Chapter 4: Virtual Process Memory
However, the definition ofarch_pick_mmap_layoutfor the AMD64 architecture shows that another
complication arises:
arch/x86_64/mmap.c
void arch_pick_mmap_layout(struct mm_struct *mm)
{
#ifdef CONFIG_IA32_EMULATION
if (current_thread_info()->flags & _TIF_IA32)
return ia32_pick_mmap_layout(mm);
#endif
mm->mmap_base = TASK_UNMAPPED_BASE;
if (current->flags & PF_RANDOMIZE) {
/* Add 28bit randomness which is about 40bits of address space
because mmap base has to be page aligned.
or ~1/128 of the total user VM
(total user address space is 47bits) */
unsigned rnd = get_random_int() & 0xfffffff;
mm->mmap_base += ((unsigned long)rnd) << PAGE_SHIFT;
}
mm->get_unmapped_area = arch_get_unmapped_area;
mm->unmap_area = arch_unmap_area;
}
If binary emulation for 32-bit applications is enabled, any process that runs in compatibility mode
should see the same address space as it would encounter on a native machine. Therefore,ia32_pick_
mmap_layoutis used to lay out the address space for 32-bit applications. The function is an identical copy
ofarch_pick_mmap_layoutfor IA-32 systems, as discussed above.
The classic layout for virtual address space is always used on AMD64 systems so that there is no need
to distinguish between the various options. Address space randomization is performed by shifting the
otherwise fixedmmap_baseif thePF_RANDOMIZEflag is set.
Let us go back toload_elf_binary. Finally, the function needs to create the stack at the appropriate
location:
<fs/binfmt_elf.c>
static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
{
...
retval = setup_arg_pages(bprm, randomize_stack_top(STACK_TOP),
executable_stack);
...
}
The standard functionsetup_arg_pagesis used for this purpose. I will not discuss it in detail because it is
only technical. The function requires the top of the stack as a parameter. This is given by the architecture-
specific constantSTACK_TOP,butrandomize_stack_topensures that the address is changed by a random
amount if address space randomization is required.
