diff options
author | Heiko Carstens <heiko.carstens@de.ibm.com> | 2011-01-12 09:55:31 +0100 |
---|---|---|
committer | Martin Schwidefsky <sky@mschwide.boeblingen.de.ibm.com> | 2011-01-12 09:55:25 +0100 |
commit | d2c9dfccbc3a449b9677772e7496e2656049d9f3 (patch) | |
tree | f62cf27ddee310af28244bcfbc8eb2e197ed629c /arch/s390 | |
parent | 3351918282fd664e918a3175ddfae9b15656122e (diff) | |
download | linux-d2c9dfccbc3a449b9677772e7496e2656049d9f3.tar.bz2 |
[S390] Randomize PIEs
Randomize ELF_ET_DYN_BASE, which is used when loading position
independent executables.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Diffstat (limited to 'arch/s390')
-rw-r--r-- | arch/s390/include/asm/elf.h | 4 | ||||
-rw-r--r-- | arch/s390/kernel/process.c | 11 |
2 files changed, 14 insertions, 1 deletions
diff --git a/arch/s390/include/asm/elf.h b/arch/s390/include/asm/elf.h index 457fb7c16236..10c029cfcc7d 100644 --- a/arch/s390/include/asm/elf.h +++ b/arch/s390/include/asm/elf.h @@ -161,7 +161,9 @@ extern unsigned int vdso_enabled; use of this is to invoke "./ld.so someprog" to test out a new version of the loader. We need to make sure that it is out of the way of the program that it will "exec", and that there is sufficient room for the brk. */ -#define ELF_ET_DYN_BASE (STACK_TOP / 3 * 2) + +extern unsigned long randomize_et_dyn(unsigned long base); +#define ELF_ET_DYN_BASE (randomize_et_dyn(STACK_TOP / 3 * 2)) /* This yields a mask that user programs can use to figure out what instruction set this CPU supports. */ diff --git a/arch/s390/kernel/process.c b/arch/s390/kernel/process.c index 26d48fe72999..a895e69379f7 100644 --- a/arch/s390/kernel/process.c +++ b/arch/s390/kernel/process.c @@ -359,3 +359,14 @@ unsigned long arch_randomize_brk(struct mm_struct *mm) return mm->brk; return ret; } + +unsigned long randomize_et_dyn(unsigned long base) +{ + unsigned long ret = PAGE_ALIGN(base + brk_rnd()); + + if (!(current->flags & PF_RANDOMIZE)) + return base; + if (ret < base) + return base; + return ret; +} |