Commit 2fd35017 authored by Arjan van de Ven's avatar Arjan van de Ven Committed by Linus Torvalds

[PATCH] Randomisation: mmap randomisation

The patch below randomizes the starting point of the mmap area.

This has the effect that all non-prelinked shared libaries and all bigger
malloc()s will be randomized between various invocations of the binary. 
Prelinked binaries get a address-hint from ld.so in their mmap and are thus
exempt from this randomisation, in order to not break the prelink advantage.
The randomisation range is 1 megabyte (this is bigger than the stack
randomisation since the stack randomisation only needs 16 bytes alignment
while the mmap needs page alignment, a 64kb range would not have given enough
entropy to be effective)
Signed-off-by: default avatarArjan van de Ven <arjan@infradead.org>
Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent ccc875c1
...@@ -26,6 +26,7 @@ ...@@ -26,6 +26,7 @@
#include <linux/personality.h> #include <linux/personality.h>
#include <linux/mm.h> #include <linux/mm.h>
#include <linux/random.h>
/* /*
* Top of mmap area (just below the process stack). * Top of mmap area (just below the process stack).
...@@ -38,13 +39,17 @@ ...@@ -38,13 +39,17 @@
static inline unsigned long mmap_base(struct mm_struct *mm) static inline unsigned long mmap_base(struct mm_struct *mm)
{ {
unsigned long gap = current->signal->rlim[RLIMIT_STACK].rlim_cur; unsigned long gap = current->signal->rlim[RLIMIT_STACK].rlim_cur;
unsigned long random_factor = 0;
if (current->flags & PF_RANDOMIZE)
random_factor = get_random_int() % (1024*1024);
if (gap < MIN_GAP) if (gap < MIN_GAP)
gap = MIN_GAP; gap = MIN_GAP;
else if (gap > MAX_GAP) else if (gap > MAX_GAP)
gap = MAX_GAP; gap = MAX_GAP;
return TASK_SIZE - (gap & PAGE_MASK); return PAGE_ALIGN(TASK_SIZE - gap - random_factor);
} }
/* /*
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment