LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* [PATCH] [RESEND] i386 and x86_64: randomize brk()
@ 2007-09-11 12:17 Jiri Kosina
  2007-09-14  5:07 ` Andrew Morton
  2007-10-11  8:18 ` Andrew Morton
  0 siblings, 2 replies; 10+ messages in thread
From: Jiri Kosina @ 2007-09-11 12:17 UTC (permalink / raw)
  To: Andrew Morton; +Cc: linux-kernel

From: Jiri Kosina <jkosina@suse.cz>

i386 and x86_64: randomize brk()

This patch randomizes the location of the heap (brk) for i386 and x86_64.
The range is randomized in the range starting at current brk location up
to 0x02000000 offset for both architectures. This, together with
pie-executable-randomization.patch and
pie-executable-randomization-fix.patch, should make the address space
randomization on i386 and x86_64 complete.

Signed-off-by: Jiri Kosina <jkosina@suse.cz>

diff --git a/arch/i386/kernel/process.c b/arch/i386/kernel/process.c
index 8466471..8e0624d 100644
--- a/arch/i386/kernel/process.c
+++ b/arch/i386/kernel/process.c
@@ -949,3 +949,17 @@ unsigned long arch_align_stack(unsigned long sp)
 		sp -= get_random_int() % 8192;
 	return sp & ~0xf;
 }
+
+unsigned long arch_randomize_brk(unsigned long brk)
+{
+	unsigned long new_brk;
+	unsigned long range_end;
+
+	range_end = brk + 0x02000000;
+	new_brk = randomize_range(brk, range_end, 0);
+	if (new_brk)
+		return new_brk;
+	else
+		return brk;
+}
+
diff --git a/arch/x86_64/kernel/process.c b/arch/x86_64/kernel/process.c
index 2842f50..b20f0eb 100644
--- a/arch/x86_64/kernel/process.c
+++ b/arch/x86_64/kernel/process.c
@@ -902,3 +902,17 @@ unsigned long arch_align_stack(unsigned long sp)
 		sp -= get_random_int() % 8192;
 	return sp & ~0xf;
 }
+
+unsigned long arch_randomize_brk(unsigned long brk)
+{
+	unsigned long new_brk;
+	unsigned long range_end;
+
+	range_end = brk + 0x02000000;
+	new_brk = randomize_range(brk, range_end, 0);
+	if (new_brk)
+		return new_brk;
+	else
+		return brk;
+}
+
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index d65f1d9..7afec71 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -47,6 +47,9 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs);
 static int load_elf_library(struct file *);
 static unsigned long elf_map (struct file *, unsigned long, struct elf_phdr *, int, int, unsigned long);
 
+/* overriden by architectures supporting brk randomization */
+unsigned long __weak arch_randomize_brk(unsigned long brk) { return brk; }
+
 /*
  * If we don't support core dumping, then supply a NULL so we
  * don't even try.
@@ -1073,6 +1076,10 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
 	current->mm->end_data = end_data;
 	current->mm->start_stack = bprm->p;
 
+	if (current->flags & PF_RANDOMIZE)
+		current->mm->brk = current->mm->start_brk = 
+			arch_randomize_brk(current->mm->brk);
+
 	if (current->personality & MMAP_PAGE_ZERO) {
 		/* Why this, you ask???  Well SVr4 maps page 0 as read-only,
 		   and some applications "depend" upon this behavior.


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] [RESEND] i386 and x86_64: randomize brk()
  2007-09-11 12:17 [PATCH] [RESEND] i386 and x86_64: randomize brk() Jiri Kosina
@ 2007-09-14  5:07 ` Andrew Morton
  2007-09-14  8:30   ` Jiri Kosina
  2007-10-11  8:18 ` Andrew Morton
  1 sibling, 1 reply; 10+ messages in thread
From: Andrew Morton @ 2007-09-14  5:07 UTC (permalink / raw)
  To: Jiri Kosina; +Cc: linux-kernel

On Tue, 11 Sep 2007 14:17:24 +0200 (CEST) Jiri Kosina <jkosina@suse.cz> wrote:

> From: Jiri Kosina <jkosina@suse.cz>
> 
> i386 and x86_64: randomize brk()
> 
> This patch randomizes the location of the heap (brk) for i386 and x86_64.
> The range is randomized in the range starting at current brk location up
> to 0x02000000 offset for both architectures. This, together with
> pie-executable-randomization.patch and
> pie-executable-randomization-fix.patch, should make the address space
> randomization on i386 and x86_64 complete.
> 
> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
> 
> diff --git a/arch/i386/kernel/process.c b/arch/i386/kernel/process.c
> index 8466471..8e0624d 100644
> --- a/arch/i386/kernel/process.c
> +++ b/arch/i386/kernel/process.c
> @@ -949,3 +949,17 @@ unsigned long arch_align_stack(unsigned long sp)
>  		sp -= get_random_int() % 8192;
>  	return sp & ~0xf;
>  }
> +
> +unsigned long arch_randomize_brk(unsigned long brk)
> +{
> +	unsigned long new_brk;
> +	unsigned long range_end;
> +
> +	range_end = brk + 0x02000000;
> +	new_brk = randomize_range(brk, range_end, 0);
> +	if (new_brk)
> +		return new_brk;
> +	else
> +		return brk;
> +}
> +
> diff --git a/arch/x86_64/kernel/process.c b/arch/x86_64/kernel/process.c
> index 2842f50..b20f0eb 100644
> --- a/arch/x86_64/kernel/process.c
> +++ b/arch/x86_64/kernel/process.c
> @@ -902,3 +902,17 @@ unsigned long arch_align_stack(unsigned long sp)
>  		sp -= get_random_int() % 8192;
>  	return sp & ~0xf;
>  }
> +
> +unsigned long arch_randomize_brk(unsigned long brk)
> +{
> +	unsigned long new_brk;
> +	unsigned long range_end;
> +
> +	range_end = brk + 0x02000000;
> +	new_brk = randomize_range(brk, range_end, 0);
> +	if (new_brk)
> +		return new_brk;
> +	else
> +		return brk;
> +}
> +
> diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
> index d65f1d9..7afec71 100644
> --- a/fs/binfmt_elf.c
> +++ b/fs/binfmt_elf.c
> @@ -47,6 +47,9 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs);
>  static int load_elf_library(struct file *);
>  static unsigned long elf_map (struct file *, unsigned long, struct elf_phdr *, int, int, unsigned long);
>  
> +/* overriden by architectures supporting brk randomization */
> +unsigned long __weak arch_randomize_brk(unsigned long brk) { return brk; }
> +
>  /*
>   * If we don't support core dumping, then supply a NULL so we
>   * don't even try.
> @@ -1073,6 +1076,10 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
>  	current->mm->end_data = end_data;
>  	current->mm->start_stack = bprm->p;
>  
> +	if (current->flags & PF_RANDOMIZE)
> +		current->mm->brk = current->mm->start_brk = 
> +			arch_randomize_brk(current->mm->brk);
> +
>  	if (current->personality & MMAP_PAGE_ZERO) {
>  		/* Why this, you ask???  Well SVr4 maps page 0 as read-only,
>  		   and some applications "depend" upon this behavior.

We need a prototype of arch_randomize_brk() in scope for all callers and
implementations, so that the compiler can perform the appropriate
typechecking.

--- a/include/linux/mm.h~i386-and-x86_64-randomize-brk-fix
+++ a/include/linux/mm.h
@@ -1017,6 +1017,7 @@ out:
 extern int do_munmap(struct mm_struct *, unsigned long, size_t);
 
 extern unsigned long do_brk(unsigned long, unsigned long);
+extern unsigned long arch_randomize_brk(unsigned long brk);
 
 /* filemap.c */
 extern unsigned long page_unuse(struct page *);
_


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] [RESEND] i386 and x86_64: randomize brk()
  2007-09-14  5:07 ` Andrew Morton
@ 2007-09-14  8:30   ` Jiri Kosina
  0 siblings, 0 replies; 10+ messages in thread
From: Jiri Kosina @ 2007-09-14  8:30 UTC (permalink / raw)
  To: Andrew Morton; +Cc: linux-kernel

On Thu, 13 Sep 2007, Andrew Morton wrote:

> > From: Jiri Kosina <jkosina@suse.cz>
> > i386 and x86_64: randomize brk()
...
> We need a prototype of arch_randomize_brk() in scope for all callers and
> implementations, so that the compiler can perform the appropriate
> typechecking.

You are right, thanks a lot, please fold your fix into my patch.

-- 
Jiri Kosina
SUSE Labs

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] [RESEND] i386 and x86_64: randomize brk()
  2007-09-11 12:17 [PATCH] [RESEND] i386 and x86_64: randomize brk() Jiri Kosina
  2007-09-14  5:07 ` Andrew Morton
@ 2007-10-11  8:18 ` Andrew Morton
  2007-10-11  8:26   ` Andrew Morton
                     ` (2 more replies)
  1 sibling, 3 replies; 10+ messages in thread
From: Andrew Morton @ 2007-10-11  8:18 UTC (permalink / raw)
  To: Jiri Kosina; +Cc: linux-kernel

On Tue, 11 Sep 2007 14:17:24 +0200 (CEST) Jiri Kosina <jkosina@suse.cz> wrote:

> i386 and x86_64: randomize brk()

I seem to have a different copy of this patch from the one which you
originally sent.  It's the one which implements arch_randomize_brk() in
each arch's header file.  Mayeb it wasn't cc'ed to a mailing list of maybe
I just lost the email, dunno.

Anyway, it breaks on ia64:

  CC      arch/ia64/ia32/binfmt_elf32.o
In file included from arch/ia64/ia32/binfmt_elf32.c:49:
arch/ia64/ia32/../../../fs/binfmt_elf.c: In function `load_elf_binary':
arch/ia64/ia32/../../../fs/binfmt_elf.c:1085: error: implicit declaration of function `arch_randomize_brk'
make[1]: *** [arch/ia64/ia32/binfmt_elf32.o] Error 1
make: *** [arch/ia64/ia32/binfmt_elf32.o] Error 2

This is because ia64 takes the exceptional stupidity which is our
elf-handling build system and adds an extra layer of stupidity on top of
it.  Look:

akpm2:/usr/src/25> head include/asm-ia64/elf.h
#ifndef _ASM_IA64_ELF_H
#define _ASM_IA64_ELF_H

/*
 * ELF-specific definitions.
 *
 * Copyright (C) 1998-1999, 2002-2004 Hewlett-Packard Co
 *      David Mosberger-Tang <davidm@hpl.hp.com>
 */

akpm2:/usr/src/25> grep -r _ASM_IA64_ELF_H arch/ia64
arch/ia64/ia32/ia32priv.h:#define _ASM_IA64_ELF_H               /* Don't include elf.h */

can you believe this stuff?

Anyway, I'm presently running with this loveliness:


--- a/include/asm-ia64/elf.h~i386-and-x86_64-randomize-brk-2-fix
+++ a/include/asm-ia64/elf.h
@@ -249,8 +249,10 @@ do {									\
 
 #endif /* __KERNEL__ */
 
+#endif /* _ASM_IA64_ELF_H */
+
+#ifndef IA64_IS_WEIRD
 static inline void arch_randomize_brk(void)
 {
 }
-
-#endif /* _ASM_IA64_ELF_H */
+#endif
_

Wanna see if there's something saner we can do please?

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] [RESEND] i386 and x86_64: randomize brk()
  2007-10-11  8:18 ` Andrew Morton
@ 2007-10-11  8:26   ` Andrew Morton
  2007-10-11  8:55   ` Andrew Morton
  2007-10-11  9:23   ` Jiri Kosina
  2 siblings, 0 replies; 10+ messages in thread
From: Andrew Morton @ 2007-10-11  8:26 UTC (permalink / raw)
  To: Jiri Kosina, linux-kernel

On Thu, 11 Oct 2007 01:18:00 -0700 Andrew Morton <akpm@linux-foundation.org> wrote:

> Anyway, I'm presently running with this loveliness:
> 
> 
> --- a/include/asm-ia64/elf.h~i386-and-x86_64-randomize-brk-2-fix
> +++ a/include/asm-ia64/elf.h
> @@ -249,8 +249,10 @@ do {									\
>  
>  #endif /* __KERNEL__ */
>  
> +#endif /* _ASM_IA64_ELF_H */
> +
> +#ifndef IA64_IS_WEIRD
>  static inline void arch_randomize_brk(void)
>  {
>  }
> -
> -#endif /* _ASM_IA64_ELF_H */
> +#endif

err, with the obvious `#define IA64_IS_WEIRD' in there..

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] [RESEND] i386 and x86_64: randomize brk()
  2007-10-11  8:18 ` Andrew Morton
  2007-10-11  8:26   ` Andrew Morton
@ 2007-10-11  8:55   ` Andrew Morton
  2007-10-11  9:27     ` Jiri Kosina
  2007-10-19 22:10     ` Jiri Kosina
  2007-10-11  9:23   ` Jiri Kosina
  2 siblings, 2 replies; 10+ messages in thread
From: Andrew Morton @ 2007-10-11  8:55 UTC (permalink / raw)
  To: Jiri Kosina, linux-kernel

On Thu, 11 Oct 2007 01:18:00 -0700 Andrew Morton <akpm@linux-foundation.org> wrote:

> Anyway, it breaks on ia64:

And on s390

In file included from arch/s390/kernel/binfmt_elf32.c:202:
arch/s390/kernel/../../../fs/binfmt_elf.c: In function 'load_elf_binary':
arch/s390/kernel/../../../fs/binfmt_elf.c:1088: error: implicit declaration of function 'arch_randomize_brk'

I'll drop the patch.

Really we should fix the elf mess before we try and change it any more.

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] [RESEND] i386 and x86_64: randomize brk()
  2007-10-11  8:18 ` Andrew Morton
  2007-10-11  8:26   ` Andrew Morton
  2007-10-11  8:55   ` Andrew Morton
@ 2007-10-11  9:23   ` Jiri Kosina
  2 siblings, 0 replies; 10+ messages in thread
From: Jiri Kosina @ 2007-10-11  9:23 UTC (permalink / raw)
  To: Andrew Morton, David Mosberger-Tang; +Cc: linux-kernel

On Thu, 11 Oct 2007, Andrew Morton wrote:

> I seem to have a different copy of this patch from the one which you 
> originally sent.  It's the one which implements arch_randomize_brk() in 
> each arch's header file.  Mayeb it wasn't cc'ed to a mailing list of 
> maybe I just lost the email, dunno.

Yes, it should the the last version of this patch, and it should also have 
gone to lkml.

> Anyway, it breaks on ia64:
[...]
> This is because ia64 takes the exceptional stupidity which is our
> elf-handling build system and adds an extra layer of stupidity on top of
> it.  Look:
> akpm2:/usr/src/25> grep -r _ASM_IA64_ELF_H arch/ia64
> arch/ia64/ia32/ia32priv.h:#define _ASM_IA64_ELF_H               /* Don't include elf.h */
> can you believe this stuff?

Oh, that's pretty crazy indeed. Including of binfmt_elf.c from all over 
the place is crazy as hell by itself, but this certainly adds a lot of 
additional mess. 

> Wanna see if there's something saner we can do please?

Apart from rewriting the whole thing to make more sense, I don't see 
currently a way out of it better than your patch :(

-- 
Jiri Kosina
SUSE Labs

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] [RESEND] i386 and x86_64: randomize brk()
  2007-10-11  8:55   ` Andrew Morton
@ 2007-10-11  9:27     ` Jiri Kosina
  2007-10-19 22:10     ` Jiri Kosina
  1 sibling, 0 replies; 10+ messages in thread
From: Jiri Kosina @ 2007-10-11  9:27 UTC (permalink / raw)
  To: Andrew Morton; +Cc: linux-kernel

On Thu, 11 Oct 2007, Andrew Morton wrote:

> And on s390
> In file included from arch/s390/kernel/binfmt_elf32.c:202:
> arch/s390/kernel/../../../fs/binfmt_elf.c: In function 'load_elf_binary':
> arch/s390/kernel/../../../fs/binfmt_elf.c:1088: error: implicit declaration of function 'arch_randomize_brk'

This should be fixed trivially in the very same way as for x86_64, i.e. 
something like

diff --git a/arch/s390/kernel/binfmt_elf32.c b/arch/s390/kernel/binfmt_elf32.c
index f1e40ca..4b5432d 100644
--- a/arch/s390/kernel/binfmt_elf32.c
+++ b/arch/s390/kernel/binfmt_elf32.c
@@ -199,5 +199,6 @@ cputime_to_compat_timeval(const cputime_t cputime, struct compat_timeval *value)
 	value->tv_sec = cputime / 1000000;
 }
 
+extern void arch_randomize_brk(void);
 #include "../../../fs/binfmt_elf.c"


right? Maybe this would be needed for other architectures too :( I will 
check this. I'd really like the patch go in, so that we have really full 
randomization finally.

> I'll drop the patch. Really we should fix the elf mess before we try and 
> change it any more.

I agree that it is a total mess. We'd need someone brave enough to rewrite 
this crap :/

Thanks,

-- 
Jiri Kosina
SUSE Labs

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] [RESEND] i386 and x86_64: randomize brk()
  2007-10-11  8:55   ` Andrew Morton
  2007-10-11  9:27     ` Jiri Kosina
@ 2007-10-19 22:10     ` Jiri Kosina
  2007-10-23 22:13       ` Jiri Kosina
  1 sibling, 1 reply; 10+ messages in thread
From: Jiri Kosina @ 2007-10-19 22:10 UTC (permalink / raw)
  To: Andrew Morton; +Cc: linux-kernel

On Thu, 11 Oct 2007, Andrew Morton wrote:

> > Anyway, it breaks on ia64:
> And on s390
> In file included from arch/s390/kernel/binfmt_elf32.c:202:
> arch/s390/kernel/../../../fs/binfmt_elf.c: In function 'load_elf_binary':
> arch/s390/kernel/../../../fs/binfmt_elf.c:1088: error: implicit declaration of function 'arch_randomize_brk'
> I'll drop the patch.
> Really we should fix the elf mess before we try and change it any more.

... back to this a week old thread about already dropped patch.

I am thinking about going back to the original idea of just simply 
defining ARCH_HAS_RANDOMIZE_BRK and not caring for the ELF crap any more 
for now. This way the patch is as small as possible, and doesn't interfere 
with the ELF cross-arch craziness at all.

Here I posted such version of the patch: 
http://lkml.org/lkml/2007/8/22/254 and here you asked me to put empty 
stubs into elf.h, which turned out to be too headache for some archs: 
http://lkml.org/lkml/2007/8/22/492

Does going back to the original ARCH_HAS_RANDOMIZE_BRK sound acceptable 
now, before the ELF stuff gets completely rewritten one day?

Thanks,

-- 
Jiri Kosina

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] [RESEND] i386 and x86_64: randomize brk()
  2007-10-19 22:10     ` Jiri Kosina
@ 2007-10-23 22:13       ` Jiri Kosina
  0 siblings, 0 replies; 10+ messages in thread
From: Jiri Kosina @ 2007-10-23 22:13 UTC (permalink / raw)
  To: Andrew Morton; +Cc: linux-kernel

On Sat, 20 Oct 2007, Jiri Kosina wrote:

> > And on s390
> > In file included from arch/s390/kernel/binfmt_elf32.c:202:
> > arch/s390/kernel/../../../fs/binfmt_elf.c: In function 'load_elf_binary':
> > arch/s390/kernel/../../../fs/binfmt_elf.c:1088: error: implicit declaration of function 'arch_randomize_brk'
> > I'll drop the patch.
> > Really we should fix the elf mess before we try and change it any more.
> ... back to this a week old thread about already dropped patch.
> I am thinking about going back to the original idea of just simply 
> defining ARCH_HAS_RANDOMIZE_BRK and not caring for the ELF crap any more 
> for now. This way the patch is as small as possible, and doesn't interfere 
> with the ELF cross-arch craziness at all.
> Here I posted such version of the patch: 
> http://lkml.org/lkml/2007/8/22/254 and here you asked me to put empty 
> stubs into elf.h, which turned out to be too headache for some archs: 
> http://lkml.org/lkml/2007/8/22/492

And here it goes, rebased on top of current Linus' -git, please consider 
queuing in -mm for 2.6.25.


From: Jiri Kosina <jkosina@suse.cz>

x86: randomize brk()

Randomize the location of the heap (brk) for i386 and x86_64.  The range is
randomized in the range starting at current brk location up to 0x02000000
offset for both architectures.  This, together with
pie-executable-randomization.patch and
pie-executable-randomization-fix.patch, should make the address space
randomization on i386 and x86_64 complete.

Arjan says:

This is known to break older versions of some emacs variants, whose dumper
code assumed that the last variable declared in the program is equal to the
start of the dynamically allocated memory region.

(The dumper is the code where emacs effectively dumps core at the end of it's
compilation stage; this coredump is then loaded as the main program during
normal use)

iirc this was 5 years or so; we found this way back when I was at RH and we
first did the security stuff there (including this brk randomization).  It
wasn't all variants of emacs, and it got fixed as a result (I vaguely remember
that emacs already had code to deal with it for other archs/oses, just
ifdeffed wrongly).

It's a rare and wrong assumption as a general thing, just on x86 it mostly
happened to be true (but to be honest, it'll break too if gcc does something
fancy or if the linker does a non-standard order).  Still its something we
should at least document.

Note 2: afaik it only broke the emacs *build*.  I'm not 100% sure about that
(it IS 5 years ago) though.

Signed-off-by: Jiri Kosina <jkosina@suse.cz>

diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c
index 7b89958..b6578c7 100644
--- a/arch/x86/kernel/process_32.c
+++ b/arch/x86/kernel/process_32.c
@@ -971,3 +971,10 @@ unsigned long arch_align_stack(unsigned long sp)
 		sp -= get_random_int() % 8192;
 	return sp & ~0xf;
 }
+
+unsigned long arch_randomize_brk(struct mm_struct *mm)
+{
+	unsigned long range_end = mm->brk + 0x02000000;
+	return randomize_range(mm->brk, range_end, 0) ? : mm->brk;
+}
+
diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
index 6309b27..347cd06 100644
--- a/arch/x86/kernel/process_64.c
+++ b/arch/x86/kernel/process_64.c
@@ -903,3 +903,10 @@ unsigned long arch_align_stack(unsigned long sp)
 		sp -= get_random_int() % 8192;
 	return sp & ~0xf;
 }
+
+unsigned long arch_randomize_brk(struct mm_struct *mm)
+{
+	unsigned long range_end = mm->brk + 0x02000000;
+	return randomize_range(mm->brk, range_end, 0) ? : mm->brk;
+}
+
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index 12c3179..2d48a69 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -1084,6 +1084,12 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
 	current->mm->end_data = end_data;
 	current->mm->start_stack = bprm->p;
 
+#ifdef ARCH_HAS_RANDOMIZE_BRK
+	if (current->flags & PF_RANDOMIZE)
+		current->mm->brk = current->mm->start_brk =
+			arch_randomize_brk(current->mm);
+#endif
+
 	if (current->personality & MMAP_PAGE_ZERO) {
 		/* Why this, you ask???  Well SVr4 maps page 0 as read-only,
 		   and some applications "depend" upon this behavior.
diff --git a/include/asm-x86/elf_32.h b/include/asm-x86/elf_32.h
index b3f694e..58949e7 100644
--- a/include/asm-x86/elf_32.h
+++ b/include/asm-x86/elf_32.h
@@ -153,6 +153,9 @@ extern int arch_setup_additional_pages(struct linux_binprm *bprm,
 
 extern unsigned int vdso_enabled;
 
+#define ARCH_HAS_RANDOMIZE_BRK
+extern unsigned long arch_randomize_brk(struct mm_struct *mm);
+
 /* update AT_VECTOR_SIZE_ARCH if the number of NEW_AUX_ENT entries changes */
 #define ARCH_DLINFO							\
 do if (vdso_enabled) {							\
diff --git a/include/asm-x86/elf_64.h b/include/asm-x86/elf_64.h
index b4fbe47..177afa3 100644
--- a/include/asm-x86/elf_64.h
+++ b/include/asm-x86/elf_64.h
@@ -170,6 +170,9 @@ extern int arch_setup_additional_pages(struct linux_binprm *bprm,
 
 extern int vdso_enabled;
 
+#define ARCH_HAS_RANDOMIZE_BRK
+extern unsigned long arch_randomize_brk(struct mm_struct *mm);
+
 #define ARCH_DLINFO						\
 do if (vdso_enabled) {						\
 	NEW_AUX_ENT(AT_SYSINFO_EHDR,(unsigned long)current->mm->context.vdso);\

^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2007-10-23 22:13 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-09-11 12:17 [PATCH] [RESEND] i386 and x86_64: randomize brk() Jiri Kosina
2007-09-14  5:07 ` Andrew Morton
2007-09-14  8:30   ` Jiri Kosina
2007-10-11  8:18 ` Andrew Morton
2007-10-11  8:26   ` Andrew Morton
2007-10-11  8:55   ` Andrew Morton
2007-10-11  9:27     ` Jiri Kosina
2007-10-19 22:10     ` Jiri Kosina
2007-10-23 22:13       ` Jiri Kosina
2007-10-11  9:23   ` Jiri Kosina

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).