lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sat, 23 Jan 2016 10:39:47 +0300
From:	Konstantin Khlebnikov <koct9i@...il.com>
To:	Cyrill Gorcunov <gorcunov@...il.com>, linux-mm@...ck.org,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Andrew Morton <akpm@...uxfoundation.org>,
	linux-kernel@...r.kernel.org
Cc:	Vegard Nossum <vegard.nossum@...cle.com>,
	Peter Zijlstra <a.p.zijlstra@...llo.nl>,
	Vladimir Davydov <vdavydov@...tuozzo.com>,
	Andy Lutomirski <luto@...capital.net>,
	Quentin Casasnovas <quentin.casasnovas@...cle.com>,
	Kees Cook <keescook@...gle.com>, Willy Tarreau <w@....eu>,
	Pavel Emelyanov <xemul@...tuozzo.com>
Subject: [PATCH 2/2] mm: limit VmData with RLIMIT_DATA

This adds is correct version of RLIMIT_DATA check.
And kernel boot option "ignore_rlimit_data" for reverting old behavior.
Also could be set by /sys/module/kernel/parameters/ignore_rlimit_data.

Signed-off-by: Konstantin Khlebnikov <koct9i@...il.com>
---
 Documentation/kernel-parameters.txt |    5 +++++
 mm/mmap.c                           |    8 ++++++++
 2 files changed, 13 insertions(+)

diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
index cfb2c0f1a4a8..850239102e86 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -1461,6 +1461,11 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
 			could change it dynamically, usually by
 			/sys/module/printk/parameters/ignore_loglevel.
 
+	ignore_rlimit_data
+			Ignore setrlimit(RLIMIT_DATA) setting for private
+			mappings (as it was before). Could be changed by
+			/sys/module/kernel/parameters/ignore_rlimit_data.
+
 	ihash_entries=	[KNL]
 			Set number of hash buckets for inode cache.
 
diff --git a/mm/mmap.c b/mm/mmap.c
index e0cd98c510ba..af272025b1b9 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -42,6 +42,7 @@
 #include <linux/memory.h>
 #include <linux/printk.h>
 #include <linux/userfaultfd_k.h>
+#include <linux/moduleparam.h>
 
 #include <asm/uaccess.h>
 #include <asm/cacheflush.h>
@@ -69,6 +70,8 @@ const int mmap_rnd_compat_bits_max = CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX;
 int mmap_rnd_compat_bits __read_mostly = CONFIG_ARCH_MMAP_RND_COMPAT_BITS;
 #endif
 
+static bool ignore_rlimit_data = false;
+core_param(ignore_rlimit_data, ignore_rlimit_data, bool, 0644);
 
 static void unmap_region(struct mm_struct *mm,
 		struct vm_area_struct *vma, struct vm_area_struct *prev,
@@ -2982,6 +2985,11 @@ bool may_expand_vm(struct mm_struct *mm, vm_flags_t flags, unsigned long npages)
 	if (mm->total_vm + npages > rlimit(RLIMIT_AS) >> PAGE_SHIFT)
 		return false;
 
+	if (!ignore_rlimit_data && (flags & (VM_WRITE | VM_SHARED |
+		(VM_STACK_FLAGS & (VM_GROWSUP | VM_GROWSDOWN)))) == VM_WRITE &&
+	    mm->data_vm + npages > rlimit(RLIMIT_DATA) >> PAGE_SHIFT)
+		return false;
+
 	return true;
 }

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ