rpms/kernel/F-10 x86-increase-min_gap-to-include-randomized-stack.patch, NONE, 1.1.2.1 kernel.spec, 1.1206.2.95, 1.1206.2.96
Chuck Ebbert
cebbert at fedoraproject.org
Mon Oct 5 03:16:35 UTC 2009
- Previous message (by thread): rpms/kernel/F-10 patch-2.6.27.36-rc2.bz2.sign, NONE, 1.1.2.1 .cvsignore, 1.960.2.22, 1.960.2.23 kernel.spec, 1.1206.2.94, 1.1206.2.95 sources, 1.922.2.22, 1.922.2.23 upstream, 1.834.2.22, 1.834.2.23
- Next message (by thread): rpms/crypto-utils/F-12 crypto-utils.spec,1.64,1.65
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: cebbert
Update of /cvs/pkgs/rpms/kernel/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv3924
Modified Files:
Tag: private-fedora-10-2_6_27
kernel.spec
Added Files:
Tag: private-fedora-10-2_6_27
x86-increase-min_gap-to-include-randomized-stack.patch
Log Message:
Backport stack randomization fix from 2.6.31.2 (#526882)
x86-increase-min_gap-to-include-randomized-stack.patch:
arch/x86/mm/mmap.c | 17 +++++++++++++++--
include/asm-x86/elf.h | 2 ++
2 files changed, 17 insertions(+), 2 deletions(-)
--- NEW FILE x86-increase-min_gap-to-include-randomized-stack.patch ---
>From 80938332d8cf652f6b16e0788cf0ca136befe0b5 Mon Sep 17 00:00:00 2001
From: Michal Hocko <mhocko at suse.cz>
Date: Tue, 8 Sep 2009 11:01:55 +0200
Subject: x86: Increase MIN_GAP to include randomized stack
From: Michal Hocko <mhocko at suse.cz>
[ trivial backport to 2.6.27: Chuck Ebbert <cebbert at redhat.com> ]
commit 80938332d8cf652f6b16e0788cf0ca136befe0b5 upstream.
Currently we are not including randomized stack size when calculating
mmap_base address in arch_pick_mmap_layout for topdown case. This might
cause that mmap_base starts in the stack reserved area because stack is
randomized by 1GB for 64b (8MB for 32b) and the minimum gap is 128MB.
If the stack really grows down to mmap_base then we can get silent mmap
region overwrite by the stack values.
Let's include maximum stack randomization size into MIN_GAP which is
used as the low bound for the gap in mmap.
Signed-off-by: Michal Hocko <mhocko at suse.cz>
LKML-Reference: <1252400515-6866-1-git-send-email-mhocko at suse.cz>
Acked-by: Jiri Kosina <jkosina at suse.cz>
Signed-off-by: H. Peter Anvin <hpa at zytor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
---
include/asm-x86/elf.h | 2 ++
arch/x86/mm/mmap.c | 17 +++++++++++++++--
2 files changed, 17 insertions(+), 2 deletions(-)
--- a/include/asm-x86/elf.h
+++ b/include/asm-x86/elf.h
@@ -287,6 +287,8 @@ do { \
#ifdef CONFIG_X86_32
+#define STACK_RND_MASK (0x7ff)
+
#define VDSO_HIGH_BASE (__fix_to_virt(FIX_VDSO))
#define ARCH_DLINFO ARCH_DLINFO_IA32(vdso_enabled)
--- a/arch/x86/mm/mmap.c
+++ b/arch/x86/mm/mmap.c
@@ -29,13 +29,26 @@
#include <linux/random.h>
#include <linux/limits.h>
#include <linux/sched.h>
+#include <asm/elf.h>
+
+static unsigned int stack_maxrandom_size(void)
+{
+ unsigned int max = 0;
+ if ((current->flags & PF_RANDOMIZE) &&
+ !(current->personality & ADDR_NO_RANDOMIZE)) {
+ max = ((-1U) & STACK_RND_MASK) << PAGE_SHIFT;
+ }
+
+ return max;
+}
+
/*
* Top of mmap area (just below the process stack).
*
- * Leave an at least ~128 MB hole.
+ * Leave an at least ~128 MB hole with possible stack randomization.
*/
-#define MIN_GAP (128*1024*1024)
+#define MIN_GAP (128*1024*1024UL + stack_maxrandom_size())
#define MAX_GAP (TASK_SIZE/6*5)
/*
Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-10/kernel.spec,v
retrieving revision 1.1206.2.95
retrieving revision 1.1206.2.96
diff -u -p -r1.1206.2.95 -r1.1206.2.96
--- kernel.spec 5 Oct 2009 03:09:50 -0000 1.1206.2.95
+++ kernel.spec 5 Oct 2009 03:16:34 -0000 1.1206.2.96
@@ -789,6 +789,9 @@ Patch15100: kvm-x86-disallow-hypercalls-
# appletalk: fix skb leak (CVE-2009-2903)
Patch15200: appletalk-fix-skb-leak-when-ipddp-interface-is-not-loaded.patch
+# fix stack randomization (#526882)
+Patch15300: x86-increase-min_gap-to-include-randomized-stack.patch
+
%endif
BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root
@@ -1427,6 +1430,9 @@ ApplyPatch kvm-x86-disallow-hypercalls-f
# appletalk: fix skb leak (CVE-2009-2903)
ApplyPatch appletalk-fix-skb-leak-when-ipddp-interface-is-not-loaded.patch
+# backport of stack randomization fix from 2.6.31.2
+ApplyPatch x86-increase-min_gap-to-include-randomized-stack.patch
+
# END OF PATCH APPLICATIONS
%endif
@@ -2002,6 +2008,9 @@ fi
%kernel_variant_files -k vmlinux %{with_kdump} kdump
%changelog
+* Sun Oct 04 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.27.36-170.2.96.rc2
+- Backport stack randomization fix from 2.6.31.2 (#526882)
+
* Sun Oct 04 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.27.36-170.2.95.rc2
- Linux 2.6.27.36-rc2
- Previous message (by thread): rpms/kernel/F-10 patch-2.6.27.36-rc2.bz2.sign, NONE, 1.1.2.1 .cvsignore, 1.960.2.22, 1.960.2.23 kernel.spec, 1.1206.2.94, 1.1206.2.95 sources, 1.922.2.22, 1.922.2.23 upstream, 1.834.2.22, 1.834.2.23
- Next message (by thread): rpms/crypto-utils/F-12 crypto-utils.spec,1.64,1.65
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list