current->mm->start_brk = arch_randomize_brk(current->mm); #endif diff --git a/init/Kconfig b/init/Kconfig index 87f50df..804a3a6 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -662,6 +662,46 @@ config SLOB endchoice +choice + prompt "Address space randomization type" + default RANDOMIZATION_CONSERVATIVE + help + This option allows to select the type of process address space + randomization that will be used by default (for those architectures + that support address space randomization). This option can be + overriden in runtime through kernel.randomize_va_space sysctl. + +config RANDOMIZATION_NONE + bool "NONE" + help + Turn the process address space randomization off by default. + Equivalent to sysctl kernel.randomize_va_space = 0. + +config RANDOMIZATION_CONSERVATIVE + bool "CONSERVATIVE" + help + Conservative address space randomization makes the addresses of + mmap base and VDSO page randomized. This, among other things, + implies that shared libraries will be loaded to random addresses. + Also for PIE binaries, the location of code start is randomized. + Equivalent to sysctl kernel.randomize_va_space = 1. + +config RANDOMIZATION_FULL + bool "FULL" + help + This includes all the features that Conservative randomization + provides. In addition to that, also start of the brk area is + randomized. + There a few legacy applications out there (such as some ancient + versions of libc.so.5 from 1996), that assume that brk area starts + just after the end of the code+bss. These applications break when + start of the brk area is randomized. There are however no known + non-legacy applications that would be broken this way, so for most + systems it is safe to chose Full randomization. + Equivalent to sysctl kernel.randomize_va_space = 2. + +endchoice + config PROFILING bool "Profiling support (EXPERIMENTAL)" help diff --git a/mm/memory.c b/mm/memory.c index 7bb7072..5765567 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -82,7 +82,15 @@ void * high_memory; EXPORT_SYMBOL(num_physpages); EXPORT_SYMBOL(high_memory); +#ifdef CONFIG_RANDOMIZE_CONSERVATIVE int randomize_va_space __read_mostly = 1; +#else +#ifdef CONFIG_RANDOMIZE_FULL +int randomize_va_space __read_mostly = 2; +#else +int randomize_va_space __read_mostly = 0; +#endif +#endif static int __init disable_randmaps(char *s) { -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/