lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <53622DBA.807@imgtec.com>
Date:	Thu, 1 May 2014 12:19:22 +0100
From:	James Hogan <james.hogan@...tec.com>
To:	Helge Deller <deller@....de>, <linux-kernel@...r.kernel.org>,
	<linux-parisc@...r.kernel.org>,
	James Bottomley <James.Bottomley@...senPartnership.com>,
	John David Anglin <dave.anglin@...l.net>,
	<linux-metag@...r.kernel.org>
Subject: Re: [PATCH] parisc,metag: Do not hardcode maximum userspace stack
 size

Hi Helge,

On 30/04/14 22:26, Helge Deller wrote:
> This patch affects only architectures where the stack grows upwards
> (currently parisc and metag only). On those do not hardcode the maximum
> initial stack size to 1GB, but make it configurable via a config option.
> 
> The main problem with the hardcoded stack size is, that we have two
> memory regions which grow upwards: stack and heap. To keep most of the
> memory available for heap in a flexmap memoy layout, it makes no sense
> to hard allocate up to 1GB of the memory for stack which can't be used
> as heap then.
> 
> This patch makes the stack size configurable and uses 80MB as default
> value which has been in use during the last few years on parisc and
> which didn't showed any problems yet.
> 
> Signed-off-by: Helge Deller <deller@....de>
> Cc: linux-parisc@...r.kernel.org
> Cc: linux-metag@...r.kernel.org
> Cc: John David Anglin <dave.anglin@...l.net>
> 
> diff --git a/arch/parisc/kernel/sys_parisc.c b/arch/parisc/kernel/sys_parisc.c
> index 7d8cbd1..9118f01 100644
> --- a/arch/parisc/kernel/sys_parisc.c
> +++ b/arch/parisc/kernel/sys_parisc.c
> @@ -72,10 +72,10 @@ static unsigned long mmap_upper_limit(void)
>  {
>  	unsigned long stack_base;
>  
> -	/* Limit stack size to 1GB - see setup_arg_pages() in fs/exec.c */
> +	/* Limit stack size - see setup_arg_pages() in fs/exec.c */
>  	stack_base = rlimit_max(RLIMIT_STACK);
> -	if (stack_base > (1 << 30))
> -		stack_base = 1 << 30;
> +	if (stack_base > CONFIG_MAX_STACK_SIZE_MB*1024*1024)
> +		stack_base = CONFIG_MAX_STACK_SIZE_MB*1024*1024;
>  
>  	return PAGE_ALIGN(STACK_TOP - stack_base);
>  }
> diff --git a/fs/exec.c b/fs/exec.c
> index 476f3eb..994108c 100644
> --- a/fs/exec.c
> +++ b/fs/exec.c
> @@ -657,10 +657,10 @@ int setup_arg_pages(struct linux_binprm *bprm,
>  	unsigned long rlim_stack;
>  
>  #ifdef CONFIG_STACK_GROWSUP
> -	/* Limit stack size to 1GB */
> +	/* Limit stack size */
>  	stack_base = rlimit_max(RLIMIT_STACK);
> -	if (stack_base > (1 << 30))
> -		stack_base = 1 << 30;
> +	if (stack_base > CONFIG_MAX_STACK_SIZE_MB*1024*1024)
> +		stack_base = CONFIG_MAX_STACK_SIZE_MB*1024*1024;

When I remove metag's _STK_LIM_MAX override (before your patch) it
panics when I next start a process (since stack_top = 0x3ffff000 so the
1GB default is way too big).

That could actually always have been triggered even with the default
_STK_LIM_MAX override, by just changing it from userland (as root),
e.g.:
# ulimit -H -s unlimited
# cat
BUG: failure at fs/exec.c:589/shift_arg_pages()!
Kernel panic - not syncing: BUG!

I'm guessing this doesn't affect parisc due to stack_top being above
1GB, but since this patch effectively fixes a bug on metag (by changing
the maximum stack size to a smaller/safe value) I'd like to take this
patch and submit upstream for v3.15, and mark for stable. Would that be
okay with you?

A few suggestions below though...

>  
>  	/* Make sure we didn't let the argument array grow too large. */
>  	if (vma->vm_end - vma->vm_start > stack_base)
> diff --git a/init/Kconfig b/init/Kconfig
> index 9d3585b..436e479 100644
> --- a/init/Kconfig
> +++ b/init/Kconfig
> @@ -1862,6 +1862,17 @@ config STOP_MACHINE
>  	help
>  	  Need stop_machine() primitive.
>  
> +config MAX_STACK_SIZE_MB
> +	int "Default initial maximum stack size"
> +	default 80

can we insert here:
range 8 256 if METAG

> +	range 8 2048
> +	depends on STACK_GROWSUP
> +	help
> +	  This is the default initial stack size in Megabytes in the VM layout of user
> +	  processes when the stack grows upwards (currently only on parisc and matag
> +	  arch).  The stack will be located at the highest memory address minus the
> +	  given value. A sane initial value is 80 MB.

This config option appears in the root menu. Can we move it into a
submenu, e.g. mm/Kconfig would seem a good place for it, then it appears
in the "Processor type and features" menu.

Also, technically it's the absolute maximum stack size, which happens to
be the default unless the user reduces the RLIMIT_STACK hard limit.

How does the v2 below look?

From c34f0ec062ae1a2c9fca3eddbc705f6b0faf97ca Mon Sep 17 00:00:00 2001
From: Helge Deller <deller@....de>
Date: Wed, 30 Apr 2014 23:26:02 +0200
Subject: [PATCH v2] parisc,metag: Do not hardcode maximum userspace stack
 size

This patch affects only architectures where the stack grows upwards
(currently parisc and metag only). On those do not hardcode the maximum
initial stack size to 1GB, but make it configurable via a config option.

The main problem with the hardcoded stack size is, that we have two
memory regions which grow upwards: stack and heap. To keep most of the
memory available for heap in a flexmap memoy layout, it makes no sense
to hard allocate up to 1GB of the memory for stack which can't be used
as heap then.

This patch makes the stack size configurable and uses 80MB as default
value which has been in use during the last few years on parisc and
which didn't showed any problems yet.

This also fixes a BUG on metag if the RLIMIT_STACK hard limit is
increased beyond a safe value by root. E.g. when starting a process
after running "ulimit -H -s unlimited" it will then attempt to use a
stack size of the maximum 1GB which is far too big for metag's limited
user virtual address space (stack_top is usually 0x3ffff000):
BUG: failure at fs/exec.c:589/shift_arg_pages()!

Signed-off-by: Helge Deller <deller@....de>
Signed-off-by: James Hogan <james.hogan@...tec.com>
Cc: linux-parisc@...r.kernel.org
Cc: linux-metag@...r.kernel.org
Cc: John David Anglin <dave.anglin@...l.net>
Cc: stable@...r.kernel.org
---
v2 (James Hogan):
 - updated description to mention BUG on metag.
 - added custom range limit for METAG.
 - moved Kconfig symbol to mm/Kconfig and reworded.
 - fixed "matag" typo.
---
 arch/parisc/kernel/sys_parisc.c |  6 +++---
 fs/exec.c                       |  6 +++---
 mm/Kconfig                      | 15 +++++++++++++++
 3 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/arch/parisc/kernel/sys_parisc.c b/arch/parisc/kernel/sys_parisc.c
index 31ffa9b55322..9f040261151e 100644
--- a/arch/parisc/kernel/sys_parisc.c
+++ b/arch/parisc/kernel/sys_parisc.c
@@ -72,10 +72,10 @@ static unsigned long mmap_upper_limit(void)
 {
 	unsigned long stack_base;

-	/* Limit stack size to 1GB - see setup_arg_pages() in fs/exec.c */
+	/* Limit stack size - see setup_arg_pages() in fs/exec.c */
 	stack_base = rlimit_max(RLIMIT_STACK);
-	if (stack_base > (1 << 30))
-		stack_base = 1 << 30;
+	if (stack_base > CONFIG_MAX_STACK_SIZE_MB*1024*1024)
+		stack_base = CONFIG_MAX_STACK_SIZE_MB*1024*1024;

 	return PAGE_ALIGN(STACK_TOP - stack_base);
 }
diff --git a/fs/exec.c b/fs/exec.c
index 476f3ebf437e..994108cc60f3 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -657,10 +657,10 @@ int setup_arg_pages(struct linux_binprm *bprm,
 	unsigned long rlim_stack;

 #ifdef CONFIG_STACK_GROWSUP
-	/* Limit stack size to 1GB */
+	/* Limit stack size */
 	stack_base = rlimit_max(RLIMIT_STACK);
-	if (stack_base > (1 << 30))
-		stack_base = 1 << 30;
+	if (stack_base > CONFIG_MAX_STACK_SIZE_MB*1024*1024)
+		stack_base = CONFIG_MAX_STACK_SIZE_MB*1024*1024;

 	/* Make sure we didn't let the argument array grow too large. */
 	if (vma->vm_end - vma->vm_start > stack_base)
diff --git a/mm/Kconfig b/mm/Kconfig
index ebe5880c29d6..e80075979530 100644
--- a/mm/Kconfig
+++ b/mm/Kconfig
@@ -581,3 +581,18 @@ config PGTABLE_MAPPING

 config GENERIC_EARLY_IOREMAP
 	bool
+
+config MAX_STACK_SIZE_MB
+	int "Maximum user stack size (MB)"
+	default 80
+	range 8 256 if METAG
+	range 8 2048
+	depends on STACK_GROWSUP
+	help
+	  This is the maximum stack size in Megabytes in the VM layout of user
+	  processes when the stack grows upwards (currently only on parisc and
+	  metag arch). The stack will be located at the highest memory address
+	  minus the given value, unless the RLIMIT_STACK hard limit is changed
+	  to a smaller value in which case that is used.
+
+	  A sane initial value is 80 MB.
-- 
1.9.2



Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ