[ 3.8.y.z extended stable ] Patch "x86 get_unmapped_area(): use proper mmap base for bottom-up direction" has been added to staging queue

Kamal Mostafa kamal at canonical.com
Thu Aug 15 22:48:03 UTC 2013 

This is a note to let you know that I have just added a patch titled

    x86 get_unmapped_area(): use proper mmap base for bottom-up direction

to the linux-3.8.y-queue branch of the 3.8.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.8.y-queue

This patch is scheduled to be released in version 3.8.13.7.

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.8.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Kamal

------

>From 4669281b5305373eb142d63996df9c7a0298efad Mon Sep 17 00:00:00 2001
From: Radu Caragea <sinaelgl at gmail.com>
Date: Tue, 13 Aug 2013 16:00:59 -0700
Subject: x86 get_unmapped_area(): use proper mmap base for bottom-up direction

commit df54d6fa54275ce59660453e29d1228c2b45a826 upstream.

When the stack is set to unlimited, the bottomup direction is used for
mmap-ings but the mmap_base is not used and thus effectively renders
ASLR for mmapings along with PIE useless.

Cc: Michel Lespinasse <walken at google.com>
Cc: Oleg Nesterov <oleg at redhat.com>
Reviewed-by: Rik van Riel <riel at redhat.com>
Acked-by: Ingo Molnar <mingo at kernel.org>
Cc: Adrian Sendroiu <molecula2788 at gmail.com>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Kamal Mostafa <kamal at canonical.com>
---
 arch/x86/kernel/sys_x86_64.c | 2 +-
 arch/x86/mm/mmap.c           | 2 +-
 include/linux/sched.h        | 1 +
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c
index 97ef74b..af46e18 100644
--- a/arch/x86/kernel/sys_x86_64.c
+++ b/arch/x86/kernel/sys_x86_64.c
@@ -101,7 +101,7 @@ static void find_start_end(unsigned long flags, unsigned long *begin,
 				*begin = new_begin;
 		}
 	} else {
-		*begin = TASK_UNMAPPED_BASE;
+		*begin = mmap_legacy_base();
 		*end = TASK_SIZE;
 	}
 }
diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c
index 845df68..c1af323 100644
--- a/arch/x86/mm/mmap.c
+++ b/arch/x86/mm/mmap.c
@@ -98,7 +98,7 @@ static unsigned long mmap_base(void)
  * Bottom-up (legacy) layout on X86_32 did not support randomization, X86_64
  * does, but not when emulating X86_32
  */
-static unsigned long mmap_legacy_base(void)
+unsigned long mmap_legacy_base(void)
 {
 	if (mmap_is_ia32())
 		return TASK_UNMAPPED_BASE;
diff --git a/include/linux/sched.h b/include/linux/sched.h
index caa76ae..9d96429 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -360,6 +360,7 @@ extern int sysctl_max_map_count;
 #include <linux/aio.h>

 #ifdef CONFIG_MMU
+extern unsigned long mmap_legacy_base(void);
 extern void arch_pick_mmap_layout(struct mm_struct *mm);
 extern unsigned long
 arch_get_unmapped_area(struct file *, unsigned long, unsigned long,
--
1.8.1.2

More information about the kernel-team mailing list