tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

mm: ASLR: use get_random_long()

Replace calls to get_random_int() followed by a cast to (unsigned long)
with calls to get_random_long(). Also address shifting bug which, in
case of x86 removed entropy mask for mmap_rnd_bits values > 31 bits.

Signed-off-by: Daniel Cashman <dcashman@android.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: "Theodore Ts'o" <tytso@mit.edu>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: David S. Miller <davem@davemloft.net>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Nick Kralevich <nnk@google.com>
Cc: Jeff Vander Stoep <jeffv@google.com>
Cc: Mark Salyzyn <salyzyn@android.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

authored by

Daniel Cashman and committed by
Linus Torvalds 5ef11c35 ec9ee4ac

+14 -14
+1 -1
arch/arm/mm/mmap.c
··· 173 173 { 174 174 unsigned long rnd; 175 175 176 - rnd = (unsigned long)get_random_int() & ((1 << mmap_rnd_bits) - 1); 176 + rnd = get_random_long() & ((1UL << mmap_rnd_bits) - 1); 177 177 178 178 return rnd << PAGE_SHIFT; 179 179 }
+2 -2
arch/arm64/mm/mmap.c
··· 53 53 54 54 #ifdef CONFIG_COMPAT 55 55 if (test_thread_flag(TIF_32BIT)) 56 - rnd = (unsigned long)get_random_int() & ((1 << mmap_rnd_compat_bits) - 1); 56 + rnd = get_random_long() & ((1UL << mmap_rnd_compat_bits) - 1); 57 57 else 58 58 #endif 59 - rnd = (unsigned long)get_random_int() & ((1 << mmap_rnd_bits) - 1); 59 + rnd = get_random_long() & ((1UL << mmap_rnd_bits) - 1); 60 60 return rnd << PAGE_SHIFT; 61 61 } 62 62
+2 -2
arch/mips/mm/mmap.c
··· 146 146 { 147 147 unsigned long rnd; 148 148 149 - rnd = (unsigned long)get_random_int(); 149 + rnd = get_random_long(); 150 150 rnd <<= PAGE_SHIFT; 151 151 if (TASK_IS_32BIT_ADDR) 152 152 rnd &= 0xfffffful; ··· 174 174 175 175 static inline unsigned long brk_rnd(void) 176 176 { 177 - unsigned long rnd = get_random_int(); 177 + unsigned long rnd = get_random_long(); 178 178 179 179 rnd = rnd << PAGE_SHIFT; 180 180 /* 8MB for 32bit, 256MB for 64bit */
+2 -2
arch/powerpc/kernel/process.c
··· 1768 1768 1769 1769 /* 8MB for 32bit, 1GB for 64bit */ 1770 1770 if (is_32bit_task()) 1771 - rnd = (long)(get_random_int() % (1<<(23-PAGE_SHIFT))); 1771 + rnd = (get_random_long() % (1UL<<(23-PAGE_SHIFT))); 1772 1772 else 1773 - rnd = (long)(get_random_int() % (1<<(30-PAGE_SHIFT))); 1773 + rnd = (get_random_long() % (1UL<<(30-PAGE_SHIFT))); 1774 1774 1775 1775 return rnd << PAGE_SHIFT; 1776 1776 }
+2 -2
arch/powerpc/mm/mmap.c
··· 59 59 60 60 /* 8MB for 32bit, 1GB for 64bit */ 61 61 if (is_32bit_task()) 62 - rnd = (unsigned long)get_random_int() % (1<<(23-PAGE_SHIFT)); 62 + rnd = get_random_long() % (1<<(23-PAGE_SHIFT)); 63 63 else 64 - rnd = (unsigned long)get_random_int() % (1<<(30-PAGE_SHIFT)); 64 + rnd = get_random_long() % (1UL<<(30-PAGE_SHIFT)); 65 65 66 66 return rnd << PAGE_SHIFT; 67 67 }
+1 -1
arch/sparc/kernel/sys_sparc_64.c
··· 264 264 unsigned long rnd = 0UL; 265 265 266 266 if (current->flags & PF_RANDOMIZE) { 267 - unsigned long val = get_random_int(); 267 + unsigned long val = get_random_long(); 268 268 if (test_thread_flag(TIF_32BIT)) 269 269 rnd = (val % (1UL << (23UL-PAGE_SHIFT))); 270 270 else
+3 -3
arch/x86/mm/mmap.c
··· 71 71 72 72 if (mmap_is_ia32()) 73 73 #ifdef CONFIG_COMPAT 74 - rnd = (unsigned long)get_random_int() & ((1 << mmap_rnd_compat_bits) - 1); 74 + rnd = get_random_long() & ((1UL << mmap_rnd_compat_bits) - 1); 75 75 #else 76 - rnd = (unsigned long)get_random_int() & ((1 << mmap_rnd_bits) - 1); 76 + rnd = get_random_long() & ((1UL << mmap_rnd_bits) - 1); 77 77 #endif 78 78 else 79 - rnd = (unsigned long)get_random_int() & ((1 << mmap_rnd_bits) - 1); 79 + rnd = get_random_long() & ((1UL << mmap_rnd_bits) - 1); 80 80 81 81 return rnd << PAGE_SHIFT; 82 82 }
+1 -1
fs/binfmt_elf.c
··· 653 653 654 654 if ((current->flags & PF_RANDOMIZE) && 655 655 !(current->personality & ADDR_NO_RANDOMIZE)) { 656 - random_variable = (unsigned long) get_random_int(); 656 + random_variable = get_random_long(); 657 657 random_variable &= STACK_RND_MASK; 658 658 random_variable <<= PAGE_SHIFT; 659 659 }