16 qpr2 muzel #11
Open
16 qpr2 muzel #11
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Based on the public grsecurity patches. Signed-off-by: anupritaisno1 <[email protected]> Signed-off-by: randomhydrosol <[email protected]>
Signed-off-by: randomhydrosol <[email protected]>
Signed-off-by: Daniel Micay <[email protected]> Signed-off-by: anupritaisno1 <[email protected]> Signed-off-by: randomhydrosol <[email protected]>
Signed-off-by: Daniel Micay <[email protected]> Signed-off-by: anupritaisno1 <[email protected]> Signed-off-by: randomhydrosol <[email protected]>
Stack mapping entropy is currently hard-wired to 11 bits of entropy on 32-bit and 18 bits of entropy on 64-bit. The stack itself gains an extra 8 bits of entropy from lower bit randomization within 16 byte alignment constraints. The argument block could have all lower bits randomized but it currently only gets the mapping randomization. Rather than hard-wiring values this switches to using the mmap entropy configuration like the mmap base and executable base, resulting in a range of 8 to 16 bits on 32-bit and 18 to 24 bits on 64-bit (with 4k pages and 3 level page tables) depending on kernel configuration and overridable via the sysctl entries. It's worth noting that since these kernel configuration options default to the minimum supported entropy value, the entropy on 32-bit will drop from 11 to 8 bits for builds using the defaults. However, following the configuration seems like the right thing to do regardless. At the very least, changing the defaults for COMPAT (32-bit processes on 64-bit) should be considered due to the larger address space compared to real 32-bit. Signed-off-by: Daniel Micay <[email protected]> Signed-off-by: anupritaisno1 <[email protected]> Signed-off-by: randomhydrosol <[email protected]>
This was based on the PaX RANDUSTACK feature in grsecurity, where all of the lower bits are randomized. PaX keeps 16-byte alignment. maade: as part of porting to 6.1, get_random_int() was replaced by get_random_u32() Signed-off-by: Daniel Micay <[email protected]> [[email protected]: do not randomize with ADDR_NO_RANDOMIZE personality] Signed-off-by: Levente Polyak <[email protected]> Signed-off-by: anupritaisno1 <[email protected]> Signed-off-by: randomhydrosol <[email protected]>
This adds support for arch_randomize_brk implementations not performing page alignment in order to randomize the lower bits of the brk heap. This idea is taken from PaX but the approach is different. This reuses the existing code and avoids forcing early creation of the heap mapping, avoiding mapping it if it's not used which is the case with many modern allocators based solely on mmap. The malloc implementation can be relied upon to align this as needed to the requirements it has, so using 16 byte alignment here is unnecessary. Signed-off-by: Daniel Micay <[email protected]> Signed-off-by: anupritaisno1 <[email protected]> Signed-off-by: randomhydrosol <[email protected]>
Per PaX, but for this alternate brk randomization approach. As part of the v5.4 linux-hardened rebase, this commit was adapted from the arm64 specific brk randomization to all arches that use the generic topdown mmap layout functions, introduced in e7142bf ("arm64, mm: make randomization selected by generic topdown mmap layout"). Signed-off-by: Daniel Micay <[email protected]> Signed-off-by: Levente Polyak <[email protected]> Signed-off-by: anupritaisno1 <[email protected]> Signed-off-by: randomhydrosol <[email protected]>
Per PaX, but for this alternate brk randomization approach. As part of the v5.4 linux-hardened rebase, this commit was adapted from the arm64 specific brk randomization to all arches that use the generic topdown mmap layout functions, introduced in e7142bf ("arm64, mm: make randomization selected by generic topdown mmap layout"). Signed-off-by: Daniel Micay <[email protected]> Signed-off-by: Levente Polyak <[email protected]> Signed-off-by: anupritaisno1 <[email protected]> Signed-off-by: randomhydrosol <[email protected]>
Signed-off-by: anupritaisno1 <[email protected]> Signed-off-by: randomhydrosol <[email protected]>
Most of this is extracted from the last publicly available version of the PaX patches where it's part of KERNEXEC as __read_only. It has been extended to a few more of these constants. maade: hung_task_timeout_max was moved to kernel/hung_task.c Signed-off-by: anupritaisno1 <[email protected]> Signed-off-by: randomhydrosol <[email protected]> Change-Id: I51c602675f67db0ba5257c3f4460fdd29517a5f1 Signed-off-by: randomhydrosol <[email protected]>
Signed-off-by: Daniel Micay <[email protected]> Signed-off-by: anupritaisno1 <[email protected]> Signed-off-by: randomhydrosol <[email protected]>
This was extracted from the PaX patch where it's part of the KERNEXEC feature as __read_only. Signed-off-by: Daniel Micay <[email protected]> Signed-off-by: anupritaisno1 <[email protected]> Signed-off-by: randomhydrosol <[email protected]>
Signed-off-by: anupritaisno1 <[email protected]> Signed-off-by: randomhydrosol <[email protected]>
Note: __cacheline_aligned_in_smp conflicts with __ro_after_init on x86. Extracted from PaX. Signed-off-by: anupritaisno1 <[email protected]> Signed-off-by: randomhydrosol <[email protected]>
Signed-off-by: anupritaisno1 <[email protected]> Signed-off-by: randomhydrosol <[email protected]>
Signed-off-by: anupritaisno1 <[email protected]> Signed-off-by: randomhydrosol <[email protected]>
Signed-off-by: randomhydrosol <[email protected]>
Change-Id: I62166df621b46e9d5272fe456df156e73878c429 Signed-off-by: randomhydrosol <[email protected]>
Signed-off-by: randomhydrosol <[email protected]>
Signed-off-by: randomhydrosol <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.