[PATCH] UBUNTU: SAUCE: x86: brk away from exec rand area
Kees Cook
kees.cook at canonical.com
Sat Jan 16 00:18:43 UTC 2010
Hi Jeremy,
On Sat, Jan 16, 2010 at 11:04:05AM +1100, Jeremy Kerr wrote:
> > diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
> > index b10acea..73594b9 100644
> > --- a/fs/binfmt_elf.c
> > +++ b/fs/binfmt_elf.c
> > @@ -978,6 +978,16 @@ static int load_elf_binary(struct linux_binprm *bprm,
> > struct pt_regs *regs) #ifdef arch_randomize_brk
> > if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1))
> > current->mm->brk = current->mm->start_brk =
> > +# ifdef CONFIG_X86_32
> > + /* in the case of NX emulation, shove the brk
> > + segment way out of the way of the exec
> > + randomization area, since it can collide with
> > + future allocations if not. */
> > + ( (current->mm->get_unmapped_exec_area ==
> > + arch_get_unmapped_exec_area) &&
> > + (current->mm->brk < 0x08000000)
> > + ? (TASK_SIZE/6) : 0) +
> > +# endif
> > arch_randomize_brk(current->mm);
>
> Seeing as this is arch specific, it might be best to put it in
> arch_randomize_brk, if possible.
arch_randomize_brk() is shared by x86 and x86_64, so if I moved it, it
would still carry the #ifdef CONFIG_X86_32. I can certainly move it,
but I felt it was more readable closer to the brk-calculation logic of
the ELF loader. (Nothing in the cs-limit patch[1] currently modifies
arch/x86/kernel/process.c, so I was also trying to avoid touching even
more files than it already does.)
Thanks,
-Kees
[1] http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-lucid.git;a=commitdiff;h=32a306aa2738c3d0a3f1c451b1a179358f02abf2
--
Kees Cook
Ubuntu Security Team
More information about the kernel-team
mailing list