Re: Patch 5/6 randomize mmap addresses

[Arjan van de Ven]

The patch below randomizes the starting point of the mmap area.
This has the effect that all non-prelinked shared libaries and all bigger
malloc()s will be randomized between various invocations of the binary.
Prelinked binaries get a address-hint from ld.so in their mmap and are thus
exempt from this randomisation, in order to not break the prelink advantage.
The randomisation range is 1 megabyte (this is bigger than the stack
randomisation since the stack randomisation only needs 16 bytes alignment
while the mmap needs page alignment, a 64kb range would not have given
enough entropy to be effective)

Signed-off-by: Arjan van de Ven <arjan@xxxxxxxxxxxxx>


diff -purN linux-step/arch/i386/mm/mmap.c linux-step5/arch/i386/mm/mmap.c
--- linux-step/arch/i386/mm/mmap.c	2004-12-24 22:34:33.000000000 +0100
+++ linux-step5/arch/i386/mm/mmap.c	2005-01-27 10:23:17.000000000 +0100
@@ -26,6 +26,7 @@
 
 #include <linux/personality.h>
 #include <linux/mm.h>
+#include <linux/random.h>
 
 /*
  * Top of mmap area (just below the process stack).
@@ -38,13 +39,17 @@
 static inline unsigned long mmap_base(struct mm_struct *mm)
 {
 	unsigned long gap = current->signal->rlim[RLIMIT_STACK].rlim_cur;
+	unsigned long random_factor = 0;
+
+	if (current->flags & PF_RANDOMIZE)
+		random_factor = get_random_int() % (1024*1024);
 
 	if (gap < MIN_GAP)
 		gap = MIN_GAP;
 	else if (gap > MAX_GAP)
 		gap = MAX_GAP;
 
-	return TASK_SIZE - (gap & PAGE_MASK);
+	return PAGE_ALIGN(TASK_SIZE - gap - random_factor);
 }
 
 /*

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/