Re: [PATCH v2 0/5] split ET_DYN ASLR from mmap ASLR

LKML Archive on lore.kernel.org
help / color / mirror / Atom feed

From: Ingo Molnar <mingo@kernel.org>
To: Kees Cook <keescook@chromium.org>
Cc: akpm@linux-foundation.org, linux-kernel@vger.kernel.org,
	"Russell King" <linux@arm.linux.org.uk>,
	"Catalin Marinas" <catalin.marinas@arm.com>,
	"Will Deacon" <will.deacon@arm.com>,
	"Ralf Baechle" <ralf@linux-mips.org>,
	"Benjamin Herrenschmidt" <benh@kernel.crashing.org>,
	"Paul Mackerras" <paulus@samba.org>,
	"Michael Ellerman" <mpe@ellerman.id.au>,
	"Martin Schwidefsky" <schwidefsky@de.ibm.com>,
	"Heiko Carstens" <heiko.carstens@de.ibm.com>,
	linux390@de.ibm.com, x86@kernel.org,
	"Alexander Viro" <viro@zeniv.linux.org.uk>,
	"Oleg Nesterov" <oleg@redhat.com>,
	"Andy Lutomirski" <luto@amacapital.net>,
	"David A. Long" <dave.long@linaro.org>,
	"Andrey Ryabinin" <a.ryabinin@samsung.com>,
	"Arun Chandran" <achandran@mvista.com>,
	"Yann Droneaud" <ydroneaud@opteya.com>,
	"Min-Hua Chen" <orca.chen@gmail.com>,
	"Paul Burton" <paul.burton@imgtec.com>,
	"Alex Smith" <alex@alex-smith.me.uk>,
	"Markos Chandras" <markos.chandras@imgtec.com>,
	"Jeff Bailey" <jeffbailey@google.com>,
	"Vineeth Vijayan" <vvijayan@mvista.com>,
	"Michael Holzheu" <holzheu@linux.vnet.ibm.com>,
	"Ben Hutchings" <ben@decadent.org.uk>,
	"Hector Marco-Gisbert" <hecmargi@upv.es>,
	"Borislav Petkov" <bp@suse.de>, "Jan-Simon Möller" <dl9pf@gmx.de>,
	linux-arm-kernel@lists.infradead.org, linux-mips@linux-mips.org,
	linuxppc-dev@lists.ozlabs.org, linux-s390@vger.kernel.org,
	linux-fsdevel@vger.kernel.org,
	"Linus Torvalds" <torvalds@linux-foundation.org>,
	"Borislav Petkov" <bp@alien8.de>,
	"H. Peter Anvin" <hpa@zytor.com>,
	"Thomas Gleixner" <tglx@linutronix.de>
Subject: Re: [PATCH v2 0/5] split ET_DYN ASLR from mmap ASLR
Date: Tue, 3 Mar 2015 08:31:32 +0100	[thread overview]
Message-ID: <20150303073132.GA30602@gmail.com> (raw)
In-Reply-To: <1425341988-1599-1-git-send-email-keescook@chromium.org>


* Kees Cook <keescook@chromium.org> wrote:

> To address the "offset2lib" ASLR weakness[1], this separates ET_DYN
> ASLR from mmap ASLR, as already done on s390. The architectures
> that are already randomizing mmap (arm, arm64, mips, powerpc, s390,
> and x86), have their various forms of arch_mmap_rnd() made available
> via the new CONFIG_ARCH_HAS_ELF_RANDOMIZE. For these architectures,
> arch_randomize_brk() is collapsed as well.
> 
> This is an alternative to the solutions in:
> https://lkml.org/lkml/2015/2/23/442

Looks good so far:

Reviewed-by: Ingo Molnar <mingo@kernel.org>

While reviewing this series I also noticed that the following code 
could be factored out from architecture mmap code as well:

  - arch_pick_mmap_layout() uses very similar patterns across the 
    platforms, with only few variations. Many architectures use 
    the same duplicated mmap_is_legacy() helper as well. There's 
    usually just trivial differences between mmap_legacy_base() 
    approaches as well.

  - arch_mmap_rnd(): the PF_RANDOMIZE checks are needlessly
    exposed to the arch routine - the arch routine should only 
    concentrate on arch details, not generic flags like
    PF_RANDOMIZE.

In theory the mmap layout could be fully parametrized as well: i.e. no 
callback functions to architectures by default at all: just 
declarations of bits of randomization desired (or, available address 
space bits), and perhaps an arch helper to allow 32-bit vs. 64-bit 
address space distinctions.

'Weird' architectures could provide special routines, but only by 
overriding the default behavior, which should be generic, safe and 
robust.

Thanks,

	Ingo

next prev parent reply	other threads:[~2015-03-03  7:31 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-03-03  0:19 Kees Cook
2015-03-03  0:19 ` [PATCH 1/5] arm: factor out mmap ASLR into mmap_rnd Kees Cook
2015-03-09 14:48   ` Russell King - ARM Linux
2015-03-03  0:19 ` [PATCH 2/5] mm: expose arch_mmap_rnd when available Kees Cook
2015-03-09 14:49   ` Russell King - ARM Linux
2015-03-03  0:19 ` [PATCH 3/5] mm: move randomize_et_dyn into ELF_ET_DYN_BASE Kees Cook
2015-03-03  0:19 ` [PATCH 4/5] mm: split ET_DYN ASLR from mmap ASLR Kees Cook
2015-03-04  4:16   ` Michael Ellerman
2015-03-04 21:13     ` Kees Cook
2015-03-04 23:56       ` Michael Ellerman
2015-03-09 15:13   ` Russell King - ARM Linux
2015-03-03  0:19 ` [PATCH 5/5] mm: fold arch_randomize_brk into ARCH_HAS_ELF_RANDOMIZE Kees Cook
2015-03-09 14:51   ` Russell King - ARM Linux
2015-03-03  7:31 ` Ingo Molnar [this message]
2015-03-03 18:03   ` [PATCH v2 0/5] split ET_DYN ASLR from mmap ASLR Kees Cook
2015-03-04  4:20     ` Ingo Molnar
2015-03-09 15:15 ` Russell King - ARM Linux

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150303073132.GA30602@gmail.com \
    --to=mingo@kernel.org \
    --cc=a.ryabinin@samsung.com \
    --cc=achandran@mvista.com \
    --cc=akpm@linux-foundation.org \
    --cc=alex@alex-smith.me.uk \
    --cc=ben@decadent.org.uk \
    --cc=benh@kernel.crashing.org \
    --cc=bp@alien8.de \
    --cc=bp@suse.de \
    --cc=catalin.marinas@arm.com \
    --cc=dave.long@linaro.org \
    --cc=dl9pf@gmx.de \
    --cc=hecmargi@upv.es \
    --cc=heiko.carstens@de.ibm.com \
    --cc=holzheu@linux.vnet.ibm.com \
    --cc=hpa@zytor.com \
    --cc=jeffbailey@google.com \
    --cc=keescook@chromium.org \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mips@linux-mips.org \
    --cc=linux-s390@vger.kernel.org \
    --cc=linux390@de.ibm.com \
    --cc=linux@arm.linux.org.uk \
    --cc=linuxppc-dev@lists.ozlabs.org \
    --cc=luto@amacapital.net \
    --cc=markos.chandras@imgtec.com \
    --cc=mpe@ellerman.id.au \
    --cc=oleg@redhat.com \
    --cc=orca.chen@gmail.com \
    --cc=paul.burton@imgtec.com \
    --cc=paulus@samba.org \
    --cc=ralf@linux-mips.org \
    --cc=schwidefsky@de.ibm.com \
    --cc=tglx@linutronix.de \
    --cc=torvalds@linux-foundation.org \
    --cc=viro@zeniv.linux.org.uk \
    --cc=vvijayan@mvista.com \
    --cc=will.deacon@arm.com \
    --cc=x86@kernel.org \
    --cc=ydroneaud@opteya.com \
    --subject='Re: [PATCH v2 0/5] split ET_DYN ASLR from mmap ASLR' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).