releases/3.10.8/x86-get_unmapped_area-use-proper-mmap-base-for-bottom-up-direction.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From df54d6fa54275ce59660453e29d1228c2b45a826 Mon Sep 17 00:00:00 2001
 From: Radu Caragea <sinaelgl@gmail.com>
 Date: Tue, 13 Aug 2013 16:00:59 -0700
 Subject: x86 get_unmapped_area(): use proper mmap base for bottom-up direction

 From: Radu Caragea <sinaelgl@gmail.com>

 commit df54d6fa54275ce59660453e29d1228c2b45a826 upstream.

 When the stack is set to unlimited, the bottomup direction is used for
 mmap-ings but the mmap_base is not used and thus effectively renders
 ASLR for mmapings along with PIE useless.

 Reviewed-by: Rik van Riel <riel@redhat.com>
 Cc: Michel Lespinasse <walken@google.com>
 Cc: Oleg Nesterov <oleg@redhat.com>
 Acked-by: Ingo Molnar <mingo@kernel.org>
 Cc: Adrian Sendroiu <molecula2788@gmail.com>
 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 ---
  arch/x86/kernel/sys_x86_64.c |    2 +-
  arch/x86/mm/mmap.c           |    2 +-
  include/linux/sched.h        |    1 +
  3 files changed, 3 insertions(+), 2 deletions(-)

 --- a/arch/x86/kernel/sys_x86_64.c
 +++ b/arch/x86/kernel/sys_x86_64.c
 @@ -101,7 +101,7 @@ static void find_start_end(unsigned long
  				*begin = new_begin;
  		}
  	} else {
 -		*begin = TASK_UNMAPPED_BASE;
 +		*begin = mmap_legacy_base();
  		*end = TASK_SIZE;
  	}
  }
 --- a/arch/x86/mm/mmap.c
 +++ b/arch/x86/mm/mmap.c
 @@ -98,7 +98,7 @@ static unsigned long mmap_base(void)
   * Bottom-up (legacy) layout on X86_32 did not support randomization, X86_64
   * does, but not when emulating X86_32
   */
 -static unsigned long mmap_legacy_base(void)
 +unsigned long mmap_legacy_base(void)
  {
  	if (mmap_is_ia32())
  		return TASK_UNMAPPED_BASE;
 --- a/include/linux/sched.h
 +++ b/include/linux/sched.h
 @@ -314,6 +314,7 @@ struct nsproxy;
  struct user_namespace;

  #ifdef CONFIG_MMU
 +extern unsigned long mmap_legacy_base(void);
  extern void arch_pick_mmap_layout(struct mm_struct *mm);
  extern unsigned long
  arch_get_unmapped_area(struct file *, unsigned long, unsigned long,
	From df54d6fa54275ce59660453e29d1228c2b45a826 Mon Sep 17 00:00:00 2001
	From: Radu Caragea <sinaelgl@gmail.com>
	Date: Tue, 13 Aug 2013 16:00:59 -0700
	Subject: x86 get_unmapped_area(): use proper mmap base for bottom-up direction

	From: Radu Caragea <sinaelgl@gmail.com>

	commit df54d6fa54275ce59660453e29d1228c2b45a826 upstream.

	When the stack is set to unlimited, the bottomup direction is used for
	mmap-ings but the mmap_base is not used and thus effectively renders
	ASLR for mmapings along with PIE useless.

	Reviewed-by: Rik van Riel <riel@redhat.com>
	Cc: Michel Lespinasse <walken@google.com>
	Cc: Oleg Nesterov <oleg@redhat.com>
	Acked-by: Ingo Molnar <mingo@kernel.org>
	Cc: Adrian Sendroiu <molecula2788@gmail.com>
	Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
	Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

	---
	arch/x86/kernel/sys_x86_64.c \| 2 +-
	arch/x86/mm/mmap.c \| 2 +-
	include/linux/sched.h \| 1 +
	3 files changed, 3 insertions(+), 2 deletions(-)

	--- a/arch/x86/kernel/sys_x86_64.c
	+++ b/arch/x86/kernel/sys_x86_64.c
	@@ -101,7 +101,7 @@ static void find_start_end(unsigned long
	*begin = new_begin;
	}
	} else {
	- *begin = TASK_UNMAPPED_BASE;
	+ *begin = mmap_legacy_base();
	*end = TASK_SIZE;
	}
	}
	--- a/arch/x86/mm/mmap.c
	+++ b/arch/x86/mm/mmap.c
	@@ -98,7 +98,7 @@ static unsigned long mmap_base(void)
	* Bottom-up (legacy) layout on X86_32 did not support randomization, X86_64
	* does, but not when emulating X86_32
	*/
	-static unsigned long mmap_legacy_base(void)
	+unsigned long mmap_legacy_base(void)
	{
	if (mmap_is_ia32())
	return TASK_UNMAPPED_BASE;
	--- a/include/linux/sched.h
	+++ b/include/linux/sched.h
	@@ -314,6 +314,7 @@ struct nsproxy;
	struct user_namespace;

	#ifdef CONFIG_MMU
	+extern unsigned long mmap_legacy_base(void);
	extern void arch_pick_mmap_layout(struct mm_struct *mm);
	extern unsigned long
	arch_get_unmapped_area(struct file *, unsigned long, unsigned long,