randomize lower bits of the argument block

This was based on the PaX RANDUSTACK feature in grsecurity, where all of the lower bits are randomized. PaX keeps 16-byte alignment. Signed-off-by: Daniel Micay <[email protected]> [[email protected]: do not randomize with ADDR_NO_RANDOMIZE personality] Signed-off-by: Levente Polyak <[email protected]>
anthraxx · Jan 19, 2021 · 6b2d22e · 6b2d22e
1 parent c0fafee
commit 6b2d22e
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/fs/exec.c b/fs/exec.c
@@ -34,6 +34,7 @@
 #include <linux/swap.h>
 #include <linux/string.h>
 #include <linux/init.h>
+#include <linux/sched.h>
 #include <linux/sched/mm.h>
 #include <linux/sched/coredump.h>
 #include <linux/sched/signal.h>
@@ -65,6 +66,7 @@
 #include <linux/vmalloc.h>
 #include <linux/io_uring.h>
 #include <linux/syscall_user_dispatch.h>
+#include <linux/random.h>
 
 #include <linux/uaccess.h>
 #include <asm/mmu_context.h>
@@ -281,6 +283,8 @@ static int __bprm_mm_init(struct linux_binprm *bprm)
 	mm->stack_vm = mm->total_vm = 1;
 	mmap_write_unlock(mm);
 	bprm->p = vma->vm_end - sizeof(void *);
+	if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
+		bprm->p ^= get_random_int() & ~PAGE_MASK;
 	return 0;
 err:
 	mmap_write_unlock(mm);