forked from Minki/linux
ccd3988086
Based on commit 1091458d09
(mmap randomization)
For 32-bit address spaces randomize within a
16MB space, for 64-bit within a 256MB space.
Test Results:
------------
Without Patch (VDSO is not randomized)
---------------------------------------
root@Maleo:~# ./aslr vdso
FAIL: ASLR not functional (vdso always at 0x7fff7000)
root@Maleo:~# ./aslr rekey vdso
pre_val==cur_val
value=0x7fff7000
With patch:(VDSO is randmoized and doesn't interfere with stack)
----------------------------------------------------------------
root@cavium-octeon2:~# ./aslr rekey vdso
pre_val!=cur_val
previous_value=0x7f830ea2
current_value=0x776e2000
root@cavium-octeon2:~# ./aslr rekey vdso
pre_val!=cur_val
previous_value=0x7fb0cea2
current_value=0x77209000
root@cavium-octeon2:~# ./aslr rekey vdso
pre_val!=cur_val
previous_value=0x7f985ea2
current_value=0x7770c000
root@cavium-octeon2:~# ./aslr rekey vdso
pre_val!=cur_val
previous_value=0x7fbc6ea2
current_value=0x7fe25000
Maps file output:
-------------------------
root@cavium-octeon2:~# ./aslr rekey maps
78584000-785a5000 rwxp 00000000 00:00 0 [heap]
7f9d0000-7f9f1000 rw-p 00000000 00:00 0 [stack]
7ffa5000-7ffa6000 r-xp 00000000 00:00 0 [vdso]
root@cavium-octeon2:~# ./aslr rekey maps
77de0000-77e01000 rwxp 00000000 00:00 0 [heap]
7f91b000-7f93c000 rw-p 00000000 00:00 0 [stack]
7ff99000-7ff9a000 r-xp 00000000 00:00 0 [vdso]
root@cavium-octeon2:~# ./aslr rekey maps
77d7f000-77da0000 rwxp 00000000 00:00 0 [heap]
7fc2a000-7fc4b000 rw-p 00000000 00:00 0 [stack]
7fe09000-7fe0a000 r-xp 00000000 00:00 0 [vdso]
root@cavium-octeon2:~# ./aslr rekey maps
7794c000-7794d000 r-xp 00000000 00:00 0 [vdso]
77e4b000-77e6c000 rwxp 00000000 00:00 0 [heap]
7f6e7000-7f708000 rw-p 00000000 00:00 0 [stack]
root@cavium-octeon2:~#
Signed-off-by: Prem Karat <pkarat@mvista.com>
Cc: linux-mips@linux-mips.org
Cc: sergei.shtylyov@cogentembedded.com
Cc: ddaney.cavm@gmail.com
Patchwork: https://patchwork.linux-mips.org/patch/6812
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
123 lines
2.6 KiB
C
123 lines
2.6 KiB
C
/*
|
|
* This file is subject to the terms and conditions of the GNU General Public
|
|
* License. See the file "COPYING" in the main directory of this archive
|
|
* for more details.
|
|
*
|
|
* Copyright (C) 2009, 2010 Cavium Networks, Inc.
|
|
*/
|
|
|
|
|
|
#include <linux/kernel.h>
|
|
#include <linux/err.h>
|
|
#include <linux/sched.h>
|
|
#include <linux/mm.h>
|
|
#include <linux/init.h>
|
|
#include <linux/binfmts.h>
|
|
#include <linux/elf.h>
|
|
#include <linux/vmalloc.h>
|
|
#include <linux/unistd.h>
|
|
#include <linux/random.h>
|
|
|
|
#include <asm/vdso.h>
|
|
#include <asm/uasm.h>
|
|
#include <asm/processor.h>
|
|
|
|
/*
|
|
* Including <asm/unistd.h> would give use the 64-bit syscall numbers ...
|
|
*/
|
|
#define __NR_O32_sigreturn 4119
|
|
#define __NR_O32_rt_sigreturn 4193
|
|
#define __NR_N32_rt_sigreturn 6211
|
|
|
|
static struct page *vdso_page;
|
|
|
|
static void __init install_trampoline(u32 *tramp, unsigned int sigreturn)
|
|
{
|
|
uasm_i_addiu(&tramp, 2, 0, sigreturn); /* li v0, sigreturn */
|
|
uasm_i_syscall(&tramp, 0);
|
|
}
|
|
|
|
static int __init init_vdso(void)
|
|
{
|
|
struct mips_vdso *vdso;
|
|
|
|
vdso_page = alloc_page(GFP_KERNEL);
|
|
if (!vdso_page)
|
|
panic("Cannot allocate vdso");
|
|
|
|
vdso = vmap(&vdso_page, 1, 0, PAGE_KERNEL);
|
|
if (!vdso)
|
|
panic("Cannot map vdso");
|
|
clear_page(vdso);
|
|
|
|
install_trampoline(vdso->rt_signal_trampoline, __NR_rt_sigreturn);
|
|
#ifdef CONFIG_32BIT
|
|
install_trampoline(vdso->signal_trampoline, __NR_sigreturn);
|
|
#else
|
|
install_trampoline(vdso->n32_rt_signal_trampoline,
|
|
__NR_N32_rt_sigreturn);
|
|
install_trampoline(vdso->o32_signal_trampoline, __NR_O32_sigreturn);
|
|
install_trampoline(vdso->o32_rt_signal_trampoline,
|
|
__NR_O32_rt_sigreturn);
|
|
#endif
|
|
|
|
vunmap(vdso);
|
|
|
|
return 0;
|
|
}
|
|
subsys_initcall(init_vdso);
|
|
|
|
static unsigned long vdso_addr(unsigned long start)
|
|
{
|
|
unsigned long offset = 0UL;
|
|
|
|
if (current->flags & PF_RANDOMIZE) {
|
|
offset = get_random_int();
|
|
offset <<= PAGE_SHIFT;
|
|
if (TASK_IS_32BIT_ADDR)
|
|
offset &= 0xfffffful;
|
|
else
|
|
offset &= 0xffffffful;
|
|
}
|
|
|
|
return STACK_TOP + offset;
|
|
}
|
|
|
|
int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
|
|
{
|
|
int ret;
|
|
unsigned long addr;
|
|
struct mm_struct *mm = current->mm;
|
|
|
|
down_write(&mm->mmap_sem);
|
|
|
|
addr = vdso_addr(mm->start_stack);
|
|
|
|
addr = get_unmapped_area(NULL, addr, PAGE_SIZE, 0, 0);
|
|
if (IS_ERR_VALUE(addr)) {
|
|
ret = addr;
|
|
goto up_fail;
|
|
}
|
|
|
|
ret = install_special_mapping(mm, addr, PAGE_SIZE,
|
|
VM_READ|VM_EXEC|
|
|
VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC,
|
|
&vdso_page);
|
|
|
|
if (ret)
|
|
goto up_fail;
|
|
|
|
mm->context.vdso = (void *)addr;
|
|
|
|
up_fail:
|
|
up_write(&mm->mmap_sem);
|
|
return ret;
|
|
}
|
|
|
|
const char *arch_vma_name(struct vm_area_struct *vma)
|
|
{
|
|
if (vma->vm_mm && vma->vm_start == (long)vma->vm_mm->context.vdso)
|
|
return "[vdso]";
|
|
return NULL;
|
|
}
|