Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752376AbdGEIYs (ORCPT ); Wed, 5 Jul 2017 04:24:48 -0400 Received: from mx2.suse.de ([195.135.220.15]:42670 "EHLO mx1.suse.de" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1750867AbdGEIYq (ORCPT ); Wed, 5 Jul 2017 04:24:46 -0400 Date: Wed, 5 Jul 2017 10:24:41 +0200 From: Michal Hocko To: Willy Tarreau Cc: Linus Torvalds , Ben Hutchings , Hugh Dickins , Oleg Nesterov , "Jason A. Donenfeld" , Rik van Riel , Larry Woodman , "Kirill A. Shutemov" , Tony Luck , "James E.J. Bottomley" , Helge Diller , James Hogan , Laura Abbott , Greg KH , "security@kernel.org" , linux-distros@vs.openwall.org, Qualys Security Advisory , LKML , Ximin Luo Subject: Re: [PATCH] mm: larger stack guard gap, between vmas Message-ID: <20170705082441.GC14538@dhcp22.suse.cz> References: <20170704084122.GC14722@dhcp22.suse.cz> <20170704093538.GF14722@dhcp22.suse.cz> <20170704094728.GB22013@1wt.eu> <20170704104211.GG14722@dhcp22.suse.cz> <20170704113611.GA4732@decadent.org.uk> <1499209315.2707.29.camel@decadent.org.uk> <20170705063645.GA10354@dhcp22.suse.cz> <20170705081443.GA23453@1wt.eu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170705081443.GA23453@1wt.eu> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1364 Lines: 31 On Wed 05-07-17 10:14:43, Willy Tarreau wrote: > On Wed, Jul 05, 2017 at 08:36:46AM +0200, Michal Hocko wrote: > > PROT_NONE would explicitly fault but we would simply > > run over this mapping too easily and who knows what might end up below > > it. So to me the guard gap does its job here. > > I tend to think that applications that implement their own stack guard > using PROT_NONE also assume that they will never perfom unchecked stack > allocations larger than their own guard, thus the condition above should > never happen. Otherwise they're bogus and/or vulnerable by design and it > is their responsibility to fix it. > > Thus maybe if that helps we could even relax some of the stack guard > checks as soon as we meet a PROT_NONE area, allowing VMAs to be tightly > packed if the application knows what it's doing. Yes, this is what my patch does [1]. Or did I miss your point? > That wouldn't solve the libreoffice issue though, given the lower page > is RWX. unfortunatelly yes. We only have limited room to address this issue though. We could add per task (mm) stack_gap limit (controlled either via proc or prctl) and revert back to 1 page for the specific program but I would be really careful to add some more hack into the stack expansion code. [1] http://lkml.kernel.org/r/20170704093538.GF14722@dhcp22.suse.cz -- Michal Hocko SUSE Labs