[PATCH] eal/linux: enhance ASLR verification

[Yang Ming]

On 2025/3/11 05:43, Stephen Hemminger wrote:
> Caution: This is an external email. Please be very careful when clicking links or opening attachments. See http://nok.it/nsb for additional information.
>
> On Fri, 28 Feb 2025 17:44:04 +0800
> Yang Ming <ming.1.yang at nokia-sbell.com> wrote:
>
>> This change ensures that the current process is checked for
>> being run with 'setarch' before verifying the value of
>> '/proc/sys/kernel/randomize_va_space'. The '-R' or
>> '--addr-no-randomize' parameter of the 'setarch' command is used
>> to disable the randomization of the virtual address space.
>>
>> Fixes: af75078fece3 ("first public release")
>> Cc: stable at dpdk.org
>>
>> Signed-off-by: Yang Ming <ming.1.yang at nokia-sbell.com>
> Looks good, I wonder if the personality() check can supersede the need
> to reference sysfs here?
>
Hi Stephen,

Thank you for your feedback. The personality() check is indeed a useful 
addition to determine if the current process is executed with the 
ADDR_NO_RANDOMIZE flag set, which can disable ASLR (Address Space Layout 
Randomization).

However, relying solely on the personality() check may not be sufficient 
in all scenarios. The personality() function checks the attributes of 
the current process, but it does not provide information about the 
system-wide ASLR settings, which are typically controlled via sysfs 
(/proc/sys/kernel/randomize_va_space). The sysfs file 
RANDOMIZE_VA_SPACE_FILE indicates the global ASLR setting for the entire 
system, which can affect all processes.

By including both checks, we ensure comprehensive coverage:
1. The personality() check verifies if the current process has ASLR 
disabled.
2. The sysfs reference checks the global ASLR setting, which affects all 
processes.

Therefore, while the personality() check is valuable, it does not 
entirely supersede the need to reference sysfs. Both checks together 
provide a more robust determination of ASLR status.


Brs,
Yang Ming