diff options
author | Heiko Carstens <heiko.carstens@de.ibm.com> | 2011-01-12 09:55:31 +0100 |
---|---|---|
committer | Martin Schwidefsky <sky@mschwide.boeblingen.de.ibm.com> | 2011-01-12 09:55:25 +0100 |
commit | d2c9dfccbc3a449b9677772e7496e2656049d9f3 (patch) | |
tree | f62cf27ddee310af28244bcfbc8eb2e197ed629c | |
parent | 3351918282fd664e918a3175ddfae9b15656122e (diff) | |
download | op-kernel-dev-d2c9dfccbc3a449b9677772e7496e2656049d9f3.zip op-kernel-dev-d2c9dfccbc3a449b9677772e7496e2656049d9f3.tar.gz |
[S390] Randomize PIEs
Randomize ELF_ET_DYN_BASE, which is used when loading position
independent executables.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
-rw-r--r-- | arch/s390/include/asm/elf.h | 4 | ||||
-rw-r--r-- | arch/s390/kernel/process.c | 11 |
2 files changed, 14 insertions, 1 deletions
diff --git a/arch/s390/include/asm/elf.h b/arch/s390/include/asm/elf.h index 457fb7c..10c029c 100644 --- a/arch/s390/include/asm/elf.h +++ b/arch/s390/include/asm/elf.h @@ -161,7 +161,9 @@ extern unsigned int vdso_enabled; use of this is to invoke "./ld.so someprog" to test out a new version of the loader. We need to make sure that it is out of the way of the program that it will "exec", and that there is sufficient room for the brk. */ -#define ELF_ET_DYN_BASE (STACK_TOP / 3 * 2) + +extern unsigned long randomize_et_dyn(unsigned long base); +#define ELF_ET_DYN_BASE (randomize_et_dyn(STACK_TOP / 3 * 2)) /* This yields a mask that user programs can use to figure out what instruction set this CPU supports. */ diff --git a/arch/s390/kernel/process.c b/arch/s390/kernel/process.c index 26d48fe..a895e69 100644 --- a/arch/s390/kernel/process.c +++ b/arch/s390/kernel/process.c @@ -359,3 +359,14 @@ unsigned long arch_randomize_brk(struct mm_struct *mm) return mm->brk; return ret; } + +unsigned long randomize_et_dyn(unsigned long base) +{ + unsigned long ret = PAGE_ALIGN(base + brk_rnd()); + + if (!(current->flags & PF_RANDOMIZE)) + return base; + if (ret < base) + return base; + return ret; +} |