mirror of
https://github.com/followmsi/android_kernel_google_msm.git
synced 2024-11-06 23:17:41 +00:00
BACKPORT: FROMLIST: mm: ASLR: use get_random_long()
(cherry picked from commit https://lkml.org/lkml/2016/2/4/833) Replace calls to get_random_int() followed by a cast to (unsigned long) with calls to get_random_long(). Also address shifting bug which, in case of x86 removed entropy mask for mmap_rnd_bits values > 31 bits. Bug: 26963541 Signed-off-by: Daniel Cashman <dcashman@android.com> Signed-off-by: Daniel Cashman <dcashman@google.com> Change-Id: Iac34b63294ec120edcbf8760186667a84a5cf556
This commit is contained in:
parent
6f8746868e
commit
4b659025f0
6 changed files with 11 additions and 11 deletions
|
@ -261,7 +261,7 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
|
||||||
|
|
||||||
if ((current->flags & PF_RANDOMIZE) &&
|
if ((current->flags & PF_RANDOMIZE) &&
|
||||||
!(current->personality & ADDR_NO_RANDOMIZE))
|
!(current->personality & ADDR_NO_RANDOMIZE))
|
||||||
random_factor = (get_random_int() & ((1 << mmap_rnd_bits) - 1)) << PAGE_SHIFT;
|
random_factor = (get_random_long() & ((1UL << mmap_rnd_bits) - 1)) << PAGE_SHIFT;
|
||||||
|
|
||||||
if (mmap_is_legacy()) {
|
if (mmap_is_legacy()) {
|
||||||
mm->mmap_base = TASK_UNMAPPED_BASE + random_factor;
|
mm->mmap_base = TASK_UNMAPPED_BASE + random_factor;
|
||||||
|
|
|
@ -224,7 +224,7 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
|
||||||
unsigned long random_factor = 0UL;
|
unsigned long random_factor = 0UL;
|
||||||
|
|
||||||
if (current->flags & PF_RANDOMIZE) {
|
if (current->flags & PF_RANDOMIZE) {
|
||||||
random_factor = get_random_int();
|
random_factor = get_random_long();
|
||||||
random_factor = random_factor << PAGE_SHIFT;
|
random_factor = random_factor << PAGE_SHIFT;
|
||||||
if (TASK_IS_32BIT_ADDR)
|
if (TASK_IS_32BIT_ADDR)
|
||||||
random_factor &= 0xfffffful;
|
random_factor &= 0xfffffful;
|
||||||
|
@ -245,7 +245,7 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
|
||||||
|
|
||||||
static inline unsigned long brk_rnd(void)
|
static inline unsigned long brk_rnd(void)
|
||||||
{
|
{
|
||||||
unsigned long rnd = get_random_int();
|
unsigned long rnd = get_random_long();
|
||||||
|
|
||||||
rnd = rnd << PAGE_SHIFT;
|
rnd = rnd << PAGE_SHIFT;
|
||||||
/* 8MB for 32bit, 256MB for 64bit */
|
/* 8MB for 32bit, 256MB for 64bit */
|
||||||
|
|
|
@ -1288,9 +1288,9 @@ static inline unsigned long brk_rnd(void)
|
||||||
|
|
||||||
/* 8MB for 32bit, 1GB for 64bit */
|
/* 8MB for 32bit, 1GB for 64bit */
|
||||||
if (is_32bit_task())
|
if (is_32bit_task())
|
||||||
rnd = (long)(get_random_int() % (1<<(23-PAGE_SHIFT)));
|
rnd = (get_random_long() % (1UL<<(23-PAGE_SHIFT)));
|
||||||
else
|
else
|
||||||
rnd = (long)(get_random_int() % (1<<(30-PAGE_SHIFT)));
|
rnd = (get_random_long() % (1UL<<(30-PAGE_SHIFT)));
|
||||||
|
|
||||||
return rnd << PAGE_SHIFT;
|
return rnd << PAGE_SHIFT;
|
||||||
}
|
}
|
||||||
|
|
|
@ -60,9 +60,9 @@ static unsigned long mmap_rnd(void)
|
||||||
if (current->flags & PF_RANDOMIZE) {
|
if (current->flags & PF_RANDOMIZE) {
|
||||||
/* 8MB for 32bit, 1GB for 64bit */
|
/* 8MB for 32bit, 1GB for 64bit */
|
||||||
if (is_32bit_task())
|
if (is_32bit_task())
|
||||||
rnd = (long)(get_random_int() % (1<<(23-PAGE_SHIFT)));
|
rnd = get_random_long() % (1<<(23-PAGE_SHIFT));
|
||||||
else
|
else
|
||||||
rnd = (long)(get_random_int() % (1<<(30-PAGE_SHIFT)));
|
rnd = get_random_long() % (1UL<<(30-PAGE_SHIFT));
|
||||||
}
|
}
|
||||||
return rnd << PAGE_SHIFT;
|
return rnd << PAGE_SHIFT;
|
||||||
}
|
}
|
||||||
|
|
|
@ -366,7 +366,7 @@ static unsigned long mmap_rnd(void)
|
||||||
unsigned long rnd = 0UL;
|
unsigned long rnd = 0UL;
|
||||||
|
|
||||||
if (current->flags & PF_RANDOMIZE) {
|
if (current->flags & PF_RANDOMIZE) {
|
||||||
unsigned long val = get_random_int();
|
unsigned long val = get_random_long();
|
||||||
if (test_thread_flag(TIF_32BIT))
|
if (test_thread_flag(TIF_32BIT))
|
||||||
rnd = (val % (1UL << (23UL-PAGE_SHIFT)));
|
rnd = (val % (1UL << (23UL-PAGE_SHIFT)));
|
||||||
else
|
else
|
||||||
|
|
|
@ -72,12 +72,12 @@ static unsigned long mmap_rnd(void)
|
||||||
if (current->flags & PF_RANDOMIZE) {
|
if (current->flags & PF_RANDOMIZE) {
|
||||||
if (mmap_is_ia32())
|
if (mmap_is_ia32())
|
||||||
#ifdef CONFIG_COMPAT
|
#ifdef CONFIG_COMPAT
|
||||||
rnd = (unsigned long)get_random_int() & ((1 << mmap_rnd_compat_bits) - 1);
|
rnd = get_random_long() & ((1UL << mmap_rnd_compat_bits) - 1);
|
||||||
#else
|
#else
|
||||||
rnd = (unsigned long)get_random_int() & ((1 << mmap_rnd_bits) - 1);
|
rnd = get_random_long() & ((1UL << mmap_rnd_bits) - 1);
|
||||||
#endif
|
#endif
|
||||||
else
|
else
|
||||||
rnd = (unsigned long)get_random_int() & ((1 << mmap_rnd_bits) - 1);
|
rnd = get_random_long() & ((1UL << mmap_rnd_bits) - 1);
|
||||||
}
|
}
|
||||||
return rnd << PAGE_SHIFT;
|
return rnd << PAGE_SHIFT;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue