| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <145353478691.23962.7610086254586675400.stgit@zurg> Date: Sat, 23 Jan 2016 10:39:47 +0300 From: Konstantin Khlebnikov <koct9i@...il.com> To: Cyrill Gorcunov <gorcunov@...il.com>, linux-mm@...ck.org, Linus Torvalds <torvalds@...ux-foundation.org>, Andrew Morton <akpm@...uxfoundation.org>, linux-kernel@...r.kernel.org Cc: Vegard Nossum <vegard.nossum@...cle.com>, Peter Zijlstra <a.p.zijlstra@...llo.nl>, Vladimir Davydov <vdavydov@...tuozzo.com>, Andy Lutomirski <luto@...capital.net>, Quentin Casasnovas <quentin.casasnovas@...cle.com>, Kees Cook <keescook@...gle.com>, Willy Tarreau <w@....eu>, Pavel Emelyanov <xemul@...tuozzo.com> Subject: [PATCH 2/2] mm: limit VmData with RLIMIT_DATA This adds is correct version of RLIMIT_DATA check. And kernel boot option "ignore_rlimit_data" for reverting old behavior. Also could be set by /sys/module/kernel/parameters/ignore_rlimit_data. Signed-off-by: Konstantin Khlebnikov <koct9i@...il.com> --- Documentation/kernel-parameters.txt | 5 +++++ mm/mmap.c | 8 ++++++++ 2 files changed, 13 insertions(+) diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt index cfb2c0f1a4a8..850239102e86 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt @@ -1461,6 +1461,11 @@ bytes respectively. Such letter suffixes can also be entirely omitted. could change it dynamically, usually by /sys/module/printk/parameters/ignore_loglevel. + ignore_rlimit_data + Ignore setrlimit(RLIMIT_DATA) setting for private + mappings (as it was before). Could be changed by + /sys/module/kernel/parameters/ignore_rlimit_data. + ihash_entries= [KNL] Set number of hash buckets for inode cache. diff --git a/mm/mmap.c b/mm/mmap.c index e0cd98c510ba..af272025b1b9 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -42,6 +42,7 @@ #include <linux/memory.h> #include <linux/printk.h> #include <linux/userfaultfd_k.h> +#include <linux/moduleparam.h> #include <asm/uaccess.h> #include <asm/cacheflush.h> @@ -69,6 +70,8 @@ const int mmap_rnd_compat_bits_max = CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX; int mmap_rnd_compat_bits __read_mostly = CONFIG_ARCH_MMAP_RND_COMPAT_BITS; #endif +static bool ignore_rlimit_data = false; +core_param(ignore_rlimit_data, ignore_rlimit_data, bool, 0644); static void unmap_region(struct mm_struct *mm, struct vm_area_struct *vma, struct vm_area_struct *prev, @@ -2982,6 +2985,11 @@ bool may_expand_vm(struct mm_struct *mm, vm_flags_t flags, unsigned long npages) if (mm->total_vm + npages > rlimit(RLIMIT_AS) >> PAGE_SHIFT) return false; + if (!ignore_rlimit_data && (flags & (VM_WRITE | VM_SHARED | + (VM_STACK_FLAGS & (VM_GROWSUP | VM_GROWSDOWN)))) == VM_WRITE && + mm->data_vm + npages > rlimit(RLIMIT_DATA) >> PAGE_SHIFT) + return false; + return true; }
Powered by blists - more mailing lists