Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752264AbdGETAW (ORCPT ); Wed, 5 Jul 2017 15:00:22 -0400 Received: from wtarreau.pck.nerim.net ([62.212.114.60]:54138 "EHLO 1wt.eu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751772AbdGETAV (ORCPT ); Wed, 5 Jul 2017 15:00:21 -0400 Date: Wed, 5 Jul 2017 20:59:37 +0200 From: Willy Tarreau To: Linus Torvalds Cc: Ben Hutchings , Michal Hocko , Hugh Dickins , Oleg Nesterov , "Jason A. Donenfeld" , Rik van Riel , Larry Woodman , "Kirill A. Shutemov" , Tony Luck , "James E.J. Bottomley" , Helge Diller , James Hogan , Laura Abbott , Greg KH , "security@kernel.org" , Qualys Security Advisory , LKML , Ximin Luo Subject: Re: [PATCH] mm: larger stack guard gap, between vmas Message-ID: <20170705185937.GB24459@1wt.eu> References: <20170704084122.GC14722@dhcp22.suse.cz> <20170704093538.GF14722@dhcp22.suse.cz> <20170704094728.GB22013@1wt.eu> <20170704104211.GG14722@dhcp22.suse.cz> <20170704113611.GA4732@decadent.org.uk> <1499209315.2707.29.camel@decadent.org.uk> <1499257180.2707.34.camel@decadent.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.6.1 (2016-04-27) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1012 Lines: 21 On Wed, Jul 05, 2017 at 09:17:59AM -0700, Linus Torvalds wrote: (...) > The good news is that this is probably specialized enough that we can > just keep the defaults as "will break this one case, but we give > people the tools to work around it". > > I hate doing that, but distros that still support 32-bit (which is > apparently a shrinking number) can maybe hack the libreoffice launch > scripts up? Don't you think that the option of having a sysctl to relax the check per task wouldn't be easier for distros and safer overall ? Ie, emit a warning the first time the gap is hit instead of segfaulting, then reduce it to something that used to work (4k or 64k, I don't remember) and try again ? It would quickly report all these "special" programs for end-user distros, without leaving too much room for attacks due to the warning making it pretty obvious what's going on. I just don't know how to place this stack gap per process but since this was already discussed for prctl I think it's doable. Willy