Attachment #308469 for bug #411439




++ linux-3.3.1-hardened-r1/fs/binfmt_elf.c

	start_data += load_bias;
	end_data += load_bias;

#ifdef CONFIG_PAX_RANDMMAP
	if (current->mm->pax_flags & MF_PAX_RANDMMAP)
		elf_brk += PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL)) << 4);
#endif

	/* Calling set_brk effectively mmaps the pages that we need
	 * for the bss and break sections.  We must do this before
	 * mapping in the interpreter, to make sure it doesn't wind

		 */
	}

#ifdef CONFIG_PAX_RANDMMAP
	if (current->mm->pax_flags & MF_PAX_RANDMMAP) {
		unsigned long start, size;

		current->mm->end_data = end_data = elf_brk;
		start = ELF_PAGEALIGN(elf_brk);
		size = PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL)) << 4);
		current->mm->start_brk = start + size;
		down_write(&current->mm->mmap_sem);
		retval = -ENOMEM;
		if (!find_vma_intersection(current->mm, start, start + size + PAGE_SIZE)) {
			start = do_mmap(NULL, start, size, PROT_NONE, MAP_ANONYMOUS | MAP_FIXED | MAP_PRIVATE, 0);
			retval = IS_ERR_VALUE(start) ? start : 0;
		}
		up_write(&current->mm->mmap_sem);
		if (retval == 0)
			retval = set_brk(start + size, start + size + PAGE_SIZE);
		if (retval < 0) {
			send_sig(SIGKILL, current, 0);
			goto out_free_dentry;
		}
	}
#endif

	if (elf_interpreter) {
		unsigned long uninitialized_var(interp_map_addr);


Return to bug 411439

Line Link Here

(-)file_not_specified_in_diff (-6 / +25 lines)
0	-- linux-3.2.12-hardened/fs/binfmt_elf.c	0	++ linux-3.3.1-hardened-r1/fs/binfmt_elf.c
Lines 1328-1338 static int load_elf_binary(struct linux_ Link Here
1328	start_data += load_bias;	1328	start_data += load_bias;
1329	end_data += load_bias;	1329	end_data += load_bias;
1330		1330
1331	#ifdef CONFIG_PAX_RANDMMAP
1332	if (current->mm->pax_flags & MF_PAX_RANDMMAP)
1333	elf_brk += PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL)) << 4);
1334	#endif
1335
1336	/* Calling set_brk effectively mmaps the pages that we need	1331	/* Calling set_brk effectively mmaps the pages that we need
1337	* for the bss and break sections. We must do this before	1332	* for the bss and break sections. We must do this before
1338	* mapping in the interpreter, to make sure it doesn't wind	1333	* mapping in the interpreter, to make sure it doesn't wind
Lines 1351-1356 static int load_elf_binary(struct linux_ Link Here
1351	*/	1346	*/
1352	}	1347	}
1353		1348
		1349	#ifdef CONFIG_PAX_RANDMMAP
		1350	if (current->mm->pax_flags & MF_PAX_RANDMMAP) {
		1351	unsigned long start, size;
		1352
		1353	current->mm->end_data = end_data = elf_brk;
		1354	start = ELF_PAGEALIGN(elf_brk);
		1355	size = PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL)) << 4);
		1356	current->mm->start_brk = start + size;
		1357	down_write(&current->mm->mmap_sem);
		1358	retval = -ENOMEM;
		1359	if (!find_vma_intersection(current->mm, start, start + size + PAGE_SIZE)) {
		1360	start = do_mmap(NULL, start, size, PROT_NONE, MAP_ANONYMOUS \| MAP_FIXED \| MAP_PRIVATE, 0);
		1361	retval = IS_ERR_VALUE(start) ? start : 0;
		1362	}
		1363	up_write(&current->mm->mmap_sem);
		1364	if (retval == 0)
		1365	retval = set_brk(start + size, start + size + PAGE_SIZE);
		1366	if (retval < 0) {
		1367	send_sig(SIGKILL, current, 0);
		1368	goto out_free_dentry;
		1369	}
		1370	}
		1371	#endif
		1372
1354	if (elf_interpreter) {	1373	if (elf_interpreter) {
1355	unsigned long uninitialized_var(interp_map_addr);	1374	unsigned long uninitialized_var(interp_map_addr);
1356		1375