Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 2 Feb 2017 23:51:49 +0530
From: Bhupesh Sharma <bhsharma@...hat.com>
To: Balbir Singh <bsingharora@...il.com>
Cc: linuxppc-dev@...ts.ozlabs.org, kernel-hardening@...ts.openwall.com, 
	Alistair Popple <alistair@...ple.id.au>, Anatolij Gustschin <agust@...x.de>, Kees Cook <keescook@...omium.org>, 
	Daniel Cashman <dcashman@...roid.com>, Scott Wood <oss@...error.net>, 
	Paul Mackerras <paulus@...ba.org>, Daniel Cashman <dcashman@...gle.com>, 
	Bhupesh SHARMA <bhupesh.linux@...il.com>, Alexander Graf <agraf@...e.com>
Subject: Re: [PATCH 0/2] RFC: Adjust powerpc ASLR elf randomness

Hi Balbir,

On Thu, Feb 2, 2017 at 12:14 PM, Balbir Singh <bsingharora@...il.com> wrote:
> On Thu, Feb 02, 2017 at 11:12:46AM +0530, Bhupesh Sharma wrote:
>> This RFC patchset tries to make the powerpc ASLR elf randomness
>> implementation similar to other ARCHs (like x86).
>>
>> The 1st patch introduces the support of ARCH_MMAP_RND_BITS in powerpc
>> mmap implementation to allow a sane balance between increased randomness
>> in the mmap address of ASLR elfs and increased address space
>> fragmentation.
>>
>
> From what I see we get 28 bits of entropy right for 64k pages
> bits as compared to 14 bits earlier?

That's correct. We can go upto 28-bits of entropy for 64BIT platforms
using 64K pages with the current approach. I see arm64 using > 28 bits
of entropy randomness in some cases, but I think 28-bit MAX entropy is
sensible for 64BIT/64K combination on PPC.

>> The 2nd patch increases the ELF_ET_DYN_BASE value from the current
>> hardcoded value of 0x2000_0000 to something more practical,
>> i.e. TASK_SIZE - PAGE_SHIFT (which makes sense especially for
>> 64-bit platforms which would like to utilize more randomization
>> in the load address of a PIE elf).
>>
>
> This helps PIE executables as such and leaves other not impacted?

It basically affects all shared object files (as noted in [1]).
However as Kees noted in one of his reviews, I think this 2nd patch
might not be needed for all generic ppc platforms.

[1] http://lxr.free-electrons.com/source/arch/powerpc/include/asm/elf.h#L26.

Regards,
Bhupesh

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.