svn commit: r345452 - head/sys/vm
Konstantin Belousov
kib at FreeBSD.org
Sat Mar 23 16:36:20 UTC 2019
Author: kib
Date: Sat Mar 23 16:36:18 2019
New Revision: 345452
URL: https://svnweb.freebsd.org/changeset/base/345452
Log:
ASLR: check for max_addr after applying randomization, not before.
Otherwise resulting address from vm_map_find() migh not satisfy the
upper limit. For instance, it could affect MAP_32BIT flag from 64bit
processes.
Found by: Doug Moore <dougm at rice.edu>
Reviewed by: alc, Doug Moore <dougm at rice.edu>
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D19688
Modified:
head/sys/vm/vm_map.c
Modified: head/sys/vm/vm_map.c
==============================================================================
--- head/sys/vm/vm_map.c Sat Mar 23 16:30:50 2019 (r345451)
+++ head/sys/vm/vm_map.c Sat Mar 23 16:36:18 2019 (r345452)
@@ -1673,11 +1673,12 @@ again:
(max_addr == 0 || max_addr > MAP_32BIT_MAX_ADDR) ?
aslr_pages_rnd_64[pidx] : aslr_pages_rnd_32[pidx];
if (vm_map_findspace(map, curr_min_addr, length +
- gap * pagesizes[pidx], addr) ||
- (max_addr != 0 && *addr + length > max_addr))
+ gap * pagesizes[pidx], addr))
goto again;
/* And randomize the start address. */
*addr += (arc4random() % gap) * pagesizes[pidx];
+ if (max_addr != 0 && *addr + length > max_addr)
+ goto again;
} else if (vm_map_findspace(map, curr_min_addr, length, addr) ||
(max_addr != 0 && *addr + length > max_addr)) {
if (cluster) {
More information about the svn-src-all
mailing list