[maverick] ARM security cherry-picks

Message ID	20100828155043.GL4703@outflux.net
State	Accepted
Delegated to:	Leann Ogasawara
Headers	show Return-Path: <kernel-team-bounces@lists.ubuntu.com> Date: Sat, 28 Aug 2010 08:50:43 -0700 From: Kees Cook <kees.cook@canonical.com> To: Bryan Wu <bryan.wu@canonical.com> Subject: Re: [maverick] ARM security cherry-picks Message-ID: <20100828155043.GL4703@outflux.net> References: <20100821045838.GB4138@outflux.net> <4C727B9F.3000001@canonical.com> <4C735A2E.4020809@canonical.com> <4C73BF72.2080707@canonical.com> <4C77C9AD.2000004@canonical.com> <AANLkTimOyqzD_TEP+fZkQqaDMprBWvcyobXA0EmrJEsT@mail.gmail.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <AANLkTimOyqzD_TEP+fZkQqaDMprBWvcyobXA0EmrJEsT@mail.gmail.com> Organization: Ubuntu Cc: kernel-team@lists.ubuntu.com Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: kernel-team-bounces@lists.ubuntu.com Errors-To: kernel-team-bounces@lists.ubuntu.com

Message ID

20100828155043.GL4703@outflux.net

State

Accepted

Delegated to:

Leann Ogasawara

Headers

Date: Sat, 28 Aug 2010 08:50:43 -0700
From: Kees Cook <kees.cook@canonical.com>
To: Bryan Wu <bryan.wu@canonical.com>
Subject: Re: [maverick] ARM security cherry-picks
Message-ID: <20100828155043.GL4703@outflux.net>
References: <20100821045838.GB4138@outflux.net>
	<4C727B9F.3000001@canonical.com> <4C735A2E.4020809@canonical.com>
	<4C73BF72.2080707@canonical.com> <4C77C9AD.2000004@canonical.com>
	<AANLkTimOyqzD_TEP+fZkQqaDMprBWvcyobXA0EmrJEsT@mail.gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <AANLkTimOyqzD_TEP+fZkQqaDMprBWvcyobXA0EmrJEsT@mail.gmail.com>
Organization: Ubuntu
Cc: kernel-team@lists.ubuntu.com
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: kernel-team-bounces@lists.ubuntu.com
Errors-To: kernel-team-bounces@lists.ubuntu.com

Commit Message

Kees Cook Aug. 28, 2010, 3:50 p.m. UTC

Hi Bryan,

On Sat, Aug 28, 2010 at 10:08:28AM +0800, Bryan Wu wrote:
> http://git.linaro.org/gitweb?p=linux/arm_next.git;a=commitdiff;h=f13b5666dfe3240bf2218f0ca30e5ea2b4a1c50d
> Is this URL still alive? I cannot access it, so I'm not sure whether
> we need to apply this one.

This works for me. It is:


From: Nicolas Pitre <nicolas.pitre@linaro.org>
Date: Fri, 20 Aug 2010 20:16:03 +0000 (-0400)
Subject: ARM: fix ASLR of PIE executables
X-Git-Url: http://git.linaro.org/gitweb?p=linux%2Farm_next.git;a=commitdiff_plain;h=f13b5666dfe3240bf2218f0ca30e5ea2b4a1c50d

ARM: fix ASLR of PIE executables

Since commits 990cb8acf2 and cc92c28b2d, it is possible to have full
address space layout randomization (ASLR) on ARM.  Except that one small
change was missing for ASLR of PIE executables.

Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
---

Comments

Bryan Wu Aug. 29, 2010, 1:24 p.m. UTC | #1

On Sat, Aug 28, 2010 at 11:50 PM, Kees Cook <kees.cook@canonical.com> wrote:
> Hi Bryan,
>
> On Sat, Aug 28, 2010 at 10:08:28AM +0800, Bryan Wu wrote:
>> http://git.linaro.org/gitweb?p=linux/arm_next.git;a=commitdiff;h=f13b5666dfe3240bf2218f0ca30e5ea2b4a1c50d
>> Is this URL still alive? I cannot access it, so I'm not sure whether
>> we need to apply this one.
>
> This works for me. It is:
>
>
> From: Nicolas Pitre <nicolas.pitre@linaro.org>
> Date: Fri, 20 Aug 2010 20:16:03 +0000 (-0400)
> Subject: ARM: fix ASLR of PIE executables
> X-Git-Url: http://git.linaro.org/gitweb?p=linux%2Farm_next.git;a=commitdiff_plain;h=f13b5666dfe3240bf2218f0ca30e5ea2b4a1c50d
>
> ARM: fix ASLR of PIE executables
>
> Since commits 990cb8acf2 and cc92c28b2d, it is possible to have full
> address space layout randomization (ASLR) on ARM.  Except that one small
> change was missing for ASLR of PIE executables.
>
> Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
> ---
>
> diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
> index 535e763..6884e19 100644
> --- a/fs/binfmt_elf.c
> +++ b/fs/binfmt_elf.c
> @@ -800,7 +800,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
>                         * default mmap base, as well as whatever program they
>                         * might try to exec.  This is because the brk will
>                         * follow the loader, and is not movable.  */
> -#ifdef CONFIG_X86
> +#if defined(CONFIG_X86) || defined(CONFIG_ARM)
>                        load_bias = 0;
>  #else
>                        load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
>
> --
> Kees Cook
> Ubuntu Security Team
>

Kees,

Thanks a lot. It's already been applied in TI OMAP4 branch via Lean's
cherrypick.

http://kernel.ubuntu.com/git?p=roc/ubuntu-maverick.git;a=commitdiff;h=71a9a46363f3f7f25f7ac9bc732881e141690cc5

-Bryan

diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index 535e763..6884e19 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -800,7 +800,7 @@  static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
 			 * default mmap base, as well as whatever program they
 			 * might try to exec.  This is because the brk will
 			 * follow the loader, and is not movable.  */
-#ifdef CONFIG_X86
+#if defined(CONFIG_X86) || defined(CONFIG_ARM)
 			load_bias = 0;
 #else
 			load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);

[maverick] ARM security cherry-picks

Commit Message

Comments

Patch