| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 13 May 2014 12:18:47 +0100
From: James Hogan <james.hogan@...tec.com>
To: Helge Deller <deller@....de>,
James Bottomley <James.Bottomley@...senPartnership.com>
CC: <linux-kernel@...r.kernel.org>, <linux-parisc@...r.kernel.org>,
"John David Anglin" <dave.anglin@...l.net>,
<linux-metag@...r.kernel.org>
Subject: Re: [PATCH] parisc,metag: Do not hardcode maximum userspace stack
size
Hi Helge,
On 04/05/14 08:28, Helge Deller wrote:
> On 05/02/2014 04:48 PM, James Bottomley wrote:
>> On Fri, 2014-05-02 at 12:54 +0100, James Hogan wrote:
>>> On 01/05/14 18:50, James Bottomley wrote:
>>>>
>>>>> +
>>>>> +config MAX_STACK_SIZE_MB
>>>>> + int "Maximum user stack size (MB)"
>>>>> + default 80
>>>>> + range 8 256 if METAG
>>>>> + range 8 2048
>>>>> + depends on STACK_GROWSUP
>>>>> + help
>>>>> + This is the maximum stack size in Megabytes in the VM layout of user
>>>>> + processes when the stack grows upwards (currently only on parisc and
>>>>> + metag arch). The stack will be located at the highest memory address
>>>>> + minus the given value, unless the RLIMIT_STACK hard limit is changed
>>>>> + to a smaller value in which case that is used.
>>>>> +
>>>>> + A sane initial value is 80 MB.
>>>>
>>>> There's one final issue with this: placement of the stack only really
>>>> matters on 32 bits. We have three expanding memory areas: stack, heap
>>>> and maps. On 64 bits these are placed well separated from each other on
>>>> 64 bits, so an artificial limit like this doesn't matter.
>>>
>>> Does the following fixup diff look reasonable? It forces
>>> MAX_STACK_SIZE_MB to 1024 and hides the Kconfig option for 64BIT,
>>> effectively leaving the behaviour unchanged in that case.
>>>
>>> diff --git a/mm/Kconfig b/mm/Kconfig
>>> index e80075979530..b0307f737bd7 100644
>>> --- a/mm/Kconfig
>>> +++ b/mm/Kconfig
>>> @@ -583,7 +583,8 @@ config GENERIC_EARLY_IOREMAP
>>> bool
>>>
>>> config MAX_STACK_SIZE_MB
>>> - int "Maximum user stack size (MB)"
>>> + int "Maximum user stack size (MB)" if !64BIT
>>> + default 1024 if 64BIT
>>> default 80
>>> range 8 256 if METAG
>>> range 8 2048
>>
>> Yes, I think that's probably correct ...
>
> No, it's not correct.
> It will then choose then a 1GB stack for compat tasks on 64bit kernel.
Sorry for the delay (I had most of last week off sick and still catching
up).
That's a good point. It makes me think the best way to handle it is in a
new definition in asm/processor.h, maybe STACK_SIZE_MAX. Does something
like this look better? This patch isn't getting any cleaner
unfortunately.
>From 6ecb0392a3b670c4bf1641a6ec56f22427ca8b57 Mon Sep 17 00:00:00 2001
From: Helge Deller <deller@....de>
Date: Wed, 30 Apr 2014 23:26:02 +0200
Subject: [PATCH 1/1] parisc,metag: Do not hardcode maximum userspace stack
size
This patch affects only architectures where the stack grows upwards
(currently parisc and metag only). On those do not hardcode the maximum
initial stack size to 1GB for 32-bit processes, but make it configurable
via a config option.
The main problem with the hardcoded stack size is, that we have two
memory regions which grow upwards: stack and heap. To keep most of the
memory available for heap in a flexmap memoy layout, it makes no sense
to hard allocate up to 1GB of the memory for stack which can't be used
as heap then.
This patch makes the stack size configurable and uses 80MB as default
value which has been in use during the last few years on parisc and
which didn't showed any problems yet.
This also fixes a BUG on metag if the RLIMIT_STACK hard limit is
increased beyond a safe value by root. E.g. when starting a process
after running "ulimit -H -s unlimited" it will then attempt to use a
stack size of the maximum 1GB which is far too big for metag's limited
user virtual address space (stack_top is usually 0x3ffff000):
BUG: failure at fs/exec.c:589/shift_arg_pages()!
Signed-off-by: Helge Deller <deller@....de>
Signed-off-by: James Hogan <james.hogan@...tec.com>
Cc: linux-parisc@...r.kernel.org
Cc: linux-metag@...r.kernel.org
Cc: John David Anglin <dave.anglin@...l.net>
Cc: stable@...r.kernel.org # only needed for >= v3.9 (arch/metag)
---
v3 (James Hogan):
- fix so that 64-bit parisc processes still use the 1GB limit.
CONFIG_STACK_GROWSUP arches should provide a STACK_SIZE_MAX in their
asm/processor.h, and for parisc it depends on USER_WIDE_MODE (whether
the current process is 64-bit).
v2 (James Hogan):
- updated description to mention BUG on metag.
- added custom range limit for METAG.
- moved Kconfig symbol to mm/Kconfig and reworded.
- fixed "matag" typo.
---
arch/metag/include/asm/processor.h | 2 ++
arch/parisc/include/asm/processor.h | 5 +++++
arch/parisc/kernel/sys_parisc.c | 6 +++---
fs/exec.c | 6 +++---
mm/Kconfig | 15 +++++++++++++++
5 files changed, 28 insertions(+), 6 deletions(-)
diff --git a/arch/metag/include/asm/processor.h b/arch/metag/include/asm/processor.h
index f16477d1f571..a8a37477c66e 100644
--- a/arch/metag/include/asm/processor.h
+++ b/arch/metag/include/asm/processor.h
@@ -22,6 +22,8 @@
/* Add an extra page of padding at the top of the stack for the guard page. */
#define STACK_TOP (TASK_SIZE - PAGE_SIZE)
#define STACK_TOP_MAX STACK_TOP
+/* Maximum virtual space for stack */
+#define STACK_SIZE_MAX (CONFIG_MAX_STACK_SIZE_MB*1024*1024)
/* This decides where the kernel will search for a free chunk of vm
* space during mmap's.
diff --git a/arch/parisc/include/asm/processor.h b/arch/parisc/include/asm/processor.h
index 198a86feb574..d951c9681ab3 100644
--- a/arch/parisc/include/asm/processor.h
+++ b/arch/parisc/include/asm/processor.h
@@ -55,6 +55,11 @@
#define STACK_TOP TASK_SIZE
#define STACK_TOP_MAX DEFAULT_TASK_SIZE
+/* Allow bigger stacks for 64-bit processes */
+#define STACK_SIZE_MAX (USER_WIDE_MODE \
+ ? (1 << 30) /* 1 GB */ \
+ : (CONFIG_MAX_STACK_SIZE_MB*1024*1024))
+
#endif
#ifndef __ASSEMBLY__
diff --git a/arch/parisc/kernel/sys_parisc.c b/arch/parisc/kernel/sys_parisc.c
index 31ffa9b55322..e1ffea2f9a0b 100644
--- a/arch/parisc/kernel/sys_parisc.c
+++ b/arch/parisc/kernel/sys_parisc.c
@@ -72,10 +72,10 @@ static unsigned long mmap_upper_limit(void)
{
unsigned long stack_base;
- /* Limit stack size to 1GB - see setup_arg_pages() in fs/exec.c */
+ /* Limit stack size - see setup_arg_pages() in fs/exec.c */
stack_base = rlimit_max(RLIMIT_STACK);
- if (stack_base > (1 << 30))
- stack_base = 1 << 30;
+ if (stack_base > STACK_SIZE_MAX)
+ stack_base = STACK_SIZE_MAX;
return PAGE_ALIGN(STACK_TOP - stack_base);
}
diff --git a/fs/exec.c b/fs/exec.c
index 476f3ebf437e..238b7aa26f68 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -657,10 +657,10 @@ int setup_arg_pages(struct linux_binprm *bprm,
unsigned long rlim_stack;
#ifdef CONFIG_STACK_GROWSUP
- /* Limit stack size to 1GB */
+ /* Limit stack size */
stack_base = rlimit_max(RLIMIT_STACK);
- if (stack_base > (1 << 30))
- stack_base = 1 << 30;
+ if (stack_base > STACK_SIZE_MAX)
+ stack_base = STACK_SIZE_MAX;
/* Make sure we didn't let the argument array grow too large. */
if (vma->vm_end - vma->vm_start > stack_base)
diff --git a/mm/Kconfig b/mm/Kconfig
index ebe5880c29d6..1b5a95f0fa01 100644
--- a/mm/Kconfig
+++ b/mm/Kconfig
@@ -581,3 +581,18 @@ config PGTABLE_MAPPING
config GENERIC_EARLY_IOREMAP
bool
+
+config MAX_STACK_SIZE_MB
+ int "Maximum user stack size for 32-bit processes (MB)"
+ default 80
+ range 8 256 if METAG
+ range 8 2048
+ depends on STACK_GROWSUP && (!64BIT || COMPAT)
+ help
+ This is the maximum stack size in Megabytes in the VM layout of 32-bit
+ user processes when the stack grows upwards (currently only on parisc
+ and metag arch). The stack will be located at the highest memory
+ address minus the given value, unless the RLIMIT_STACK hard limit is
+ changed to a smaller value in which case that is used.
+
+ A sane initial value is 80 MB.
--
1.9.3
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists