[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20101201090350.ABA2.A69D9226@jp.fujitsu.com>
Date: Wed, 1 Dec 2010 09:12:47 +0900 (JST)
From: KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>
To: Oleg Nesterov <oleg@...hat.com>
Cc: kosaki.motohiro@...fujitsu.com,
Andrew Morton <akpm@...ux-foundation.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
LKML <linux-kernel@...r.kernel.org>,
linux-mm <linux-mm@...ck.org>, pageexec@...email.hu,
Solar Designer <solar@...nwall.com>,
Eugene Teo <eteo@...hat.com>,
Brad Spengler <spender@...ecurity.net>,
Roland McGrath <roland@...hat.com>, stable@...nel.org
Subject: Re: [PATCH 1/2] exec: make argv/envp memory visible to oom-killer
> Brad Spengler published a local memory-allocation DoS that
> evades the OOM-killer (though not the virtual memory RLIMIT):
> http://www.grsecurity.net/~spender/64bit_dos.c
>
> execve()->copy_strings() can allocate a lot of memory, but
> this is not visible to oom-killer, nobody can see the nascent
> bprm->mm and take it into account.
>
> With this patch get_arg_page() increments current's MM_ANONPAGES
> counter every time we allocate the new page for argv/envp. When
> do_execve() succeds or fails, we change this counter back.
>
> Technically this is not 100% correct, we can't know if the new
> page is swapped out and turn MM_ANONPAGES into MM_SWAPENTS, but
> I don't think this really matters and everything becomes correct
> once exec changes ->mm or fails.
>
> Reported-by: Brad Spengler <spender@...ecurity.net>
> By-discussion-with: KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>
> Signed-off-by: Oleg Nesterov <oleg@...hat.com>
Looks good to me.
Reviewed-by: KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>
Thank you very much.
> --- K/fs/exec.c~acct_exec_mem 2010-11-30 18:27:15.000000000 +0100
> +++ K/fs/exec.c 2010-11-30 18:28:54.000000000 +0100
> @@ -164,6 +164,25 @@ out:
>
> #ifdef CONFIG_MMU
>
> +static void acct_arg_size(struct linux_binprm *bprm, unsigned long pages)
One minor request.
I guess this function can easily makes confusing to a code reader. So I
hope you write small function comments. describe to
- What is oom nascent issue
- Why we think inaccurate account is ok
> +{
> + struct mm_struct *mm = current->mm;
> + long diff = (long)(pages - bprm->vma_pages);
> +
> + if (!mm || !diff)
> + return;
> +
> + bprm->vma_pages = pages;
> +
> +#ifdef SPLIT_RSS_COUNTING
> + add_mm_counter(mm, MM_ANONPAGES, diff);
> +#else
> + spin_lock(&mm->page_table_lock);
> + add_mm_counter(mm, MM_ANONPAGES, diff);
> + spin_unlock(&mm->page_table_lock);
> +#endif
> +}
> +
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists