[PATCH v3] x86: increase MIN_GAP to include randomized stack

From: Michal Hocko
Date: Tue Sep 08 2009 - 04:44:07 EST

Next message: Jiri Kosina: "Re: [PATCH v3] x86: increase MIN_GAP to include randomized stack"
Previous message: Peter Zijlstra: "Re: question on sched-rt group allocation cap: sched_rt_runtime_us"
In reply to: Michal Hocko: "Re: [PATCH v2] x86: increase MIN_GAP to include randomized stack"
Next in thread: Jiri Kosina: "Re: [PATCH v3] x86: increase MIN_GAP to include randomized stack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Currently we are not including randomized stack size when calculating
mmap_base address in arch_pick_mmap_layout for topdown case. This might
cause that mmap_base starts in the stack reserved area because stack is
randomized by 1GB for 64b (8MB for 32b) and the minimum gap is 128MB.

If the stack really grows down to mmap_base then we can get silent mmap
region overwrite by the stack values.

Let's include maximum stack randomization size into MIN_GAP which is
used as the low bound for the gap in mmap.

Signed-off-by: Michal Hocko <mhocko@xxxxxxx>
---
arch/x86/mm/mmap.c | 25 +++++++++++++++++++++++--
1 files changed, 23 insertions(+), 2 deletions(-)

I think that this is also stable material and I will repost it to
stable@xxxxxxxxxx once you ack it.

Changes from v2:
STACK_RND_MASK has to be defined for CONFIG_X86_32 as well.

Changes from v1:
Fixed unsigned int overflow in MIN_GAP calculation.

diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c
index 1658296..a4566a8 100644
--- a/arch/x86/mm/mmap.c
+++ b/arch/x86/mm/mmap.c
@@ -30,12 +30,33 @@
#include <linux/limits.h>
#include <linux/sched.h>

+/* 1GB for 64bit, 8MB for 32bit definition taken from arch/x86/include/asm/elf.h */
+#ifndef STACK_RND_MASK
+#ifdef CONFIG_X86_64
+#define STACK_RND_MASK (test_thread_flag(TIF_IA32) ? 0x7ff : 0x3fffff)
+#else
+#define STACK_RND_MASK (0x7ff)
+#endif
+#endif
+
+static unsigned int stack_maxrandom_size(void)
+{
+ unsigned int max = 0;
+ if ((current->flags & PF_RANDOMIZE) &&
+ !(current->personality & ADDR_NO_RANDOMIZE)) {
+ max = ((-1U) & STACK_RND_MASK) << PAGE_SHIFT;
+ }
+
+ return max;
+}
+
+
/*
* Top of mmap area (just below the process stack).
*
- * Leave an at least ~128 MB hole.
+ * Leave an at least ~128 MB hole with possible stack randomization.
*/
-#define MIN_GAP (128*1024*1024)
+#define MIN_GAP (128*1024*1024UL + stack_maxrandom_size())
#define MAX_GAP (TASK_SIZE/6*5)

/*
--
1.6.3.3

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jiri Kosina: "Re: [PATCH v3] x86: increase MIN_GAP to include randomized stack"
Previous message: Peter Zijlstra: "Re: question on sched-rt group allocation cap: sched_rt_runtime_us"
In reply to: Michal Hocko: "Re: [PATCH v2] x86: increase MIN_GAP to include randomized stack"
Next in thread: Jiri Kosina: "Re: [PATCH v3] x86: increase MIN_GAP to include randomized stack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]