Received: by 10.223.176.5 with SMTP id f5csp2200221wra;
        Thu, 8 Feb 2018 10:00:47 -0800 (PST)
X-Google-Smtp-Source: AH8x225U0ezUT+lZRRpOItqRcAz6goxHAYYHuuB9b11sG1cAIIrqtOSd4EzvElNBQ/c215eBssli
X-Received: by 10.98.254.21 with SMTP id z21mr45350pfh.48.1518112846925;
        Thu, 08 Feb 2018 10:00:46 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1518112846; cv=none;
        d=google.com; s=arc-20160816;
        b=o729llddXZEdMFNxKmcT2IbwvOxlWPG4U8JZi2Q9YDgnGiA79qYDSxYD9ULHx+Bcee
         Fc+cjuxRdg6Uhrh/lT4lx5cWZoLQOqbvpw3MJAEtEW9IUebGfF69RlHvScxZ4YchrCjv
         6cdjdEbTX2RL44P9PeJairvb9jR29S8QUjSHDa+f5qo3DBe9T4QQDnkFrYfbKgmVKPTd
         G9K74Ho1XWbTbVXjMsW03rjoaG+cg8PKZezpdd5xoq2c0Oawgpygn2W+9rS2W38aEkuX
         KZj9weVlo13dIuNwLmlFPSHgI60c7bWoMJPGlsqbdpcZMQLQvxTpE+0Wxe+gOlkrZKzK
         /3Lw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:date:content-transfer-encoding
         :mime-version:references:in-reply-to:subject:cc:to:from
         :arc-authentication-results;
        bh=33MGOvvHYPxa+2kSILlN/JSr5kXs6bl0VeCORZuLIrc=;
        b=nzFMwdpxMtPkSsj5WAOa+LZxLpcQaJxAgRsodPmYagzUyL3F3OjwKIRvRE8lhZl7CD
         ZTEKMJaYXRZw37VirM4bX59R2cDcRziVEQlqeh5HDwnBh09wpKu/q+5BSslRQtBUQs0n
         3nozFc0f8GhOaB2TR17/QdMYxonCjWAlkKwkzaB/MjQcnQck6m+45kcLgpzhZt2gJr0W
         QtVNYk3FxGnwlKSNy3Xkxpt+TP7601pHBCqFGL/aoZ50i/juTh0YAfCQEplIL0PuHcXu
         vCje+GxM9//72TkNe4yx/u5QVaYz2Mp3IaQjIG5u91Y3VNm/YrNtiR/OkaSd7TDoIfQu
         geiw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=vt.edu
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id e16-v6si265157pli.776.2018.02.08.10.00.32;
        Thu, 08 Feb 2018 10:00:46 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=vt.edu
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752421AbeBHR6x (ORCPT <rfc822;huangleihappily@gmail.com>
        + 99 others); Thu, 8 Feb 2018 12:58:53 -0500
Received: from outbound.smtp.vt.edu ([198.82.183.121]:43092 "EHLO
        omr1.cc.vt.edu" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org
        with ESMTP id S1751786AbeBHR6u (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 8 Feb 2018 12:58:50 -0500
Received: from mr2.cc.vt.edu (mr2.cc.vt.edu [IPv6:2607:b400:92:8400:0:90:e077:bf22])
        by omr1.cc.vt.edu (8.14.4/8.14.4) with ESMTP id w18Hwotf016241
        for <linux-kernel@vger.kernel.org>; Thu, 8 Feb 2018 12:58:50 -0500
Received: from mail-qk0-f199.google.com (mail-qk0-f199.google.com [209.85.220.199])
        by mr2.cc.vt.edu (8.14.7/8.14.7) with ESMTP id w18Hwjeb009306
        for <linux-kernel@vger.kernel.org>; Thu, 8 Feb 2018 12:58:50 -0500
Received: by mail-qk0-f199.google.com with SMTP id a188so4310346qkg.4
        for <linux-kernel@vger.kernel.org>; Thu, 08 Feb 2018 09:58:50 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:sender:from:to:cc:subject:in-reply-to:references
         :mime-version:content-transfer-encoding:date:message-id;
        bh=33MGOvvHYPxa+2kSILlN/JSr5kXs6bl0VeCORZuLIrc=;
        b=Ii/r7653kolHXsOUgxsVUrem8pUa37bAGSasIkr76arBBTJsh0+EHfOHVX7LV9ALpb
         JpmQdq8x/eHSqmySTkCuVp8Q4raPwsrQdiTIupaaX4Nd0ZZfnNCnVN/Frs3afM3vWYaW
         L6ZSxgH9uD5c+NtKpnvNA2hyff2QUPh4cYEJFpNLFK7MdkrnC0Xmar5NVkiIraT6LB39
         JOEqE5wbdotHqlqJp+KVpGEPkAWhBmTcGf5or472ZmTyVYqLOcluvvWFO9ajltmiqvLF
         k6DD6fP33XcCLDfjlWt0oV8HK4oXsFZEk4PONhpOlVdJlhfW56pQBDmNfwOL2eJnoNcv
         Z5SQ==
X-Gm-Message-State: APf1xPAvxJDwhi2n91TV+366jQ3NcjPEIe+0jK8Cp2eS8IXVaiDFy8RL
        ypmO0+6X9rCSE/OuKZYl0hqwc5KKIWM4PuNh9Cu46EriyVUO4cnoMihXJtIWGA68loaXhlYYhdw
        /QjgHVBqAy5kKArNw0YCnbF9pyhkTV1Xw33c=
X-Received: by 10.55.166.2 with SMTP id p2mr61800qke.128.1518112724864;
        Thu, 08 Feb 2018 09:58:44 -0800 (PST)
X-Received: by 10.55.166.2 with SMTP id p2mr61780qke.128.1518112724584;
        Thu, 08 Feb 2018 09:58:44 -0800 (PST)
Received: from turing-police.cc.vt.edu ([2607:b400:24:0:601c:40c3:d398:2fc6])
        by smtp.gmail.com with ESMTPSA id l62sm402540qkl.23.2018.02.08.09.58.42
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Thu, 08 Feb 2018 09:58:43 -0800 (PST)
From:   valdis.kletnieks@vt.edu
X-Google-Original-From: Valdis.Kletnieks@vt.edu
X-Mailer: exmh version 2.8.0 04/21/2017 with nmh-1.7+dev
To:     Jann Horn <jannh@google.com>
Cc:     Matthew Wilcox <willy@infradead.org>, linux-mm@kvack.org,
        Kernel Hardening <kernel-hardening@lists.openwall.com>,
        kernel list <linux-kernel@vger.kernel.org>,
        "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Subject: Re: [RFC] Warn the user when they could overflow mapcount
In-Reply-To: <CAG48ez2-MTJ2YrS5fPZi19RY6P_6NWuK1U5CcQpJ25=xrGSy_A@mail.gmail.com>
References: <20180208021112.GB14918@bombadil.infradead.org>
 <CAG48ez2-MTJ2YrS5fPZi19RY6P_6NWuK1U5CcQpJ25=xrGSy_A@mail.gmail.com>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_1518112722_2958P";
         micalg=pgp-sha1; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Date:   Thu, 08 Feb 2018 12:58:42 -0500
Message-ID: <24367.1518112722@turing-police.cc.vt.edu>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

--==_Exmh_1518112722_2958P
Content-Type: text/plain; charset=us-ascii

On Thu, 08 Feb 2018 03:56:26 +0100, Jann Horn said:

> I wouldn't be too surprised if there are more 32-bit overflows that
> start being realistic once you put something on the order of terabytes
> of memory into one machine, given that refcount_t is 32 bits wide -
> for example, the i_count. See
> https://bugs.chromium.org/p/project-zero/issues/detail?id=809 for an
> example where, given a sufficiently high RLIMIT_MEMLOCK, it was
> possible to overflow a 32-bit refcounter on a system with just ~32GiB
> of free memory (minimum required to store 2^32 64-bit pointers).
>
> On systems with RAM on the order of terabytes, it's probably a good
> idea to turn on refcount hardening to make issues like that
> non-exploitable for now.

I have at least 10 systems across the hall that have 3T of RAM on them
across our various HPC clusters.  So this is indeed no longer a hypothetical
issue.

--==_Exmh_1518112722_2958P
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Comment: Exmh version 2.8.0 04/21/2017

iQEVAwUBWnyP0o0DS38y7CIcAQJvMwgAqINtG3XsiyureZeY7FTqdkwoqxA0BUmM
tUkyfbqu/6bfJmdPUOhV4a62wWIULi9xc/yTUcH3Ve/Y71KQVBWfz+QBeeMIihdr
Qh8b6SWWL5gViGCj0uw0d8pbwgzmX/PplJSgupP8j4tf3CyQ7FcrIBpB3p8PfocO
FINFQ/W8JiCVsTGlgmlcwAlTxTzmNP2EF7JoKp4Ugy/cBpxpN8B35/kawTBWirL4
f2OagdWoDdeyu+XyVEaBhybUuGhGVBnbYGELaaJ5A2uGfPhooVZEMzBDZbFgpesu
9jKlkll5COPF3fozpf6idD5uHYaWGUaYRw5rdH+7+eZ59JdRuYZoiw==
=eDZP
-----END PGP SIGNATURE-----

--==_Exmh_1518112722_2958P--