From: Arjan van de Ven <arjan@infradead.org>

The patch below randomizes the starting point of the mmap area.

This has the effect that all non-prelinked shared libaries and all bigger
malloc()s will be randomized between various invocations of the binary. 
Prelinked binaries get a address-hint from ld.so in their mmap and are thus
exempt from this randomisation, in order to not break the prelink advantage. 
The randomisation range is 1 megabyte (this is bigger than the stack
randomisation since the stack randomisation only needs 16 bytes alignment
while the mmap needs page alignment, a 64kb range would not have given enough
entropy to be effective)

Signed-off-by: Arjan van de Ven <arjan@infradead.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---

 25-akpm/arch/i386/mm/mmap.c |    7 ++++++-
 1 files changed, 6 insertions(+), 1 deletion(-)

diff -puN arch/i386/mm/mmap.c~randomisation-mmap-randomisation arch/i386/mm/mmap.c
--- 25/arch/i386/mm/mmap.c~randomisation-mmap-randomisation	2005-02-02 15:22:18.115160840 -0800
+++ 25-akpm/arch/i386/mm/mmap.c	2005-02-02 15:22:18.118160384 -0800
@@ -26,6 +26,7 @@
 
 #include <linux/personality.h>
 #include <linux/mm.h>
+#include <linux/random.h>
 
 /*
  * Top of mmap area (just below the process stack).
@@ -38,13 +39,17 @@
 static inline unsigned long mmap_base(struct mm_struct *mm)
 {
 	unsigned long gap = current->signal->rlim[RLIMIT_STACK].rlim_cur;
+	unsigned long random_factor = 0;
+
+	if (current->flags & PF_RANDOMIZE)
+		random_factor = get_random_int() % (1024*1024);
 
 	if (gap < MIN_GAP)
 		gap = MIN_GAP;
 	else if (gap > MAX_GAP)
 		gap = MAX_GAP;
 
-	return TASK_SIZE - (gap & PAGE_MASK);
+	return PAGE_ALIGN(TASK_SIZE - gap - random_factor);
 }
 
 /*
_