| Message ID | 20150226153435.df670671fb10eb9efa0fa845@linux-foundation.org (mailing list archive) |
|---|---|
| State | Not Applicable |
| Headers | show |
On Thu, 26 Feb 2015 15:37:37 -0800 Kees Cook <keescook@chromium.org> wrote: > Agh, no, please let's avoid the CONFIG addition. That is precisely how we do this. > Hector mentioned in private mail that he was looking at an alternative > that adds exec_base to struct mm which would avoid all this insanity. > > Can't we do something like: > > #ifndef mmap_rnd > # define mmap_rnd 0 > #endif Sure, and sprinkle #define mmap_rnd mmap_rnd in five arch header files where nobody thinks to look. For better or for worse, we are consolidating such things into arch/*/Kconfig.
On Thu, Feb 26, 2015 at 4:11 PM, Kees Cook <keescook@chromium.org> wrote: > On Thu, Feb 26, 2015 at 4:06 PM, Andrew Morton > <akpm@linux-foundation.org> wrote: >> On Thu, 26 Feb 2015 15:37:37 -0800 Kees Cook <keescook@chromium.org> wrote: >> >>> Agh, no, please let's avoid the CONFIG addition. >> >> That is precisely how we do this. >> >>> Hector mentioned in private mail that he was looking at an alternative >>> that adds exec_base to struct mm which would avoid all this insanity. >>> >>> Can't we do something like: >>> >>> #ifndef mmap_rnd >>> # define mmap_rnd 0 >>> #endif >> >> Sure, and sprinkle >> >> #define mmap_rnd mmap_rnd >> >> in five arch header files where nobody thinks to look. >> >> For better or for worse, we are consolidating such things into arch/*/Kconfig. > > Okay, fair enough. Even with your configs (though shouldn't they be > ARCH_HAS or just HAVE?) I've now stumbled over the issue that we can't > put randomize_et_dyn in binfmt_elf because it conflicts with linking > against compat_binfmt_elf. Instead of all this, how about we rework the existing CONFIG and just change around how s390 does this to match the other architectures and remove the ifdef in binfmt_elf.c at the same time? Let me work something up... -Kees
diff -puN arch/arm/Kconfig~fix-offset2lib-issue-for-x86-arm-powerpc-and-mips-fix-fix-2 arch/arm/Kconfig --- a/arch/arm/Kconfig~fix-offset2lib-issue-for-x86-arm-powerpc-and-mips-fix-fix-2 +++ a/arch/arm/Kconfig @@ -5,6 +5,7 @@ config ARM select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST select ARCH_HAVE_CUSTOM_GPIO_H select ARCH_HAS_GCOV_PROFILE_ALL + select ARCH_HAVE_ELF_ASLR select ARCH_MIGHT_HAVE_PC_PARPORT select ARCH_SUPPORTS_ATOMIC_RMW select ARCH_USE_BUILTIN_BSWAP diff -puN arch/arm64/Kconfig~fix-offset2lib-issue-for-x86-arm-powerpc-and-mips-fix-fix-2 arch/arm64/Kconfig --- a/arch/arm64/Kconfig~fix-offset2lib-issue-for-x86-arm-powerpc-and-mips-fix-fix-2 +++ a/arch/arm64/Kconfig @@ -9,6 +9,7 @@ config ARM64 select ARCH_WANT_OPTIONAL_GPIOLIB select ARCH_WANT_COMPAT_IPC_PARSE_VERSION select ARCH_WANT_FRAME_POINTERS + select ARCH_HAVE_ELF_ASLR select ARM_AMBA select ARM_ARCH_TIMER select ARM_GIC diff -puN arch/mips/Kconfig~fix-offset2lib-issue-for-x86-arm-powerpc-and-mips-fix-fix-2 arch/mips/Kconfig --- a/arch/mips/Kconfig~fix-offset2lib-issue-for-x86-arm-powerpc-and-mips-fix-fix-2 +++ a/arch/mips/Kconfig @@ -39,6 +39,7 @@ config MIPS select HAVE_MEMBLOCK select HAVE_MEMBLOCK_NODE_MAP select ARCH_DISCARD_MEMBLOCK + select ARCH_HAVE_ELF_ASLR select GENERIC_SMP_IDLE_THREAD select BUILDTIME_EXTABLE_SORT select GENERIC_CLOCKEVENTS diff -puN arch/powerpc/Kconfig~fix-offset2lib-issue-for-x86-arm-powerpc-and-mips-fix-fix-2 arch/powerpc/Kconfig --- a/arch/powerpc/Kconfig~fix-offset2lib-issue-for-x86-arm-powerpc-and-mips-fix-fix-2 +++ a/arch/powerpc/Kconfig @@ -97,6 +97,7 @@ config PPC select HAVE_FUNCTION_GRAPH_TRACER select SYSCTL_EXCEPTION_TRACE select ARCH_WANT_OPTIONAL_GPIOLIB + select ARCH_HAVE_ELF_ASLR select VIRT_TO_BUS if !PPC64 select HAVE_IDE select HAVE_IOREMAP_PROT diff -puN arch/x86/Kconfig~fix-offset2lib-issue-for-x86-arm-powerpc-and-mips-fix-fix-2 arch/x86/Kconfig --- a/arch/x86/Kconfig~fix-offset2lib-issue-for-x86-arm-powerpc-and-mips-fix-fix-2 +++ a/arch/x86/Kconfig @@ -28,6 +28,7 @@ config X86 select ARCH_HAS_GCOV_PROFILE_ALL select ARCH_MIGHT_HAVE_PC_PARPORT select ARCH_MIGHT_HAVE_PC_SERIO + select ARCH_HAVE_ELF_ASLR select HAVE_AOUT if X86_32 select HAVE_UNSTABLE_SCHED_CLOCK select ARCH_SUPPORTS_NUMA_BALANCING if X86_64 diff -puN fs/Kconfig~fix-offset2lib-issue-for-x86-arm-powerpc-and-mips-fix-fix-2 fs/Kconfig --- a/fs/Kconfig~fix-offset2lib-issue-for-x86-arm-powerpc-and-mips-fix-fix-2 +++ a/fs/Kconfig @@ -50,6 +50,9 @@ config FS_DAX endif # BLOCK +config ARCH_HAVE_ELF_ASLR + bool + # Posix ACL utility routines # # Note: Posix ACLs can be implemented without these helpers. Never use diff -puN fs/binfmt_elf.c~fix-offset2lib-issue-for-x86-arm-powerpc-and-mips-fix-fix-2 fs/binfmt_elf.c --- a/fs/binfmt_elf.c~fix-offset2lib-issue-for-x86-arm-powerpc-and-mips-fix-fix-2 +++ a/fs/binfmt_elf.c @@ -2301,15 +2301,7 @@ out: #endif /* CONFIG_ELF_CORE */ -/* Not all architectures implement mmap_rnd() */ -unsigned long __weak mmap_rnd(void) -{ -} - -/* - * Not all architectures use randomize_et_dyn(), but there doesn't seem to be - * a compile-time way of avoiding its generation. - */ +#ifdef ARCH_HAVE_ELF_ASLR unsigned long randomize_et_dyn(unsigned long base) { unsigned long ret; @@ -2320,6 +2312,7 @@ unsigned long randomize_et_dyn(unsigned ret = base + mmap_rnd(); return max(ret, base); } +#endif static int __init init_elf_binfmt(void) {