Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

This project is archived. Its data is read-only.

Commit b471fcda authored Feb 24, 2016 by dcashman Committed by Dmitry Shmidt Mar 16, 2016

FROMLIST: mm: ASLR: use get_random_long()

(cherry picked from commit https://lkml.org/lkml/2016/2/4/833

)

Replace calls to get_random_int() followed by a cast to (unsigned long)
with calls to get_random_long().  Also address shifting bug which, in case
of x86 removed entropy mask for mmap_rnd_bits values > 31 bits.

Bug: 26963541
Signed-off-by: Daniel Cashman <dcashman@android.com>
Signed-off-by: Daniel Cashman <dcashman@google.com>
Change-Id: I36c156c9b8d7d157134895fddd4cd6efddcbee86

parent 9a3fe392

arch/arm/mm/mmap.c

+1 −1

Original line number	Original line	Diff line number	Diff line
	@@ -173,7 +173,7 @@ unsigned long arch_mmap_rnd(void)
	{		{
	unsigned long rnd;		unsigned long rnd;

	rnd = (unsigned long)get_random_int() & ((1 << mmap_rnd_bits) - 1);		rnd = get_random_long() & ((1UL << mmap_rnd_bits) - 1);

	return rnd << PAGE_SHIFT;		return rnd << PAGE_SHIFT;
	}		}

arch/arm64/mm/mmap.c

+2 −2

Original line number	Original line	Diff line number	Diff line
	@@ -53,10 +53,10 @@ unsigned long arch_mmap_rnd(void)

	#ifdef CONFIG_COMPAT		#ifdef CONFIG_COMPAT
	if (test_thread_flag(TIF_32BIT))		if (test_thread_flag(TIF_32BIT))
	rnd = (unsigned long)get_random_int() & ((1 << mmap_rnd_compat_bits) - 1);		rnd = get_random_long() & ((1UL << mmap_rnd_compat_bits) - 1);
	else		else
	#endif		#endif
	rnd = (unsigned long)get_random_int() & ((1 << mmap_rnd_bits) - 1);		rnd = get_random_long() & ((1UL << mmap_rnd_bits) - 1);
	return rnd << PAGE_SHIFT;		return rnd << PAGE_SHIFT;
	}		}

arch/mips/mm/mmap.c

+2 −2

Original line number	Original line	Diff line number	Diff line
	@@ -146,7 +146,7 @@ unsigned long arch_mmap_rnd(void)
	{		{
	unsigned long rnd;		unsigned long rnd;

	rnd = (unsigned long)get_random_int();		rnd = get_random_long();
	rnd <<= PAGE_SHIFT;		rnd <<= PAGE_SHIFT;
	if (TASK_IS_32BIT_ADDR)		if (TASK_IS_32BIT_ADDR)
	rnd &= 0xfffffful;		rnd &= 0xfffffful;
	@@ -174,7 +174,7 @@ void arch_pick_mmap_layout(struct mm_struct *mm)

	static inline unsigned long brk_rnd(void)		static inline unsigned long brk_rnd(void)
	{		{
	unsigned long rnd = get_random_int();		unsigned long rnd = get_random_long();

	rnd = rnd << PAGE_SHIFT;		rnd = rnd << PAGE_SHIFT;
	/* 8MB for 32bit, 256MB for 64bit */		/* 8MB for 32bit, 256MB for 64bit */

arch/powerpc/kernel/process.c

+2 −2

Original line number	Original line	Diff line number	Diff line
	@@ -1641,9 +1641,9 @@ static inline unsigned long brk_rnd(void)

	/* 8MB for 32bit, 1GB for 64bit */		/* 8MB for 32bit, 1GB for 64bit */
	if (is_32bit_task())		if (is_32bit_task())
	rnd = (long)(get_random_int() % (1<<(23-PAGE_SHIFT)));		rnd = (get_random_long() % (1UL<<(23-PAGE_SHIFT)));
	else		else
	rnd = (long)(get_random_int() % (1<<(30-PAGE_SHIFT)));		rnd = (get_random_long() % (1UL<<(30-PAGE_SHIFT)));

	return rnd << PAGE_SHIFT;		return rnd << PAGE_SHIFT;
	}		}

arch/powerpc/mm/mmap.c

+2 −2

Original line number	Original line	Diff line number	Diff line
	@@ -59,9 +59,9 @@ unsigned long arch_mmap_rnd(void)

	/* 8MB for 32bit, 1GB for 64bit */		/* 8MB for 32bit, 1GB for 64bit */
	if (is_32bit_task())		if (is_32bit_task())
	rnd = (unsigned long)get_random_int() % (1<<(23-PAGE_SHIFT));		rnd = get_random_long() % (1<<(23-PAGE_SHIFT));
	else		else
	rnd = (unsigned long)get_random_int() % (1<<(30-PAGE_SHIFT));		rnd = get_random_long() % (1UL<<(30-PAGE_SHIFT));

	return rnd << PAGE_SHIFT;		return rnd << PAGE_SHIFT;
	}		}