x86: arch_mmap_rnd() uses hard-coded values, 8 for 32-bit and 28 for
64-bit, to generate the random offset for the mmap base address.  This
value represents a compromise between increased ASLR effectiveness and
avoiding address-space fragmentation.  Replace it with a Kconfig option,
which is sensibly bounded, so that platform developers may choose where
to place this compromise.  Keep default values as new minimums.

Signed-off-by: Daniel Cashman <>
Cc: Russell King <>
Acked-by: Kees Cook <>
Cc: Ingo Molnar <>
Cc: Jonathan Corbet <>
Cc: Don Zickus <>
Cc: Eric W. Biederman <>
Cc: Heinrich Schuchardt <>
Cc: Josh Poimboeuf <>
Cc: Kirill A. Shutemov <>
Cc: Naoya Horiguchi <>
Cc: Andrea Arcangeli <>
Cc: Mel Gorman <>
Cc: Thomas Gleixner <>
Cc: David Rientjes <>
Cc: Mark Salyzyn <>
Cc: Jeff Vander Stoep <>
Cc: Nick Kralevich <>
Cc: Catalin Marinas <>
Cc: Will Deacon <>
Cc: "H. Peter Anvin" <>
Cc: Hector Marco-Gisbert <>
Cc: Borislav Petkov <>
Cc: Ralf Baechle <>
Cc: Heiko Carstens <>
Cc: Martin Schwidefsky <>
Cc: Benjamin Herrenschmidt <>
Signed-off-by: Andrew Morton <>
Signed-off-by: Linus Torvalds <>

Bug: 27796957
Patchset: ASLR sysctl

(cherry picked from commit 9e08f57d684ac2f40685f55f659564bfd91a971e)
Signed-off-by: Kees Cook <>
Change-Id: I8e7bbdd1eb5144c13953f10867a39a4cf59da6b0
2 files changed