From 155fe57b77751508e8a833646b04cb00dd8889f7 Mon Sep 17 00:00:00 2001 From: Sofian Brabez Date: Tue, 29 May 2012 17:17:24 +0200 Subject: add vm.mmap_random sysctl to randomize mmap offset when it's set to 1 Signed-off-by: Sofian Brabez --- sys/vm/vm_mmap.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/sys/vm/vm_mmap.c b/sys/vm/vm_mmap.c index e85b681..2d1d445 100644 --- a/sys/vm/vm_mmap.c +++ b/sys/vm/vm_mmap.c @@ -99,6 +99,9 @@ static int vm_mmap_cdev(struct thread *, vm_size_t, vm_prot_t, vm_prot_t *, static int vm_mmap_shm(struct thread *, vm_size_t, vm_prot_t, vm_prot_t *, int *, struct shmfd *, vm_ooffset_t, vm_object_t *); +static int mmap_random = 1; +SYSCTL_INT(_vm, OID_AUTO, mmap_random, CTLFLAG_RW, &mmap_random, 0, "random mmap offset"); + /* * MPSAFE */ @@ -256,7 +259,8 @@ sys_mmap(td, uap) /* * XXX for non-fixed mappings where no hint is provided or * the hint would fall in the potential heap space, - * place it after the end of the largest possible heap. + * place it after the end of the largest possible hea, + * plus a random offset, it sysctl vm.mmap_random is set to 1 * * There should really be a pmap call to determine a reasonable * location. @@ -268,6 +272,8 @@ sys_mmap(td, uap) lim_max(td->td_proc, RLIMIT_DATA)))) addr = round_page((vm_offset_t)vms->vm_daddr + lim_max(td->td_proc, RLIMIT_DATA)); + if (mmap_random) + addr += arc4random() & (256 * 1024 * 1024 -1); PROC_UNLOCK(td->td_proc); } if (flags & MAP_ANON) { -- 1.7.10.3