Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 10 Feb 2017 13:15:13 +0530
From: Bhupesh Sharma <bhsharma@...hat.com>
To: Michael Ellerman <mpe@...erman.id.au>
Cc: linuxppc-dev@...ts.ozlabs.org, kernel-hardening@...ts.openwall.com, 
	Daniel Cashman <dcashman@...gle.com>, Bhupesh SHARMA <bhupesh.linux@...il.com>, 
	Kees Cook <keescook@...omium.org>, Alexander Graf <agraf@...e.com>, 
	Benjamin Herrenschmidt <benh@...nel.crashing.org>, Paul Mackerras <paulus@...ba.org>, 
	Anatolij Gustschin <agust@...x.de>, Alistair Popple <alistair@...ple.id.au>, 
	Matt Porter <mporter@...nel.crashing.org>, Vitaly Bordug <vitb@...nel.crashing.org>, 
	Scott Wood <oss@...error.net>, Kumar Gala <galak@...nel.crashing.org>, 
	Daniel Cashman <dcashman@...roid.com>
Subject: Re: [PATCH v2 1/1] powerpc: mm: support ARCH_MMAP_RND_BITS

Hi Michael,

On Tue, Feb 7, 2017 at 7:57 AM, Michael Ellerman <mpe@...erman.id.au> wrote:
> Bhupesh Sharma <bhsharma@...hat.com> writes:
>
>> powerpc: arch_mmap_rnd() uses hard-coded values, (23-PAGE_SHIFT) for
>> 32-bit and (30-PAGE_SHIFT) for 64-bit, to generate the random offset
>> for the mmap base address.
>>
>> This value represents a compromise between increased
>> ASLR effectiveness and avoiding address-space fragmentation.
>> Replace it with a Kconfig option, which is sensibly bounded, so that
>> platform developers may choose where to place this compromise.
>> Keep default values as new minimums.
>>
>> This patch makes sure that now powerpc mmap arch_mmap_rnd() approach
>> is similar to other ARCHs like x86, arm64 and arm.
>>
>> Cc: Alexander Graf <agraf@...e.com>
>> Cc: Benjamin Herrenschmidt <benh@...nel.crashing.org>
>> Cc: Paul Mackerras <paulus@...ba.org>
>> Cc: Michael Ellerman <mpe@...erman.id.au>
>> Cc: Anatolij Gustschin <agust@...x.de>
>> Cc: Alistair Popple <alistair@...ple.id.au>
>> Cc: Matt Porter <mporter@...nel.crashing.org>
>> Cc: Vitaly Bordug <vitb@...nel.crashing.org>
>> Cc: Scott Wood <oss@...error.net>
>> Cc: Kumar Gala <galak@...nel.crashing.org>
>> Cc: Daniel Cashman <dcashman@...roid.com>
>> Signed-off-by: Bhupesh Sharma <bhsharma@...hat.com>
>> Reviewed-by: Kees Cook <keescook at chromium.org>
>> ---
>> Changes since v1:
>> v1 can be seen here (https://lists.ozlabs.org/pipermail/linuxppc-dev/2017-February/153594.html)
>>     - No functional change in this patch.
>>     - Added R-B from Kees.
>>     - Dropped PATCH 2/2 from v1 as recommended by Kees Cook.
>
> Thanks for v2.
>
> But I replied to your v1 with some comments, did you see them?
>

I have replied to your comments on the original thread.
Please share your views and if possible share your test results on the
PPC setups you might have at your end.

Thanks,
Bhupesh

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.