Hi Experts, I was recently looking at ways to extend the randomization range for a ASLR elf on a PPC64LE system.
I basically have been using 28-bits of randomization on x86_64 for an ASLR elf using appropriate ARCH_MMAP_RND_BITS_MIN and ARCH_MMAP_RND_BITS_MAX values: http://lxr.free-electrons.com/source/arch/x86/Kconfig#L192 And I understand from looking at the PPC64 code base that both ARCH_MMAP_RND_BITS_MIN and ARCH_MMAP_RND_BITS_MAX are not used in the current upstream code. I am looking at ways to randomize the mmap, stack and brk ranges for a ALSR elf on PPC64LE. Currently I am using a PAGE SIZE of 64K in my config file and hence the randomization usually translates to something like this for me: mmap: ------- http://lxr.free-electrons.com/source/arch/powerpc/mm/mmap.c#L67 rnd = get_random_long() % (1UL<<(30-PAGE_SHIFT)); Since PAGE_SHIFT is 16 for 64K page size, this computation reduces to: rnd = get_random_long() % (1UL<<(14)); If I compare this to x86_64, I see there: http://lxr.free-electrons.com/source/arch/x86/mm/mmap.c#L79 rnd = get_random_long() & ((1UL << mmap_rnd_bits) - 1); So, if mmap_rnd_bits = 28, this equates to: rnd = get_random_long() & ((1UL << 28) - 1); Observations and Queries: -------------------------------------- - So, x86_64 gives approx twice number of random bits for a ASLR elf running on it as compared to PPC64 although both use a 48-bit VA. - I also see this comment for PPC at various places, regarding 1GB randomness spread for PPC64. Is this restricted by the hardware or the kernel usage?: /* 8MB for 32bit, 1GB for 64bit */ 64 if (is_32bit_task()) 65 rnd = get_random_long() % (1<<(23-PAGE_SHIFT)); 66 else 67 rnd = get_random_long() % (1UL<<(30-PAGE_SHIFT)); - I tried to increase the randomness to 28 bits for PPC as well by making the PPC mmap, brk code equivalent to x86_64 and it works fine for my use case. - But, I am not sure this is the right thing to do and whether the PPC64 also supports the MIN and MAX ranges for randomization. - If it does I would like to understand, test and push a patch to implement the same for PPC64 in upstream. Sorry for the long mail, but would really appreciate if someone can help me understand the details here. Thanks, Bhupesh
