linux/arch/x86
Hector Marco-Gisbert 8b8addf891 x86/mm/32: Enable full randomization on i386 and X86_32
Currently on i386 and on X86_64 when emulating X86_32 in legacy mode, only
the stack and the executable are randomized but not other mmapped files
(libraries, vDSO, etc.). This patch enables randomization for the
libraries, vDSO and mmap requests on i386 and in X86_32 in legacy mode.

By default on i386 there are 8 bits for the randomization of the libraries,
vDSO and mmaps which only uses 1MB of VA.

This patch preserves the original randomness, using 1MB of VA out of 3GB or
4GB. We think that 1MB out of 3GB is not a big cost for having the ASLR.

The first obvious security benefit is that all objects are randomized (not
only the stack and the executable) in legacy mode which highly increases
the ASLR effectiveness, otherwise the attackers may use these
non-randomized areas. But also sensitive setuid/setgid applications are
more secure because currently, attackers can disable the randomization of
these applications by setting the ulimit stack to "unlimited". This is a
very old and widely known trick to disable the ASLR in i386 which has been
allowed for too long.

Another trick used to disable the ASLR was to set the ADDR_NO_RANDOMIZE
personality flag, but fortunately this doesn't work on setuid/setgid
applications because there is security checks which clear Security-relevant
flags.

This patch always randomizes the mmap_legacy_base address, removing the
possibility to disable the ASLR by setting the stack to "unlimited".

Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
Acked-by: Ismael Ripoll Ripoll <iripoll@upv.es>
Acked-by: Kees Cook <keescook@chromium.org>
Acked-by: Arjan van de Ven <arjan@linux.intel.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: akpm@linux-foundation.org
Cc: kees Cook <keescook@chromium.org>
Link: http://lkml.kernel.org/r/1457639460-5242-1-git-send-email-hecmargi@upv.es
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2016-03-11 09:53:19 +01:00
..
boot UBSAN: run-time undefined behavior sanity checker 2016-01-20 17:09:18 -08:00
configs Merge branch 'drm-next' of git://people.freedesktop.org/~airlied/linux 2015-09-04 15:49:32 -07:00
crypto crypto: chacha20-ssse3 - Align stack pointer to 64 bytes 2016-01-25 21:47:45 +08:00
entry UBSAN: run-time undefined behavior sanity checker 2016-01-20 17:09:18 -08:00
ia32 Merge branch 'x86-headers-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-11-03 21:05:40 -08:00
include x86/mm: Fix INVPCID asm constraint 2016-02-14 11:19:06 +01:00
kernel x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID 2016-02-09 13:36:10 +01:00
kvm kvm: rename pfn_t to kvm_pfn_t 2016-01-15 17:56:32 -08:00
lguest Merge branch 'x86-cleanups-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-01-11 16:26:03 -08:00
lib Merge branch 'x86-cpu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-01-11 16:46:20 -08:00
math-emu Merge branch 'x86-headers-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-11-03 21:05:40 -08:00
mm x86/mm/32: Enable full randomization on i386 and X86_32 2016-03-11 09:53:19 +01:00
net bpf, x86: detect/optimize loading 0 immediates 2015-12-18 16:04:51 -05:00
oprofile
pci PCI changes for the v4.5 merge window: 2016-01-21 11:52:16 -08:00
platform Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-01-31 16:17:19 -08:00
power x86/pm: Introduce quirk framework to save/restore extra MSR registers around suspend/resume 2015-11-26 10:04:53 +01:00
purgatory
ras x86/ras/mce_amd_inj: Inject bank 4 errors on the NBC 2015-10-12 16:15:48 +02:00
realmode UBSAN: run-time undefined behavior sanity checker 2016-01-20 17:09:18 -08:00
tools
um virtio: barrier rework+fixes 2016-01-18 16:44:24 -08:00
video
xen xen: features and fixes for 4.5-rc0 2016-01-12 13:05:36 -08:00
.gitignore
Kbuild
Kconfig Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-01-31 16:17:19 -08:00
Kconfig.cpu x86/Kconfig/cpus: Fix/complete CPU type help texts 2015-10-21 11:12:56 +02:00
Kconfig.debug libnvdimm for 4.5 2016-01-13 19:15:14 -08:00
Makefile Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2015-11-04 09:11:12 -08:00
Makefile_32.cpu
Makefile.um