support randomizing the lower bits of brk

thestinger · thestinger · commit b04d998e6fe4 · 2018-05-26T15:03:49.000-04:00
This adds support for arch_randomize_brk implementations not performing
page alignment in order to randomize the lower bits of the brk heap.

This idea is taken from PaX but the approach is different. This reuses
the existing code and avoids forcing early creation of the heap mapping,
avoiding mapping it if it's not used which is the case with many modern
allocators based solely on mmap.

The malloc implementation can be relied upon to align this as needed to
the requirements it has, so using 16 byte alignment here is unnecessary.

Signed-off-by: Daniel Micay &lt;danielmicay@gmail.com&gt;
diff --git a/mm/mmap.c b/mm/mmap.c
@@ -220,6 +220,13 @@ SYSCALL_DEFINE1(brk, unsigned long, brk)
 
 	newbrk = PAGE_ALIGN(brk);
 	oldbrk = PAGE_ALIGN(mm->brk);
+	/* properly handle unaligned min_brk as an empty heap */
+	if (min_brk & ~PAGE_MASK) {
+		if (brk == min_brk)
+			newbrk -= PAGE_SIZE;
+		if (mm->brk == min_brk)
+			oldbrk -= PAGE_SIZE;
+	}
 	if (oldbrk == newbrk)
 		goto set_brk;
 
