[maverick] ARM security cherry-picks

Bryan Wu bryan.wu at canonical.com
Sun Aug 29 14:24:05 BST 2010


On Sat, Aug 28, 2010 at 11:50 PM, Kees Cook <kees.cook at canonical.com> wrote:
> Hi Bryan,
>
> On Sat, Aug 28, 2010 at 10:08:28AM +0800, Bryan Wu wrote:
>> http://git.linaro.org/gitweb?p=linux/arm_next.git;a=commitdiff;h=f13b5666dfe3240bf2218f0ca30e5ea2b4a1c50d
>> Is this URL still alive? I cannot access it, so I'm not sure whether
>> we need to apply this one.
>
> This works for me. It is:
>
>
> From: Nicolas Pitre <nicolas.pitre at linaro.org>
> Date: Fri, 20 Aug 2010 20:16:03 +0000 (-0400)
> Subject: ARM: fix ASLR of PIE executables
> X-Git-Url: http://git.linaro.org/gitweb?p=linux%2Farm_next.git;a=commitdiff_plain;h=f13b5666dfe3240bf2218f0ca30e5ea2b4a1c50d
>
> ARM: fix ASLR of PIE executables
>
> Since commits 990cb8acf2 and cc92c28b2d, it is possible to have full
> address space layout randomization (ASLR) on ARM.  Except that one small
> change was missing for ASLR of PIE executables.
>
> Signed-off-by: Nicolas Pitre <nicolas.pitre at linaro.org>
> ---
>
> diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
> index 535e763..6884e19 100644
> --- a/fs/binfmt_elf.c
> +++ b/fs/binfmt_elf.c
> @@ -800,7 +800,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
>                         * default mmap base, as well as whatever program they
>                         * might try to exec.  This is because the brk will
>                         * follow the loader, and is not movable.  */
> -#ifdef CONFIG_X86
> +#if defined(CONFIG_X86) || defined(CONFIG_ARM)
>                        load_bias = 0;
>  #else
>                        load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
>
> --
> Kees Cook
> Ubuntu Security Team
>

Kees,

Thanks a lot. It's already been applied in TI OMAP4 branch via Lean's
cherrypick.

http://kernel.ubuntu.com/git?p=roc/ubuntu-maverick.git;a=commitdiff;h=71a9a46363f3f7f25f7ac9bc732881e141690cc5

-Bryan



More information about the kernel-team mailing list