lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <11046.1265705967@neuling.org>
Date:	Tue, 09 Feb 2010 19:59:27 +1100
From:	Michael Neuling <mikey@...ling.org>
To:	KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>
cc:	Americo Wang <xiyou.wangcong@...il.com>,
	Anton Blanchard <anton@...ba.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Alexander Viro <viro@...iv.linux.org.uk>,
	Oleg Nesterov <oleg@...hat.com>,
	James Morris <jmorris@...ei.org>, Ingo Molnar <mingo@...e.hu>,
	linux-fsdevel@...r.kernel.org, stable@...nel.org,
	linux-kernel@...r.kernel.org, linuxppc-dev@...abs.org,
	Serge Hallyn <serue@...ibm.com>,
	Paul Mackerras <paulus@...ba.org>, benh@...nel.crashing.org,
	miltonm@....com, aeb@....nl
Subject: Re: [PATCH] Restrict initial stack space expansion to rlimit

In message <20100209154141.03F0.A69D9226@...fujitsu.com> you wrote:
> > When reserving stack space for a new process, make sure we're not
> > attempting to expand the stack by more than rlimit allows.
> > 
> > This fixes a bug caused by b6a2fea39318e43fee84fa7b0b90d68bed92d2ba "mm:
> > variable length argument support" and unmasked by
> > fc63cf237078c86214abcb2ee9926d8ad289da9b "exec: setup_arg_pages() fails
> > to return errors".  This bug means when limiting the stack to less the
> > 20*PAGE_SIZE (eg. 80K on 4K pages or 'ulimit -s 79') all processes will
> > be killed before they start.  This is particularly bad with 64K pages,
> > where a ulimit below 1280K will kill every process.
> > 
> > Signed-off-by: Michael Neuling <mikey@...ling.org>
> > Cc: stable@...nel.org
> > ---
> > Attempts to answer comments from Kosaki Motohiro.
> > 
> > Tested on PPC only, hence !CONFIG_STACK_GROWSUP.  Someone should
> > probably ACK for an arch with CONFIG_STACK_GROWSUP.
> > 
> > As noted, stable needs the same patch, but 2.6.32 doesn't have the
> > rlimit() helper.
> > 
> >  fs/exec.c |   21 ++++++++++++++++++---
> >  1 file changed, 18 insertions(+), 3 deletions(-)
> > 
> > Index: linux-2.6-ozlabs/fs/exec.c
> > ===================================================================
> > --- linux-2.6-ozlabs.orig/fs/exec.c
> > +++ linux-2.6-ozlabs/fs/exec.c
> > @@ -555,6 +555,7 @@ static int shift_arg_pages(struct vm_are
> >  }
> >  
> >  #define EXTRA_STACK_VM_PAGES	20	/* random */
> > +#define ALIGN_DOWN(addr,size)	((addr)&(~((size)-1)))
> >  
> >  /*
> >   * Finalizes the stack vm_area_struct. The flags and permissions are updat
ed,
> > @@ -570,7 +571,7 @@ int setup_arg_pages(struct linux_binprm 
> >  	struct vm_area_struct *vma = bprm->vma;
> >  	struct vm_area_struct *prev = NULL;
> >  	unsigned long vm_flags;
> > -	unsigned long stack_base;
> > +	unsigned long stack_base, stack_expand, stack_expand_lim, stack_size;
> >  
> >  #ifdef CONFIG_STACK_GROWSUP
> >  	/* Limit stack size to 1GB */
> > @@ -627,10 +628,24 @@ int setup_arg_pages(struct linux_binprm 
> >  			goto out_unlock;
> >  	}
> >  
> > +	stack_expand = EXTRA_STACK_VM_PAGES * PAGE_SIZE;
> > +	stack_size = vma->vm_end - vma->vm_start;
> > +	if (rlimit(RLIMIT_STACK) < stack_size)
> > +		stack_expand_lim = 0; /* don't shrick the stack */
> > +	else
> > +		/*
> > +		 * Align this down to a page boundary as expand_stack
> > +		 * will align it up.
> > +		 */
> > +		stack_expand_lim = ALIGN_DOWN(rlimit(RLIMIT_STACK) - stack_size
,
> > +					      PAGE_SIZE);
> > +	/* Initial stack must not cause stack overflow. */
> > +	if (stack_expand > stack_expand_lim)
> > +		stack_expand = stack_expand_lim;
> >  #ifdef CONFIG_STACK_GROWSUP
> > -	stack_base = vma->vm_end + EXTRA_STACK_VM_PAGES * PAGE_SIZE;
> > +	stack_base = vma->vm_end + stack_expand;
> >  #else
> > -	stack_base = vma->vm_start - EXTRA_STACK_VM_PAGES * PAGE_SIZE;
> > +	stack_base = vma->vm_start - stack_expand;
> >  #endif
> >  	ret = expand_stack(vma, stack_base);
> >  	if (ret)
> 
> Umm.. It looks correct. but the nested complex if statement seems a bit ugly.
> Instead, How about following?

I don't like the duplicated code in the #ifdef/else but I can live with it.

> note: it's untested.

Works for me on ppc64 with 4k and 64k pages.  Thanks!

I'd still like someone with a CONFIG_STACK_GROWSUP arch to test/ACK it
as well.

Mikey

> 
> 
> 
> ===============
> From: Michael Neuling <mikey@...ling.org>
> Subject: Restrict initial stack space expansion to rlimit
> 
> When reserving stack space for a new process, make sure we're not
> attempting to expand the stack by more than rlimit allows.
> 
> This fixes a bug caused by b6a2fea39318e43fee84fa7b0b90d68bed92d2ba "mm:
> variable length argument support" and unmasked by
> fc63cf237078c86214abcb2ee9926d8ad289da9b "exec: setup_arg_pages() fails
> to return errors".  This bug means when limiting the stack to less the
> 20*PAGE_SIZE (eg. 80K on 4K pages or 'ulimit -s 79') all processes will
> be killed before they start.  This is particularly bad with 64K pages,
> where a ulimit below 1280K will kill every process.
> 
> [kosaki.motohiro@...fujitsu.com: cleanups]
> Signed-off-by: Michael Neuling <mikey@...ling.org>
> Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>
> Cc: stable@...nel.org
> ---
> Attempts to answer comments from Kosaki Motohiro.
> 
> Tested on PPC only, hence !CONFIG_STACK_GROWSUP.  Someone should
> probably ACK for an arch with CONFIG_STACK_GROWSUP.
> 
> As noted, stable needs the same patch, but 2.6.32 doesn't have the
> rlimit() helper.
> 
> diff --git a/fs/exec.c b/fs/exec.c
> index 6f7fb0c..325bad4 100644
> --- a/fs/exec.c
> +++ b/fs/exec.c
> @@ -573,6 +573,9 @@ int setup_arg_pages(struct linux_binprm *bprm,
>  	struct vm_area_struct *prev = NULL;
>  	unsigned long vm_flags;
>  	unsigned long stack_base;
> +	unsigned long stack_size;
> +	unsigned long stack_expand;
> +	unsigned long rlim_stack;
>  
>  #ifdef CONFIG_STACK_GROWSUP
>  	/* Limit stack size to 1GB */
> @@ -629,10 +632,27 @@ int setup_arg_pages(struct linux_binprm *bprm,
>  			goto out_unlock;
>  	}
>  
> +	stack_expand = EXTRA_STACK_VM_PAGES * PAGE_SIZE;
> +	stack_size = vma->vm_end - vma->vm_start;
> +	/*
> +	 * Align this down to a page boundary as expand_stack
> +	 * will align it up.
> +	 */
> +	rlim_stack = rlimit(RLIMIT_STACK) & PAGE_MASK;
> +	if (rlim_stack < stack_size)
> +		rlim_stack = stack_size;
>  #ifdef CONFIG_STACK_GROWSUP
> -	stack_base = vma->vm_end + EXTRA_STACK_VM_PAGES * PAGE_SIZE;
> +	if (stack_size + stack_expand > rlim_stack) {
> +		stack_base = vma->vm_start + rlim_stack;
> +	} else {
> +		stack_base = vma->vm_end + stack_expand;
> +	}
>  #else
> -	stack_base = vma->vm_start - EXTRA_STACK_VM_PAGES * PAGE_SIZE;
> +	if (stack_size + stack_expand > rlim_stack) {
> +		stack_base = vma->vm_end - rlim_stack;
> +	} else {
> +		stack_base = vma->vm_start - stack_expand;
> +	}
>  #endif
>  	ret = expand_stack(vma, stack_base);
>  	if (ret)
> 
> 
> 
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ