arm64: properly account for stack rnd in mmap base

The stack ASLR base was not included in the gap size for rlimit values larger than MIN_GAP, resulting in insufficient space being reserved. PaX uses an alternate approach where the mmap base is instead offset from the actual random stack base, but this works for the time being. Signed-off-by: Daniel Micay <danielmicay@gmail.com>
author: Daniel Micay <danielmicay@gmail.com> 2017-05-22 04:56:22 -0400
committer: Moyster <oysterized@gmail.com> 2018-05-16 13:26:07 +0200
commit: 617387d117b60601979b49c8aa98b8e8e840c446 (patch)
tree: 78a71aaef11466c435b96284a1e0be97b76ea541 /arch/arm64
parent: c8972edb1a80b6395f9df64f6ea856cd09e334e3 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/arch/arm64/mm/mmap.c b/arch/arm64/mm/mmap.c
index 8f6bcc3f4..5a07020b8 100644
--- a/arch/arm64/mm/mmap.c
+++ b/arch/arm64/mm/mmap.c
@@ -33,7 +33,7 @@
  * Leave enough space between the mmap area and the stack to honour ulimit in
  * the face of randomisation.
  */
-#define MIN_GAP (SZ_128M + ((STACK_RND_MASK << PAGE_SHIFT) + 1))
+#define MIN_GAP (SZ_128M)
 #define MAX_GAP	(STACK_TOP/6*5)
 
 static int mmap_is_legacy(void)
@@ -65,6 +65,9 @@ static unsigned long mmap_rnd(void)
 static unsigned long mmap_base(void)
 {
 	unsigned long gap = rlimit(RLIMIT_STACK);
+	unsigned long pad = STACK_RND_MASK << PAGE_SHIFT;
+	if (gap + pad > gap)
+		gap += pad;
 
 	if (gap < MIN_GAP)
 		gap = MIN_GAP;
author	Daniel Micay <danielmicay@gmail.com>	2017-05-22 04:56:22 -0400
committer	Moyster <oysterized@gmail.com>	2018-05-16 13:26:07 +0200
commit	617387d117b60601979b49c8aa98b8e8e840c446 (patch)
tree	78a71aaef11466c435b96284a1e0be97b76ea541 /arch/arm64
parent	c8972edb1a80b6395f9df64f6ea856cd09e334e3 (diff)