From patchwork Tue Nov 24 00:44:59 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tim Gardner <tim.gardner@canonical.com>
X-Patchwork-Id: 547795
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19]) by ozlabs.org (Postfix) with ESMTP id 797BC1402A9;
	Tue, 24 Nov 2015 11:46:17 +1100 (AEDT)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=canonical-com.20150623.gappssmtp.com
	header.i=@canonical-com.20150623.gappssmtp.com
	header.b=YB77ivfj; dkim-atps=neutral
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.76)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1a11kN-0006Vm-Dk; Tue, 24 Nov 2015 00:46:15 +0000
Received: from mail-pa0-f52.google.com ([209.85.220.52])
	by huckleberry.canonical.com with esmtp (Exim 4.76)
	(envelope-from <tim.gardner@canonical.com>) id 1a11jY-00067E-Ns
	for kernel-team@lists.ubuntu.com; Tue, 24 Nov 2015 00:45:24 +0000
Received: by padhx2 with SMTP id hx2so1842314pad.1
	for <kernel-team@lists.ubuntu.com>;
	Mon, 23 Nov 2015 16:45:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=canonical-com.20150623.gappssmtp.com; s=20150623;
	h=from:to:subject:date:message-id:in-reply-to:references;
	bh=dWuP7jmF6UssoV1F6frt9x2umwvWvezwps0Ptic2rIQ=;
	b=YB77ivfjYV0G5XHnsIZeQAuc9lPKPBM6vzXcK38RvEvn/xu4Vtosx66NVZsU+ppag2
	581QjO9eCzCk0w14yjTk03DPeLmMd/DNgXgsFn5MgCWTCqe+uljdGEN/TQPsRaB9S2fx
	IG6g5kLPYjLDMSZUUHmYqB7w7uqh5hYu1iS4AySQOKGBsM1hFoysZSJHRPin4bwCm3Rk
	3SIKU3BmJa50iro88t312yazOn5G/Z3BRi5HslexNheJlNwQo5eQHe5qMALdtOC7NLR8
	Hu1yiJ/Kn/BSwp+3Ck93EOPgQp+CLiQjlGOrIbsvoQYeBQP7Q1mOi3vw4ZdARrjuHZRB
	0Hrg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references;
	bh=dWuP7jmF6UssoV1F6frt9x2umwvWvezwps0Ptic2rIQ=;
	b=X+vL7sp4GVpzL3KGQXdADT+ljnfE2KwxAuRJOnIzKhbya8y4OGPnz3TvgHe4EoNbWy
	ZK5FY0WtOLcZ4RZV4uuDdkR2DNts/xkKZnqn0KeCx3WkVjSAzSvCW97T5cT7tnyTqpxH
	2Mut1CIle1LV8a47SEsGQ/sIti45uK9IpJwSA6rIRLYeA5Yu9+h69ljpjq8LhMYq83QH
	TiWCTRTJfP8zyB2l6o0DMnoBXZpQKS1rsIWNuFRqsK9eQ9ziajL5Tsj1o6qhvhaeypPO
	+ViXwWD+2JO4rVBIjn+c4751Q8lWklayZDrM1gbCQoTSgJxm0c0d2SHh+S4JO90ZOjzt
	F/JQ==
X-Gm-Message-State: 
 ALoCoQlR6QiFVo1Vu/h95nzbdyNIA1nAYcd4Tta39+RrhdMwZL//mMIv2YMiMaAST0oNCAL2HXQO
X-Received: by 10.98.14.8 with SMTP id w8mr19401984pfi.38.1448325924037;
	Mon, 23 Nov 2015 16:45:24 -0800 (PST)
Received: from localhost.localdomain
	(host-174-45-44-32.hln-mt.client.bresnan.net. [174.45.44.32])
	by smtp.gmail.com with ESMTPSA id
	xe1sm11861197pbc.4.2015.11.23.16.45.23
	for <kernel-team@lists.ubuntu.com>
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Mon, 23 Nov 2015 16:45:23 -0800 (PST)
From: tim.gardner@canonical.com
To: kernel-team@lists.ubuntu.com
Subject: [PATCH 01/10] arm: factor out mmap ASLR into mmap_rnd
Date: Mon, 23 Nov 2015 17:44:59 -0700
Message-Id: <1448325908-8185-2-git-send-email-tim.gardner@canonical.com>
X-Mailer: git-send-email 1.9.1
In-Reply-To: <1448325908-8185-1-git-send-email-tim.gardner@canonical.com>
References: <1448325908-8185-1-git-send-email-tim.gardner@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: kernel-team-bounces@lists.ubuntu.com

From: Kees Cook <keescook@chromium.org>

BugLink: http://bugs.launchpad.net/bugs/1518483

To address the "offset2lib" ASLR weakness[1], this separates ET_DYN ASLR
from mmap ASLR, as already done on s390.  The architectures that are
already randomizing mmap (arm, arm64, mips, powerpc, s390, and x86), have
their various forms of arch_mmap_rnd() made available via the new
CONFIG_ARCH_HAS_ELF_RANDOMIZE.  For these architectures,
arch_randomize_brk() is collapsed as well.

This is an alternative to the solutions in:
https://lkml.org/lkml/2015/2/23/442

I've been able to test x86 and arm, and the buildbot (so far) seems happy
with building the rest.

[1] http://cybersecurity.upv.es/attacks/offset2lib/offset2lib.html

This patch (of 10):

In preparation for splitting out ET_DYN ASLR, this moves the ASLR
calculations for mmap on ARM into a separate routine, similar to x86.
This also removes the redundant check of personality (PF_RANDOMIZE is
already set before calling arch_pick_mmap_layout).

Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Hector Marco-Gisbert <hecmargi@upv.es>
Cc: Russell King <linux@arm.linux.org.uk>
Reviewed-by: Ingo Molnar <mingo@kernel.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: "David A. Long" <dave.long@linaro.org>
Cc: Andrey Ryabinin <a.ryabinin@samsung.com>
Cc: Arun Chandran <achandran@mvista.com>
Cc: Yann Droneaud <ydroneaud@opteya.com>
Cc: Min-Hua Chen <orca.chen@gmail.com>
Cc: Paul Burton <paul.burton@imgtec.com>
Cc: Alex Smith <alex@alex-smith.me.uk>
Cc: Markos Chandras <markos.chandras@imgtec.com>
Cc: Vineeth Vijayan <vvijayan@mvista.com>
Cc: Jeff Bailey <jeffbailey@google.com>
Cc: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Cc: Ben Hutchings <ben@decadent.org.uk>
Cc: Behan Webster <behanw@converseincode.com>
Cc: Ismael Ripoll <iripoll@upv.es>
Cc: Jan-Simon Mller <dl9pf@gmx.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
(cherry picked from commit fbbc400f3924ce095b466c776dc294727ec0a202)
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
---
 arch/arm/mm/mmap.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c
index 5e85ed3..15a8160 100644
--- a/arch/arm/mm/mmap.c
+++ b/arch/arm/mm/mmap.c
@@ -169,14 +169,22 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
 	return addr;
 }
 
+static unsigned long mmap_rnd(void)
+{
+	unsigned long rnd;
+
+	/* 8 bits of randomness in 20 address space bits */
+	rnd = (unsigned long)get_random_int() % (1 << 8);
+
+	return rnd << PAGE_SHIFT;
+}
+
 void arch_pick_mmap_layout(struct mm_struct *mm)
 {
 	unsigned long random_factor = 0UL;
 
-	/* 8 bits of randomness in 20 address space bits */
-	if ((current->flags & PF_RANDOMIZE) &&
-	    !(current->personality & ADDR_NO_RANDOMIZE))
-		random_factor = (get_random_int() % (1 << 8)) << PAGE_SHIFT;
+	if (current->flags & PF_RANDOMIZE)
+		random_factor = mmap_rnd();
 
 	if (mmap_is_legacy()) {
 		mm->mmap_base = TASK_UNMAPPED_BASE + random_factor;