Unperformant Restrictions for non-x86_32 archs
Kees Cook
kees at ubuntu.com
Fri Mar 2 08:32:20 UTC 2012
Hi Dieter,
I'm not sure I understand your request. The file you seem you mean is from
the Linux kernel package ("linux_3.2.0-17.27.diff.gz"), which collects all
the various patches Ubuntu carries for the kernel.
The routine you've quoted is from the NX-emulation patchset from:
http://git.kernel.org/?p=linux/kernel/git/kees/linux.git;a=shortlog;h=refs/heads/nx-emu
More specifically, this is a fix for brk area collisions when doing
ASCII-armored ASLR of the text segment for ELFs that have been built with
PIE.
Are you seeing some performance loss related to this?
And what did you want changed?
Thanks,
-Kees
On Wed, Feb 29, 2012 at 09:19:48AM +0000, Dieter Miosga wrote:
> Please change in file linux_32.0-17.27.diff
> at line 5268, and all following and preceding occurences , to
>
> --- linux-3.2.0.orig/arch/x86/kernel/process.c
> +++ linux-3.2.0/arch/x86/kernel/process.c
> @@ -663,6 +663,16 @@
> unsigned long arch_randomize_brk(struct mm_struct *mm)
> {
> unsigned long range_end = mm->brk + 0x02000000;
> - return randomize_range(mm->brk, range_end, 0) ? : mm->brk;
> +#ifdef CONFIG_X86_32
> + unsigned long bump = 0;
> + /* when using ASLR in arch_get_unmapped_exec_area, we must shove
> + the brk segment way out of the way of the exec area, since it
> + can collide with future allocations if not. */
> + if ( (mm->get_unmapped_exec_area == arch_get_unmapped_exec_area) &&
> + (mm->brk < 0x08000000) ) {
> + bump = (TASK_SIZE/6);
> + }
> + return bump + (randomize_range(mm->brk, range_end, 0) ? : mm->brk);
> +#else
> + return randomize_range(mm->brk, range_end, 0) ? : mm->brk;
> +#endif
>
> }
>
>
> Sincerely,
> Dieter Miosga
>
> --
> ubuntu-devel mailing list
> ubuntu-devel at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
--
Kees Cook
More information about the ubuntu-devel
mailing list