From: Ben Hutchings <ben@decadent.org.uk>
To: Michal Hocko <mhocko@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Willy Tarreau <w@1wt.eu>, Hugh Dickins <hughd@google.com>,
Oleg Nesterov <oleg@redhat.com>,
"Jason A. Donenfeld" <Jason@zx2c4.com>,
Rik van Riel <riel@redhat.com>,
Larry Woodman <lwoodman@redhat.com>,
"Kirill A. Shutemov" <kirill@shutemov.name>,
Tony Luck <tony.luck@intel.com>,
"James E.J. Bottomley" <jejb@parisc-linux.org>,
Helge Diller <deller@gmx.de>,
James Hogan <james.hogan@imgtec.com>,
Laura Abbott <labbott@redhat.com>, Greg KH <greg@kroah.com>,
"security@kernel.org" <security@kernel.org>,
Qualys Security Advisory <qsa@qualys.com>,
LKML <linux-kernel@vger.kernel.org>,
Ximin Luo <infinity0@debian.org>
Subject: Re: [PATCH] mm: larger stack guard gap, between vmas
Date: Wed, 5 Jul 2017 17:58:45 +0100 [thread overview]
Message-ID: <20170705165845.GB4732@decadent.org.uk> (raw)
In-Reply-To: <1499268300.2707.41.camel@decadent.org.uk>
[-- Attachment #1: Type: text/plain, Size: 3899 bytes --]
On Wed, Jul 05, 2017 at 04:25:00PM +0100, Ben Hutchings wrote:
[...]
> Soemthing I noticed is that Java doesn't immediately use MAP_FIXED.
> Look at os::pd_attempt_reserve_memory_at(). If the first, hinted,
> mmap() doesn't return the hinted address it then attempts to allocate
> huge areas (I'm not sure how intentional this is) and unmaps the
> unwanted parts. Then os::workaround_expand_exec_shield_cs_limit() re-
> mmap()s the wanted part with MAP_FIXED. If this fails at any point it
> is not a fatal error.
>
> So if we change vm_start_gap() to take the stack limit into account
> (when it's finite) that should neutralise
> os::workaround_expand_exec_shield_cs_limit(). I'll try this.
I ended up with the following two patches, which seem to deal with
both the Java and Rust regressions. These don't touch the
stack-grows-up paths at all because Rust doesn't run on those
architectures and the Java weirdness is i386-specific.
They definitely need longer commit messages and comments, but aside
from that do these look reasonable?
Ben.
Subject: [1/2] mmap: Skip a single VM_NONE mapping when checking the stack gap
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
mm/mmap.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/mm/mmap.c b/mm/mmap.c
index a5e3dcd75e79..c7906ae1a7a1 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -2323,11 +2323,16 @@ int expand_downwards(struct vm_area_struct *vma,
if (error)
return error;
- /* Enforce stack_guard_gap */
+ /*
+ * Enforce stack_guard_gap. Some applications allocate a VM_NONE
+ * mapping just below the stack, which we can safely ignore.
+ */
gap_addr = address - stack_guard_gap;
if (gap_addr > address)
return -ENOMEM;
prev = vma->vm_prev;
+ if (prev && !(prev->vm_flags & (VM_READ | VM_WRITE | VM_EXEC)))
+ prev = prev->vm_prev;
if (prev && prev->vm_end > gap_addr) {
if (!(prev->vm_flags & VM_GROWSDOWN))
return -ENOMEM;
Subject: [2/2] mmap: Avoid mapping anywhere within the full stack extent
if finite
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
include/linux/mm.h | 9 ++++-----
mm/mmap.c | 19 +++++++++++++++++++
2 files changed, 23 insertions(+), 5 deletions(-)
diff --git a/include/linux/mm.h b/include/linux/mm.h
index 6f543a47fc92..2240a0505072 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -2223,15 +2223,14 @@ static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * m
return vma;
}
+unsigned long __vm_start_gap(struct vm_area_struct *vma);
+
static inline unsigned long vm_start_gap(struct vm_area_struct *vma)
{
unsigned long vm_start = vma->vm_start;
- if (vma->vm_flags & VM_GROWSDOWN) {
- vm_start -= stack_guard_gap;
- if (vm_start > vma->vm_start)
- vm_start = 0;
- }
+ if (vma->vm_flags & VM_GROWSDOWN)
+ vm_start = __vm_start_gap(vma);
return vm_start;
}
diff --git a/mm/mmap.c b/mm/mmap.c
index c7906ae1a7a1..f8131a94e56e 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -2307,6 +2307,25 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address)
}
#endif /* CONFIG_STACK_GROWSUP || CONFIG_IA64 */
+unsigned long __vm_start_gap(struct vm_area_struct *vma)
+{
+ unsigned long stack_limit =
+ current->signal->rlim[RLIMIT_STACK].rlim_cur;
+ unsigned long vm_start;
+
+ if (stack_limit != RLIM_INFINITY &&
+ vma->vm_end - vma->vm_start < stack_limit)
+ vm_start = vma->vm_end - PAGE_ALIGN(stack_limit);
+ else
+ vm_start = vma->vm_start;
+
+ vm_start -= stack_guard_gap;
+ if (vm_start > vma->vm_start)
+ vm_start = 0;
+
+ return vm_start;
+}
+
/*
* vma is the first one with address < vma->vm_start. Have to extend vma.
*/
--
Ben Hutchings
For every complex problem
there is a solution that is simple, neat, and wrong.
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 811 bytes --]
next prev parent reply other threads:[~2017-07-05 16:59 UTC|newest]
Thread overview: 91+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <alpine.LSU.2.11.1706190355140.2626@eggly.anvils>
2017-06-22 12:30 ` [PATCH] mm: larger stack guard gap, between vmas Ben Hutchings
2017-06-22 12:46 ` Willy Tarreau
2017-06-22 12:58 ` Ben Hutchings
2017-06-22 13:10 ` Willy Tarreau
2017-06-22 13:28 ` Willy Tarreau
2017-06-22 13:15 ` [vs-plain] " Levente Polyak
2017-06-22 13:59 ` Willy Tarreau
2017-06-22 14:14 ` Ben Hutchings
2017-06-22 14:34 ` Willy Tarreau
2017-06-23 3:10 ` Andy Lutomirski
2017-06-23 4:42 ` Linus Torvalds
2017-06-22 21:23 ` Helge Deller
2017-06-23 4:35 ` Hugh Dickins
2017-06-24 9:11 ` Hugh Dickins
2017-06-24 18:29 ` Ben Hutchings
[not found] ` <CA+55aFx6j4na3BVRC2aQuf-kNp1jzGahN8To_SFpNu+H=gopJA@mail.gmail.com>
[not found] ` <20170619142358.GA32654@1wt.eu>
[not found] ` <1498009101.2655.6.camel@decadent.org.uk>
[not found] ` <20170621092419.GA22051@dhcp22.suse.cz>
[not found] ` <1498042057.2655.8.camel@decadent.org.uk>
2017-07-03 23:55 ` Ben Hutchings
2017-07-04 0:05 ` Linus Torvalds
2017-07-04 8:41 ` Michal Hocko
2017-07-04 9:35 ` Michal Hocko
2017-07-04 9:47 ` Willy Tarreau
2017-07-04 10:42 ` Michal Hocko
2017-07-04 11:36 ` Ben Hutchings
2017-07-04 12:00 ` Michal Hocko
2017-07-04 12:11 ` Michal Hocko
2017-07-04 12:21 ` Ben Hutchings
2017-07-04 12:33 ` Michal Hocko
2017-07-04 14:19 ` Ximin Luo
2017-07-04 14:48 ` Michal Hocko
2017-07-04 15:51 ` Willy Tarreau
2017-07-04 17:22 ` Michal Hocko
2017-07-04 18:37 ` Linus Torvalds
2017-07-04 18:39 ` Willy Tarreau
2017-07-04 18:47 ` Linus Torvalds
2017-07-04 19:03 ` Willy Tarreau
2017-07-04 16:18 ` Linus Torvalds
2017-07-04 16:27 ` John Haxby
2017-07-04 17:02 ` Willy Tarreau
2017-07-05 12:26 ` Ben Hutchings
2017-07-04 17:11 ` Willy Tarreau
2017-07-05 12:25 ` Ben Hutchings
2017-07-04 23:01 ` Ben Hutchings
2017-07-04 23:31 ` Linus Torvalds
2017-07-05 6:36 ` Michal Hocko
2017-07-05 8:14 ` Willy Tarreau
2017-07-05 8:24 ` Michal Hocko
2017-07-05 9:15 ` Willy Tarreau
2017-07-05 12:21 ` Ben Hutchings
2017-07-05 13:52 ` Willy Tarreau
2017-07-05 14:19 ` Michal Hocko
2017-07-05 16:06 ` Linus Torvalds
2017-07-06 7:34 ` Michal Hocko
2017-07-05 12:19 ` Ben Hutchings
2017-07-05 14:23 ` Michal Hocko
2017-07-05 15:25 ` Ben Hutchings
2017-07-05 15:59 ` Michal Hocko
2017-07-05 16:58 ` Ben Hutchings [this message]
2017-07-05 17:05 ` Michal Hocko
2017-07-05 17:24 ` Ben Hutchings
2017-07-05 17:15 ` Linus Torvalds
2017-07-05 23:35 ` Ben Hutchings
2017-07-05 23:51 ` Linus Torvalds
2017-07-06 8:24 ` Willy Tarreau
2017-07-06 10:11 ` Willy Tarreau
2017-07-10 2:40 ` [lkp-robot] [mm] a99d848d3b: kernel_BUG_at_mm/mmap.c kernel test robot
2017-07-05 16:15 ` [PATCH] mm: larger stack guard gap, between vmas Andy Lutomirski
2017-07-05 16:20 ` Linus Torvalds
2017-07-05 17:23 ` Andy Lutomirski
2017-07-05 19:32 ` Ben Hutchings
2017-07-05 20:40 ` Willy Tarreau
2017-07-05 20:53 ` Andy Lutomirski
2017-07-05 23:50 ` Ben Hutchings
2017-07-06 0:23 ` Andy Lutomirski
2017-07-05 23:50 ` Kees Cook
2017-07-05 23:55 ` Linus Torvalds
2017-07-06 0:31 ` Andy Lutomirski
2017-07-06 0:47 ` Linus Torvalds
2017-07-06 0:19 ` Andy Lutomirski
2017-07-06 2:45 ` Kees Cook
2017-07-06 5:23 ` Willy Tarreau
2017-07-06 5:33 ` Kevin Easton
2017-07-05 16:17 ` Linus Torvalds
2017-07-05 18:59 ` Willy Tarreau
2017-07-05 19:17 ` Linus Torvalds
2017-07-05 19:18 ` Willy Tarreau
2017-07-05 19:21 ` Linus Torvalds
2017-07-05 1:16 ` [vs-plain] " kseifried
2017-07-05 14:11 ` Solar Designer
2017-07-04 10:46 ` Michal Hocko
2017-07-04 10:51 ` Michal Hocko
2017-07-04 0:27 ` Andy Lutomirski
2017-07-04 12:26 ` [vs-plain] " John Haxby
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170705165845.GB4732@decadent.org.uk \
--to=ben@decadent.org.uk \
--cc=Jason@zx2c4.com \
--cc=deller@gmx.de \
--cc=greg@kroah.com \
--cc=hughd@google.com \
--cc=infinity0@debian.org \
--cc=james.hogan@imgtec.com \
--cc=jejb@parisc-linux.org \
--cc=kirill@shutemov.name \
--cc=labbott@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lwoodman@redhat.com \
--cc=mhocko@kernel.org \
--cc=oleg@redhat.com \
--cc=qsa@qualys.com \
--cc=riel@redhat.com \
--cc=security@kernel.org \
--cc=tony.luck@intel.com \
--cc=torvalds@linux-foundation.org \
--cc=w@1wt.eu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).