CONFIG_PAX_ASLR
ASLR: Address Space layout randomization
在mm_struct结构里,我们注意到,当定义CONFIG_PAX_ASLR时,会有成员
delta_mmap
delta_stack
定义
struct mm_struct
{
....
#ifdef CONFIG_PAX_ASLR
unsigned long delta_mmap; /* randomized offset */
unsigned long delta_stack; /* randomized offset */
#endif
}
----------------------
load_elf_binary函数里面
#ifdef CONFIG_PAX_ASLR
current->mm->delta_mmap = 0UL;
current->mm->delta_stack = 0UL;
#endif
....
#ifdef CONFIG_PAX_ASLR
if (current->mm->pax_flags & MF_PAX_RANDMMAP) {
current->mm->delta_mmap = (pax_get_random_long() & ((1UL << PAX_DELTA_MMAP_LEN)-1)) << PAGE_SHIFT; /* 27bit 随机 */
current->mm->delta_stack = (pax_get_random_long() & ((1UL << PAX_DELTA_STACK_LEN)-1)) << PAGE_SHIFT; /* 27bit 随机 */
}
#endif
再看
#ifdef CONFIG_PAX_ASLR
#ifdef CONFIG_X86_32
#define PAX_ELF_ET_DYN_BASE 0x10000000UL
#define PAX_DELTA_MMAP_LEN (current->mm->pax_flags & MF_PAX_SEGMEXEC ? 15 : 16)
#define PAX_DELTA_STACK_LEN (current->mm->pax_flags & MF_PAX_SEGMEXEC ? 15 : 16)
#else
#define PAX_ELF_ET_DYN_BASE 0x400000UL
/* TASK_SIZE_MAX_SHIFT=42,PAGE_SHIFT=12,所以PAX_DELTA_MMAP_LEN=27 */
#define PAX_DELTA_MMAP_LEN ((test_thread_flag(TIF_IA32)) ? 16 : TASK_SIZE_MAX_SHIFT - PAGE_SHIFT - 3)
/* TASK_SIZE_MAX_SHIFT=42,PAGE_SHIFT=12,所以PAX_DELTA_STACK_LEN=27 */
#define PAX_DELTA_STACK_LEN ((test_thread_flag(TIF_IA32)) ? 16 : TASK_SIZE_MAX_SHIFT - PAGE_SHIFT - 3)
#endif
#endif
阅读(809) | 评论(0) | 转发(0) |