Menu
If Address Space Layout Randomization (ASLR) is disabled, would we have a deterministic mmap? By deterministic, I mean that If I run the same application again and again with the same inputs, will I get the same addresses returned by mmap? I am mostly interested in anonymous mmaps.
966
If you enable ASLR after IPL, only those jobs that are subsequently started and that are not exempt from ASLR will have ASLR enabled. The ASLR enablement options provide a way to restrict ASLR to subsets of address spaces where it is less likely to cause a storage constraint issue.
If you want to construct a program which disables ASLR for itself when it runs, you can use the personality system call on Linux. Here's a recipe: If you look at the source for setarch, it calls personality twice in roughly this pattern. The major difference is that setarch calls exec on some other program, whereas my recipe exec s itself.
The opt-in model was an intentional choice to avoid non-trivial compatibility issues with existing applications. Mandatory ASLR can be used to forcibly rebase EXEs/DLLs that have not opted in. In Windows 8, we introduced operating system support for forcing EXEs/DLLs to be rebased at runtime if they did not opt-in to ASLR.
From WDEG, mitigations can be enabled on a per-program basis using the user interface or command line tools as described here. Enabling force randomization for images (mandatory ASLR) and randomize memory allocations (bottom-up ASLR) will enable the expected behavior as shown below:
If Address Space Layout Randomization (ASLR) is disabled, would we have a deterministic mmap?
If your application has exactly the same memory layout at moment of i-th mmap (in terms of which pages of virtual address space are mapped and which are not); then mmap should be deterministic in Linux kernel.
There are some strange situations possible, which can change memory layout. For example, additional command line arguments can shift stack to lower address. There are a lot of files, mmaped in c runtime (e.g. locales) and if some files have their size changed from previous start, the memory layout will be changed too. Even stack consumption may affect it.
If your application memory allocation (both sizes and order of allocations) via malloc changed, mmap will be not deterministic. So, if your application is threaded; it should fix order of malloc calls or limit all mallocs to main thread.
mm/mmap.c: arch_get_unmapped_area - default non-fixed mmap address resolver is deterministic IIF the VMA tree is the same AND history of previous mmap is same (there is a cache mm->free_area_cache which is live between calls to mmap.
122
In my experience it is reproducible. When I have a deterministic program (written by me) (with ASLR disabled) which I run several times (with the same inputs and conditions) under gdb, the pointers are the same.
However, being a deterministic program is a property which is not statically detectable (I just happen to know that some programs I'm coding are deterministic enough).
32
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
