From: Arjan van de Ven The patch below replaces the existing 8Kb randomisation of the userspace stack pointer (which is currently only done for Hyperthreaded P-IVs) with a more general randomisation over a 64Kb range. 64Kb is not a lot, but it's a start and once the dust settles we can increase this value to a more agressive value. Signed-off-by: Arjan van de Ven Signed-off-by: Ingo Molnar Signed-off-by: Andrew Morton --- 25-akpm/arch/i386/kernel/process.c | 7 +++++++ 25-akpm/arch/x86_64/kernel/process.c | 8 ++++++++ 25-akpm/fs/binfmt_elf.c | 11 ++--------- 25-akpm/fs/exec.c | 3 ++- 25-akpm/include/asm-alpha/system.h | 2 ++ 25-akpm/include/asm-arm/system.h | 2 ++ 25-akpm/include/asm-arm26/system.h | 2 ++ 25-akpm/include/asm-cris/system.h | 2 ++ 25-akpm/include/asm-frv/system.h | 2 ++ 25-akpm/include/asm-h8300/system.h | 2 ++ 25-akpm/include/asm-i386/system.h | 2 ++ 25-akpm/include/asm-ia64/system.h | 3 +++ 25-akpm/include/asm-m32r/system.h | 2 ++ 25-akpm/include/asm-m68k/system.h | 2 ++ 25-akpm/include/asm-m68knommu/system.h | 1 + 25-akpm/include/asm-mips/system.h | 2 ++ 25-akpm/include/asm-parisc/system.h | 2 ++ 25-akpm/include/asm-ppc/system.h | 2 ++ 25-akpm/include/asm-ppc64/system.h | 2 ++ 25-akpm/include/asm-s390/system.h | 2 ++ 25-akpm/include/asm-sh/system.h | 2 ++ 25-akpm/include/asm-sh64/system.h | 2 ++ 25-akpm/include/asm-sparc/system.h | 2 ++ 25-akpm/include/asm-sparc64/system.h | 2 ++ 25-akpm/include/asm-v850/system.h | 2 ++ 25-akpm/include/asm-x86_64/system.h | 2 ++ 26 files changed, 63 insertions(+), 10 deletions(-) diff -puN arch/i386/kernel/process.c~randomisation-stack-randomisation arch/i386/kernel/process.c --- 25/arch/i386/kernel/process.c~randomisation-stack-randomisation 2005-02-22 18:16:06.000000000 -0800 +++ 25-akpm/arch/i386/kernel/process.c 2005-02-22 18:16:06.000000000 -0800 @@ -36,6 +36,7 @@ #include #include #include +#include #include #include @@ -828,3 +829,9 @@ asmlinkage int sys_get_thread_area(struc return 0; } +unsigned long arch_align_stack(unsigned long sp) +{ + if (randomize_va_space) + sp -= get_random_int() % 8192; + return sp & ~0xf; +} diff -puN arch/x86_64/kernel/process.c~randomisation-stack-randomisation arch/x86_64/kernel/process.c --- 25/arch/x86_64/kernel/process.c~randomisation-stack-randomisation 2005-02-22 18:16:06.000000000 -0800 +++ 25-akpm/arch/x86_64/kernel/process.c 2005-02-22 18:16:06.000000000 -0800 @@ -33,6 +33,7 @@ #include #include #include +#include #include #include @@ -749,3 +750,10 @@ int dump_task_regs(struct task_struct *t return 1; } + +unsigned long arch_align_stack(unsigned long sp) +{ + if (randomize_va_space) + sp -= get_random_int() % 8192; + return sp & ~0xf; +} diff -puN fs/binfmt_elf.c~randomisation-stack-randomisation fs/binfmt_elf.c --- 25/fs/binfmt_elf.c~randomisation-stack-randomisation 2005-02-22 18:16:06.000000000 -0800 +++ 25-akpm/fs/binfmt_elf.c 2005-02-22 18:16:06.000000000 -0800 @@ -165,21 +165,14 @@ create_elf_tables(struct linux_binprm *b if (k_platform) { size_t len = strlen(k_platform) + 1; -#ifdef CONFIG_X86_HT /* * In some cases (e.g. Hyper-Threading), we want to avoid L1 * evictions by the processes running on the same package. One * thing we can do is to shuffle the initial stack for them. - * - * The conditionals here are unneeded, but kept in to make the - * code behaviour the same as pre change unless we have - * hyperthreaded processors. This should be cleaned up - * before 2.6 */ - if (smp_num_siblings > 1) - STACK_ALLOC(p, ((current->pid % 64) << 7)); -#endif + p = arch_align_stack(p); + u_platform = (elf_addr_t __user *)STACK_ALLOC(p, len); if (__copy_to_user(u_platform, k_platform, len)) return -EFAULT; diff -puN fs/exec.c~randomisation-stack-randomisation fs/exec.c --- 25/fs/exec.c~randomisation-stack-randomisation 2005-02-22 18:16:06.000000000 -0800 +++ 25-akpm/fs/exec.c 2005-02-22 18:16:06.000000000 -0800 @@ -400,7 +400,8 @@ int setup_arg_pages(struct linux_binprm while (i < MAX_ARG_PAGES) bprm->page[i++] = NULL; #else - stack_base = stack_top - MAX_ARG_PAGES * PAGE_SIZE; + stack_base = arch_align_stack(STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE); + stack_base = PAGE_ALIGN(stack_base); bprm->p += stack_base; mm->arg_start = bprm->p; arg_size = stack_top - (PAGE_MASK & (unsigned long) mm->arg_start); diff -puN include/asm-alpha/system.h~randomisation-stack-randomisation include/asm-alpha/system.h --- 25/include/asm-alpha/system.h~randomisation-stack-randomisation 2005-02-22 18:16:06.000000000 -0800 +++ 25-akpm/include/asm-alpha/system.h 2005-02-22 18:16:06.000000000 -0800 @@ -621,4 +621,6 @@ __cmpxchg(volatile void *ptr, unsigned l #endif /* __ASSEMBLY__ */ +#define arch_align_stack(x) (x) + #endif diff -puN include/asm-arm26/system.h~randomisation-stack-randomisation include/asm-arm26/system.h --- 25/include/asm-arm26/system.h~randomisation-stack-randomisation 2005-02-22 18:16:06.000000000 -0800 +++ 25-akpm/include/asm-arm26/system.h 2005-02-22 18:16:06.000000000 -0800 @@ -245,6 +245,8 @@ static inline unsigned long __xchg(unsig #endif /* __ASSEMBLY__ */ +#define arch_align_stack(x) (x) + #endif /* __KERNEL__ */ #endif diff -puN include/asm-arm/system.h~randomisation-stack-randomisation include/asm-arm/system.h --- 25/include/asm-arm/system.h~randomisation-stack-randomisation 2005-02-22 18:16:06.000000000 -0800 +++ 25-akpm/include/asm-arm/system.h 2005-02-22 18:16:06.000000000 -0800 @@ -383,6 +383,8 @@ static inline unsigned long __xchg(unsig #endif /* __ASSEMBLY__ */ +#define arch_align_stack(x) (x) + #endif /* __KERNEL__ */ #endif diff -puN include/asm-cris/system.h~randomisation-stack-randomisation include/asm-cris/system.h --- 25/include/asm-cris/system.h~randomisation-stack-randomisation 2005-02-22 18:16:06.000000000 -0800 +++ 25-akpm/include/asm-cris/system.h 2005-02-22 18:16:06.000000000 -0800 @@ -69,4 +69,6 @@ extern inline unsigned long __xchg(unsig return x; } +#define arch_align_stack(x) (x) + #endif diff -puN include/asm-frv/system.h~randomisation-stack-randomisation include/asm-frv/system.h --- 25/include/asm-frv/system.h~randomisation-stack-randomisation 2005-02-22 18:16:06.000000000 -0800 +++ 25-akpm/include/asm-frv/system.h 2005-02-22 18:16:06.000000000 -0800 @@ -123,4 +123,6 @@ do { \ extern void die_if_kernel(const char *, ...) __attribute__((format(printf, 1, 2))); extern void free_initmem(void); +#define arch_align_stack(x) (x) + #endif /* _ASM_SYSTEM_H */ diff -puN include/asm-h8300/system.h~randomisation-stack-randomisation include/asm-h8300/system.h --- 25/include/asm-h8300/system.h~randomisation-stack-randomisation 2005-02-22 18:16:06.000000000 -0800 +++ 25-akpm/include/asm-h8300/system.h 2005-02-22 18:16:06.000000000 -0800 @@ -144,4 +144,6 @@ static inline unsigned long __xchg(unsig asm("jmp @@0"); \ }) +#define arch_align_stack(x) (x) + #endif /* _H8300_SYSTEM_H */ diff -puN include/asm-i386/system.h~randomisation-stack-randomisation include/asm-i386/system.h --- 25/include/asm-i386/system.h~randomisation-stack-randomisation 2005-02-22 18:16:06.000000000 -0800 +++ 25-akpm/include/asm-i386/system.h 2005-02-22 18:16:06.000000000 -0800 @@ -468,4 +468,6 @@ void enable_hlt(void); extern int es7000_plat; void cpu_idle_wait(void); +extern unsigned long arch_align_stack(unsigned long sp); + #endif diff -puN include/asm-ia64/system.h~randomisation-stack-randomisation include/asm-ia64/system.h --- 25/include/asm-ia64/system.h~randomisation-stack-randomisation 2005-02-22 18:16:06.000000000 -0800 +++ 25-akpm/include/asm-ia64/system.h 2005-02-22 18:16:06.000000000 -0800 @@ -285,6 +285,9 @@ do { \ #define ia64_platform_is(x) (strcmp(x, platform_name) == 0) void cpu_idle_wait(void); + +#define arch_align_stack(x) (x) + #endif /* __KERNEL__ */ #endif /* __ASSEMBLY__ */ diff -puN include/asm-m32r/system.h~randomisation-stack-randomisation include/asm-m32r/system.h --- 25/include/asm-m32r/system.h~randomisation-stack-randomisation 2005-02-22 18:16:06.000000000 -0800 +++ 25-akpm/include/asm-m32r/system.h 2005-02-22 18:16:06.000000000 -0800 @@ -294,4 +294,6 @@ static __inline__ unsigned long __xchg(u #define set_mb(var, value) do { xchg(&var, value); } while (0) #define set_wmb(var, value) do { var = value; wmb(); } while (0) +#define arch_align_stack(x) (x) + #endif /* _ASM_M32R_SYSTEM_H */ diff -puN include/asm-m68knommu/system.h~randomisation-stack-randomisation include/asm-m68knommu/system.h --- 25/include/asm-m68knommu/system.h~randomisation-stack-randomisation 2005-02-22 18:16:06.000000000 -0800 +++ 25-akpm/include/asm-m68knommu/system.h 2005-02-22 18:16:06.000000000 -0800 @@ -281,5 +281,6 @@ cmpxchg(volatile int *p, int old, int ne }) #endif #endif +#define arch_align_stack(x) (x) #endif /* _M68KNOMMU_SYSTEM_H */ diff -puN include/asm-m68k/system.h~randomisation-stack-randomisation include/asm-m68k/system.h --- 25/include/asm-m68k/system.h~randomisation-stack-randomisation 2005-02-22 18:16:06.000000000 -0800 +++ 25-akpm/include/asm-m68k/system.h 2005-02-22 18:16:06.000000000 -0800 @@ -194,6 +194,8 @@ static inline unsigned long __cmpxchg(vo (unsigned long)(n),sizeof(*(ptr)))) #endif +#define arch_align_stack(x) (x) + #endif /* __KERNEL__ */ #endif /* _M68K_SYSTEM_H */ diff -puN include/asm-mips/system.h~randomisation-stack-randomisation include/asm-mips/system.h --- 25/include/asm-mips/system.h~randomisation-stack-randomisation 2005-02-22 18:16:06.000000000 -0800 +++ 25-akpm/include/asm-mips/system.h 2005-02-22 18:16:06.000000000 -0800 @@ -433,4 +433,6 @@ do { \ #define finish_arch_switch(rq, prev) spin_unlock_irq(&(prev)->switch_lock) #define task_running(rq, p) ((rq)->curr == (p) || spin_is_locked(&(p)->switch_lock)) +#define arch_align_stack(x) (x) + #endif /* _ASM_SYSTEM_H */ diff -puN include/asm-parisc/system.h~randomisation-stack-randomisation include/asm-parisc/system.h --- 25/include/asm-parisc/system.h~randomisation-stack-randomisation 2005-02-22 18:16:06.000000000 -0800 +++ 25-akpm/include/asm-parisc/system.h 2005-02-22 18:16:06.000000000 -0800 @@ -205,4 +205,6 @@ extern spinlock_t pa_tlb_lock; #endif +#define arch_align_stack(x) (x) + #endif diff -puN include/asm-ppc64/system.h~randomisation-stack-randomisation include/asm-ppc64/system.h --- 25/include/asm-ppc64/system.h~randomisation-stack-randomisation 2005-02-22 18:16:06.000000000 -0800 +++ 25-akpm/include/asm-ppc64/system.h 2005-02-22 18:16:06.000000000 -0800 @@ -300,5 +300,7 @@ __cmpxchg(volatile void *ptr, unsigned l */ #define NET_IP_ALIGN 0 +#define arch_align_stack(x) (x) + #endif /* __KERNEL__ */ #endif diff -puN include/asm-ppc/system.h~randomisation-stack-randomisation include/asm-ppc/system.h --- 25/include/asm-ppc/system.h~randomisation-stack-randomisation 2005-02-22 18:16:06.000000000 -0800 +++ 25-akpm/include/asm-ppc/system.h 2005-02-22 18:16:06.000000000 -0800 @@ -201,5 +201,7 @@ __cmpxchg(volatile void *ptr, unsigned l (unsigned long)_n_, sizeof(*(ptr))); \ }) +#define arch_align_stack(x) (x) + #endif /* __KERNEL__ */ #endif /* __PPC_SYSTEM_H */ diff -puN include/asm-s390/system.h~randomisation-stack-randomisation include/asm-s390/system.h --- 25/include/asm-s390/system.h~randomisation-stack-randomisation 2005-02-22 18:16:06.000000000 -0800 +++ 25-akpm/include/asm-s390/system.h 2005-02-22 18:16:06.000000000 -0800 @@ -461,6 +461,8 @@ extern void (*_machine_restart)(char *co extern void (*_machine_halt)(void); extern void (*_machine_power_off)(void); +#define arch_align_stack(x) (x) + #endif /* __KERNEL__ */ #endif diff -puN include/asm-sh64/system.h~randomisation-stack-randomisation include/asm-sh64/system.h --- 25/include/asm-sh64/system.h~randomisation-stack-randomisation 2005-02-22 18:16:06.000000000 -0800 +++ 25-akpm/include/asm-sh64/system.h 2005-02-22 18:16:06.000000000 -0800 @@ -191,4 +191,6 @@ extern void print_seg(char *file,int lin #define PL() printk("@ <%s,%s:%d>\n",__FILE__,__FUNCTION__,__LINE__) +#define arch_align_stack(x) (x) + #endif /* __ASM_SH64_SYSTEM_H */ diff -puN include/asm-sh/system.h~randomisation-stack-randomisation include/asm-sh/system.h --- 25/include/asm-sh/system.h~randomisation-stack-randomisation 2005-02-22 18:16:06.000000000 -0800 +++ 25-akpm/include/asm-sh/system.h 2005-02-22 18:16:06.000000000 -0800 @@ -259,4 +259,6 @@ static __inline__ unsigned long __xchg(u void disable_hlt(void); void enable_hlt(void); +#define arch_align_stack(x) (x) + #endif diff -puN include/asm-sparc64/system.h~randomisation-stack-randomisation include/asm-sparc64/system.h --- 25/include/asm-sparc64/system.h~randomisation-stack-randomisation 2005-02-22 18:16:06.000000000 -0800 +++ 25-akpm/include/asm-sparc64/system.h 2005-02-22 18:16:06.000000000 -0800 @@ -341,4 +341,6 @@ __cmpxchg(volatile void *ptr, unsigned l #endif /* !(__ASSEMBLY__) */ +#define arch_align_stack(x) (x) + #endif /* !(__SPARC64_SYSTEM_H) */ diff -puN include/asm-sparc/system.h~randomisation-stack-randomisation include/asm-sparc/system.h --- 25/include/asm-sparc/system.h~randomisation-stack-randomisation 2005-02-22 18:16:06.000000000 -0800 +++ 25-akpm/include/asm-sparc/system.h 2005-02-22 18:16:06.000000000 -0800 @@ -257,4 +257,6 @@ extern void die_if_kernel(char *str, str #endif /* __ASSEMBLY__ */ +#define arch_align_stack(x) (x) + #endif /* !(__SPARC_SYSTEM_H) */ diff -puN include/asm-v850/system.h~randomisation-stack-randomisation include/asm-v850/system.h --- 25/include/asm-v850/system.h~randomisation-stack-randomisation 2005-02-22 18:16:06.000000000 -0800 +++ 25-akpm/include/asm-v850/system.h 2005-02-22 18:16:06.000000000 -0800 @@ -108,4 +108,6 @@ extern inline unsigned long __xchg (unsi return tmp; } +#define arch_align_stack(x) (x) + #endif /* __V850_SYSTEM_H__ */ diff -puN include/asm-x86_64/system.h~randomisation-stack-randomisation include/asm-x86_64/system.h --- 25/include/asm-x86_64/system.h~randomisation-stack-randomisation 2005-02-22 18:16:06.000000000 -0800 +++ 25-akpm/include/asm-x86_64/system.h 2005-02-22 18:16:06.000000000 -0800 @@ -338,4 +338,6 @@ void enable_hlt(void); #define HAVE_EAT_KEY void eat_key(void); +extern unsigned long arch_align_stack(unsigned long sp); + #endif _