Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit cd2a985f authored Feb 24, 2016 by dcashman Committed by Amit Pundir Apr 11, 2016

BACKPORT: FROMLIST: mm: ASLR: use get_random_long()

(cherry picked from commit https://lkml.org/lkml/2016/2/4/833

)

Replace calls to get_random_int() followed by a cast to (unsigned long)
with calls to get_random_long().  Also address shifting bug which, in case
of x86 removed entropy mask for mmap_rnd_bits values > 31 bits.

Bug: 26963541
Signed-off-by: Daniel Cashman <dcashman@android.com>
Signed-off-by: Daniel Cashman <dcashman@google.com>
Change-Id: Ia0bc7fcd00f4116b8d5b003d4271c2a0e6a9a134

parent 54ab3dc2

arch/arm/mm/mmap.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -175,7 +175,7 @@ void arch_pick_mmap_layout(struct mm_struct *mm)

		if ((current->flags & PF_RANDOMIZE) &&
		!(current->personality & ADDR_NO_RANDOMIZE))
		random_factor = (get_random_int() & ((1 << mmap_rnd_bits) - 1)) << PAGE_SHIFT;
		random_factor = (get_random_long() & ((1UL << mmap_rnd_bits) - 1)) << PAGE_SHIFT;

		if (mmap_is_legacy()) {
		mm->mmap_base = TASK_UNMAPPED_BASE + random_factor;

arch/arm64/mm/mmap.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -54,10 +54,10 @@ static unsigned long mmap_rnd(void)
		if (current->flags & PF_RANDOMIZE) {
		#ifdef CONFIG_COMPAT
		if (test_thread_flag(TIF_32BIT))
		rnd = (unsigned long)get_random_int() & ((1 << mmap_rnd_compat_bits) - 1);
		rnd = get_random_long() & ((1UL << mmap_rnd_compat_bits) - 1);
		else
		#endif
		rnd = (unsigned long)get_random_int() & ((1 << mmap_rnd_bits) - 1);
		rnd = get_random_long() & ((1UL << mmap_rnd_bits) - 1);
		}
		return rnd << PAGE_SHIFT;
		}

arch/mips/mm/mmap.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -147,7 +147,7 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
		unsigned long random_factor = 0UL;

		if (current->flags & PF_RANDOMIZE) {
		random_factor = get_random_int();
		random_factor = get_random_long();
		random_factor = random_factor << PAGE_SHIFT;
		if (TASK_IS_32BIT_ADDR)
		random_factor &= 0xfffffful;
		@@ -166,7 +166,7 @@ void arch_pick_mmap_layout(struct mm_struct *mm)

		static inline unsigned long brk_rnd(void)
		{
		unsigned long rnd = get_random_int();
		unsigned long rnd = get_random_long();

		rnd = rnd << PAGE_SHIFT;
		/* 8MB for 32bit, 256MB for 64bit */

arch/powerpc/kernel/process.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -1633,9 +1633,9 @@ static inline unsigned long brk_rnd(void)

		/* 8MB for 32bit, 1GB for 64bit */
		if (is_32bit_task())
		rnd = (long)(get_random_int() % (1<<(23-PAGE_SHIFT)));
		rnd = (get_random_long() % (1UL<<(23-PAGE_SHIFT)));
		else
		rnd = (long)(get_random_int() % (1<<(30-PAGE_SHIFT)));
		rnd = (get_random_long() % (1UL<<(30-PAGE_SHIFT)));

		return rnd << PAGE_SHIFT;
		}

arch/powerpc/mm/mmap.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -60,9 +60,9 @@ static unsigned long mmap_rnd(void)
		if (current->flags & PF_RANDOMIZE) {
		/* 8MB for 32bit, 1GB for 64bit */
		if (is_32bit_task())
		rnd = (long)(get_random_int() % (1<<(23-PAGE_SHIFT)));
		rnd = get_random_long() % (1<<(23-PAGE_SHIFT));
		else
		rnd = (long)(get_random_int() % (1<<(30-PAGE_SHIFT)));
		rnd = get_random_long() % (1UL<<(30-PAGE_SHIFT));
		}
		return rnd << PAGE_SHIFT;
		}