PAX ASLR: Move the mmap randomization to a better spot as suggested b…

…y Alan Cox
opntr · Jun 28, 2014 · 3d154ea · 3d154ea
1 parent d7af8b0
commit 3d154ea
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 7 deletions.
diff --git a/sys/kern/kern_pax_aslr.c b/sys/kern/kern_pax_aslr.c
@@ -652,10 +652,7 @@ pax_aslr_mmap(struct thread *td, vm_offset_t *addr, vm_offset_t orig_addr, int f
 		pax_log_aslr(pr, __func__, "applying to %p orig_addr=%p flags=%x\n",
 		    (void *)*addr, (void *)orig_addr, flags);
 
-		if (!(td->td_proc->p_vmspace->vm_map.flags & MAP_ENTRY_GROWS_DOWN))
-			*addr += td->td_proc->p_vmspace->vm_aslr_delta_mmap;
-		else
-			*addr -= td->td_proc->p_vmspace->vm_aslr_delta_mmap;
+		*addr += td->td_proc->p_vmspace->vm_aslr_delta_mmap;
 		pax_log_aslr(pr, __func__, "result %p\n", (void *)*addr);
 	} else {
 		pax_log_aslr(pr, __func__, "not applying to %p orig_addr=%p flags=%x\n",

diff --git a/sys/vm/vm_mmap.c b/sys/vm/vm_mmap.c
@@ -319,6 +319,9 @@ sys_mmap(td, uap)
 		 * location.
 		 */
 		PROC_LOCK(td->td_proc);
+#ifdef PAX_ASLR
+		pax_aslr_mmap(td, &addr, orig_addr, flags);
+#endif
 		if (addr == 0 ||
 		    (addr >= round_page((vm_offset_t)vms->vm_taddr) &&
 		    addr < round_page((vm_offset_t)vms->vm_daddr +
@@ -427,9 +430,6 @@ sys_mmap(td, uap)
 map:
 	td->td_fpop = fp;
 	maxprot &= cap_maxprot;
-#ifdef PAX_ASLR
-	pax_aslr_mmap(td, &addr, orig_addr, flags);
-#endif
 	error = vm_mmap(&vms->vm_map, &addr, size, prot, maxprot,
 	    flags, handle_type, handle, pos);
 	td->td_fpop = NULL;