tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

powerpc/mm: Enable full randomisation of memory mappings

Do like most other architectures and provide randomisation also to
"legacy" memory mappings, by adding the random factor to
mm->mmap_base in arch_pick_mmap_layout().

See commit 8b8addf891de ("x86/mm/32: Enable full randomization on
i386 and X86_32") for all explanations and benefits of that mmap
randomisation.

At the moment, slice_find_area_bottomup() doesn't use mm->mmap_base
but uses the fixed TASK_UNMAPPED_BASE instead.
slice_find_area_bottomup() being used as a fallback to
slice_find_area_topdown(), it can't use mm->mmap_base
directly.

Instead of always using TASK_UNMAPPED_BASE as base address, leave
it to the caller. When called from slice_find_area_topdown()
TASK_UNMAPPED_BASE is used. Otherwise mm->mmap_base is used.

Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/417fb10dde828534c73a03138b49621d74f4e5be.1649523076.git.christophe.leroy@csgroup.eu

authored by

Christophe Leroy and committed by
Michael Ellerman 5cf7f9a0 ab57bd75

+8 -12
+7 -11
arch/powerpc/mm/book3s64/slice.c
··· 276 276 } 277 277 278 278 static unsigned long slice_find_area_bottomup(struct mm_struct *mm, 279 - unsigned long len, 279 + unsigned long addr, unsigned long len, 280 280 const struct slice_mask *available, 281 281 int psize, unsigned long high_limit) 282 282 { 283 283 int pshift = max_t(int, mmu_psize_defs[psize].shift, PAGE_SHIFT); 284 - unsigned long addr, found, next_end; 284 + unsigned long found, next_end; 285 285 struct vm_unmapped_area_info info; 286 286 287 287 info.flags = 0; 288 288 info.length = len; 289 289 info.align_mask = PAGE_MASK & ((1ul << pshift) - 1); 290 290 info.align_offset = 0; 291 - 292 - addr = TASK_UNMAPPED_BASE; 293 291 /* 294 292 * Check till the allow max value for this mmap request 295 293 */ ··· 320 322 } 321 323 322 324 static unsigned long slice_find_area_topdown(struct mm_struct *mm, 323 - unsigned long len, 325 + unsigned long addr, unsigned long len, 324 326 const struct slice_mask *available, 325 327 int psize, unsigned long high_limit) 326 328 { 327 329 int pshift = max_t(int, mmu_psize_defs[psize].shift, PAGE_SHIFT); 328 - unsigned long addr, found, prev; 330 + unsigned long found, prev; 329 331 struct vm_unmapped_area_info info; 330 332 unsigned long min_addr = max(PAGE_SIZE, mmap_min_addr); 331 333 ··· 333 335 info.length = len; 334 336 info.align_mask = PAGE_MASK & ((1ul << pshift) - 1); 335 337 info.align_offset = 0; 336 - 337 - addr = mm->mmap_base; 338 338 /* 339 339 * If we are trying to allocate above DEFAULT_MAP_WINDOW 340 340 * Add the different to the mmap_base. ··· 373 377 * can happen with large stack limits and large mmap() 374 378 * allocations. 375 379 */ 376 - return slice_find_area_bottomup(mm, len, available, psize, high_limit); 380 + return slice_find_area_bottomup(mm, TASK_UNMAPPED_BASE, len, available, psize, high_limit); 377 381 } 378 382 379 383 ··· 382 386 int topdown, unsigned long high_limit) 383 387 { 384 388 if (topdown) 385 - return slice_find_area_topdown(mm, len, mask, psize, high_limit); 389 + return slice_find_area_topdown(mm, mm->mmap_base, len, mask, psize, high_limit); 386 390 else 387 - return slice_find_area_bottomup(mm, len, mask, psize, high_limit); 391 + return slice_find_area_bottomup(mm, mm->mmap_base, len, mask, psize, high_limit); 388 392 } 389 393 390 394 static inline void slice_copy_mask(struct slice_mask *dst,
+1 -1
arch/powerpc/mm/mmap.c
··· 96 96 * bit is set, or if the expected stack growth is unlimited: 97 97 */ 98 98 if (mmap_is_legacy(rlim_stack)) { 99 - mm->mmap_base = TASK_UNMAPPED_BASE; 99 + mm->mmap_base = TASK_UNMAPPED_BASE + random_factor; 100 100 mm->get_unmapped_area = arch_get_unmapped_area; 101 101 } else { 102 102 mm->mmap_base = mmap_base(random_factor, rlim_stack);