Piteball/android_kernel_google_msm
1
0
Fork 0
mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00
Code Issues Projects Releases Wiki Activity
android_kernel_google_msm/arch/x86
History
Andy Lutomirski bd2b759a41 x86_64, vdso: Fix the vdso address randomization algorithm 
commit 394f56fe480140877304d342dec46d50dc823d46 upstream.

The theory behind vdso randomization is that it's mapped at a random
offset above the top of the stack.  To avoid wasting a page of
memory for an extra page table, the vdso isn't supposed to extend
past the lowest PMD into which it can fit.  Other than that, the
address should be a uniformly distributed address that meets all of
the alignment requirements.

The current algorithm is buggy: the vdso has about a 50% probability
of being at the very end of a PMD.  The current algorithm also has a
decent chance of failing outright due to incorrect handling of the
case where the top of the stack is near the top of its PMD.

This fixes the implementation.  The paxtest estimate of vdso
"randomisation" improves from 11 bits to 18 bits.  (Disclaimer: I
don't know what the paxtest code is actually calculating.)

It's worth noting that this algorithm is inherently biased: the vdso
is more likely to end up near the end of its PMD than near the
beginning.  Ideally we would either nix the PMD sharing requirement
or jointly randomize the vdso and the stack to reduce the bias.

In the mean time, this is a considerable improvement with basically
no risk of compatibility issues, since the allowed outputs of the
algorithm are unchanged.

As an easy test, doing this:

for i in `seq 10000`
  do grep -P vdso /proc/self/maps |cut -d- -f1
done |sort |uniq -d

used to produce lots of output (1445 lines on my most recent run).
A tiny subset looks like this:

7fffdfffe000
7fffe01fe000
7fffe05fe000
7fffe07fe000
7fffe09fe000
7fffe0bfe000
7fffe0dfe000

Note the suspicious fe000 endings.  With the fix, I get a much more
palatable 76 repeated addresses.

Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
[lizf: Backported to 3.4:
 - adjust context
 - adjust comment]
Signed-off-by: Zefan Li <lizefan@huawei.com>
2015-04-14 17:33:48 +08:00
..
boot x86, build: Pass in additional -mno-mmx, -mno-sse options 2014-06-07 16:02:08 -07:00
configs
crypto crypto: ghash-clmulni-intel - use C implementation for setkey() 2014-05-13 14:11:30 +02:00
ia32 x86-64: Replace left over sti/cli in ia32 audit exit code 2013-02-11 08:47:18 -08:00
include/asm x86/tls: Don't validate lm in set_thread_area() after all 2015-04-14 17:33:46 +08:00
kernel x86/tls: Don't validate lm in set_thread_area() after all 2015-04-14 17:33:46 +08:00
kvm KVM: x86: Fix far-jump to non-canonical check 2015-02-02 17:05:25 +08:00
lguest x86, mm: Patch out arch_flush_lazy_mmu_mode() when running on bare metal 2013-04-16 21:27:27 -07:00
lib x86-64: Fix the failure case in copy_user_handle_tail() 2013-03-28 12:12:26 -07:00
math-emu
mm x86-64, espfix: Don't leak bits 31:16 of %esp returning to 16-bit stack 2014-08-07 12:00:10 -07:00
net x86: bpf_jit: support negative offsets 2014-03-30 21:40:30 -07:00
oprofile
pci xen/pci: We don't do multiple MSI's. 2013-03-14 11:29:41 -07:00
platform x86/efi: Fix dummy variable buffer allocation 2014-06-07 16:02:10 -07:00
power perf,x86: fix kernel crash with PEBS/BTS after suspend/resume 2013-03-20 13:04:59 -07:00
syscalls x86, x32: Use compat shims for io_{setup,submit} 2014-06-30 20:01:33 -07:00
tools
um x86, um: Correct syscall table type attributes breaking gcc 4.8 2013-06-07 12:49:48 -07:00
vdso x86_64, vdso: Fix the vdso address randomization algorithm 2015-04-14 17:33:48 +08:00
video
xen xen/smp/spinlock: Fix leakage of the spinlock interrupt line for every CPU online/offline 2014-03-11 16:10:06 -07:00
.gitignore
Kbuild
Kconfig x86, espfix: Make it possible to disable 16-bit support 2014-08-07 12:00:11 -07:00
Kconfig.cpu
Kconfig.debug
Makefile
Makefile.um
Makefile_32.cpu