linux/Documentation
Hugh Dickins 1be7107fbe mm: larger stack guard gap, between vmas
Stack guard page is a useful feature to reduce a risk of stack smashing
into a different mapping. We have been using a single page gap which
is sufficient to prevent having stack adjacent to a different mapping.
But this seems to be insufficient in the light of the stack usage in
userspace. E.g. glibc uses as large as 64kB alloca() in many commonly
used functions. Others use constructs liks gid_t buffer[NGROUPS_MAX]
which is 256kB or stack strings with MAX_ARG_STRLEN.

This will become especially dangerous for suid binaries and the default
no limit for the stack size limit because those applications can be
tricked to consume a large portion of the stack and a single glibc call
could jump over the guard page. These attacks are not theoretical,
unfortunatelly.

Make those attacks less probable by increasing the stack guard gap
to 1MB (on systems with 4k pages; but make it depend on the page size
because systems with larger base pages might cap stack allocations in
the PAGE_SIZE units) which should cover larger alloca() and VLA stack
allocations. It is obviously not a full fix because the problem is
somehow inherent, but it should reduce attack space a lot.

One could argue that the gap size should be configurable from userspace,
but that can be done later when somebody finds that the new 1MB is wrong
for some special case applications.  For now, add a kernel command line
option (stack_guard_gap) to specify the stack gap size (in page units).

Implementation wise, first delete all the old code for stack guard page:
because although we could get away with accounting one extra page in a
stack vma, accounting a larger gap can break userspace - case in point,
a program run with "ulimit -S -v 20000" failed when the 1MB gap was
counted for RLIMIT_AS; similar problems could come with RLIMIT_MLOCK
and strict non-overcommit mode.

Instead of keeping gap inside the stack vma, maintain the stack guard
gap as a gap between vmas: using vm_start_gap() in place of vm_start
(or vm_end_gap() in place of vm_end if VM_GROWSUP) in just those few
places which need to respect the gap - mainly arch_get_unmapped_area(),
and and the vma tree's subtree_gap support for that.

Original-patch-by: Oleg Nesterov <oleg@redhat.com>
Original-patch-by: Michal Hocko <mhocko@suse.com>
Signed-off-by: Hugh Dickins <hughd@google.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Tested-by: Helge Deller <deller@gmx.de> # parisc
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2017-06-19 21:50:20 +08:00
..
ABI pci-v4.12-changes 2017-05-08 19:03:25 -07:00
DocBook char/misc patches for 4.12-rc1 2017-05-04 19:15:35 -07:00
EDID drm: use .hword to represent 16-bit numbers 2017-03-30 10:15:19 +02:00
PCI pci-v4.12-changes 2017-05-08 19:03:25 -07:00
RCU Merge branches 'doc.2017.04.12a', 'fixes.2017.04.19a' and 'srcu.2017.04.21a' into HEAD 2017-04-21 06:00:13 -07:00
accounting
acpi Merge branches 'acpi-button' and 'acpi-tools' 2017-05-22 20:29:06 +02:00
admin-guide mm: larger stack guard gap, between vmas 2017-06-19 21:50:20 +08:00
aoe
arm ARM: SoC platform updates 2017-05-09 09:49:36 -07:00
arm64 arm64: documentation: document tagged pointer stack constraints 2017-05-09 17:43:18 +01:00
auxdisplay
backlight backlight: lp855x_bl: support new LP8555 device 2013-11-13 12:09:14 +09:00
blackfin
block block, bfq: stress that low_latency must be off to get max throughput 2017-05-10 07:39:43 -06:00
blockdev remove the mg_disk driver 2017-04-14 14:00:49 -06:00
bus-devices
cdrom cdrom: Make device operations read-only 2017-02-14 08:29:56 -07:00
cgroup-v1 Merge branch 'for-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup 2017-02-27 21:41:08 -08:00
cma
connector
console
core-api docs-rst: core_api: move driver-specific stuff to drivers_api 2017-04-02 14:17:43 -06:00
cpu-freq cpufreq: intel_pstate: Document the current behavior and user interface 2017-05-14 02:06:03 +02:00
cpuidle
cris
crypto Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2017-05-03 08:50:52 -07:00
dev-tools scripts/spelling.txt: add "disble(d)" pattern and fix typo instances 2017-03-09 17:01:09 -08:00
device-mapper - A major update for DM cache that reduces the latency for deciding 2017-05-03 10:31:20 -07:00
devicetree USB fixes for 4.12-rc5 2017-06-11 11:23:10 -07:00
dmaengine
doc-guide docs-rst: automatically convert Graphviz and SVG images 2017-03-09 02:59:26 -07:00
driver-api char/misc patches for 4.12-rc1 2017-05-04 19:15:35 -07:00
driver-model PCI: Implement devm_pci_remap_cfgspace() 2017-04-24 13:53:13 -05:00
early-userspace Documentation: Fix dead URLs to ftp.kernel.org 2017-03-29 15:46:06 -06:00
extcon extcon: Remove porting compatibility of swich class 2017-04-06 10:55:24 +09:00
fault-injection net: Add support for CHANGEUPPER notifier error injection 2015-12-03 11:49:23 -05:00
fb
features powerpc updates for 4.12 part 1. 2017-05-05 11:36:44 -07:00
filesystems Tigran has moved 2017-05-12 15:57:15 -07:00
firmware_class
fmc
fpga fpga: Add scatterlist based programming 2017-02-10 15:20:44 +01:00
frv
gpio gpio: return NULL from gpiod_get_optional when GPIOLIB is disabled 2017-03-15 11:16:30 +01:00
gpu drm: Document code of conduct 2017-05-05 11:48:17 +10:00
hid Documentation: hid: fix path to input bus definitions 2017-03-13 17:15:19 -06:00
hwmon drivers: hwmon: Support for ASPEED PWM/Fan tach 2017-04-10 13:12:18 -07:00
i2c
ia64
ide
iio
infiniband IB/opa-vnic: Virtual Network Interface Controller (VNIC) documentation 2017-04-20 12:01:06 -04:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2017-05-26 16:45:13 -07:00
ioctl TEE driver infrastructure and OP-TEE drivers 2017-05-10 11:20:09 -07:00
isdn
kbuild uapi: export all arch specifics directories 2017-05-11 00:22:17 +09:00
kdump Documentation: kdump: describe arm64 port 2017-04-05 18:32:32 +01:00
laptops
leds Documentaion: leds: leds-lp55xx.txt: Fix typos 2017-03-17 13:06:14 -06:00
lightnvm lightnvm: physical block device (pblk) target 2017-04-16 10:06:33 -06:00
livepatch livepatch: allow removal of a disabled patch 2017-03-08 09:38:43 +01:00
locking
m68k
md Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md 2017-05-03 10:05:38 -07:00
media media updates for v4.12-rc1 2017-05-05 17:34:57 -07:00
memory-devices
metag
mic samples: move mic/mpssd example code from Documentation 2016-09-20 12:38:48 -06:00
mips
misc-devices Documentation: misc-devices: Add Documentation for pci-endpoint-test driver 2017-04-28 10:23:19 -05:00
mmc MMC core: 2017-05-02 17:34:32 -07:00
mn10300
mtd spi-nor: Add support for Intel SPI serial flash controller 2017-01-03 17:33:36 +00:00
namespaces
netlabel
networking net: fix up hash documentation 2017-06-07 13:00:41 -04:00
nfc
nios2
nvdimm libnvdimm, btt: update the usage section in Documentation 2016-06-17 16:23:23 -07:00
nvmem
parisc parisc: document the shadow registers 2013-07-09 22:09:19 +02:00
pcmcia
perf perf: qcom: Add L3 cache PMU driver 2017-04-03 18:53:50 +01:00
phy
platform
power A reasonably busy cycle for documentation this time around. There is a new 2017-05-02 10:21:17 -07:00
powerpc powerpc/fadump: update documentation about crashkernel parameter reuse 2017-05-08 17:15:11 -07:00
pps
prctl selftests: move prctl tests from Documentation/prctl 2016-09-20 09:09:09 -06:00
process docs: complete bumping minimal GNU Make version to 3.81 2017-05-06 18:49:09 -07:00
pti
ptp selftests: move ptp tests from Documentation/ptp 2016-09-20 09:54:38 -06:00
rapidio
s390 docs: add documentation for vfio-ccw 2017-03-31 12:55:11 +02:00
scheduler sched/Documentation: Add 'sched-pelt' tool 2017-04-14 10:26:35 +02:00
scsi scsi: make asynchronous aborts mandatory 2017-04-06 13:07:33 -04:00
security KEYS: add SP800-56A KDF support for DH 2017-04-04 22:33:38 +01:00
serial
sh
sound ALSA: hda - Update the list of quirk models 2017-05-22 16:42:02 +02:00
sparc Documentation/sparc: Steps for sending break on sunhv console 2017-02-23 08:27:25 -08:00
sphinx tmplcvt: make the tool more robust 2017-04-11 14:35:15 -06:00
sphinx-static
spi spi: spi-ep93xx: simplify GPIO chip selects 2017-02-16 20:10:26 +00:00
sysctl Replace 2 jiffies with sysctl netdev_budget_usecs to enable softirq tuning 2017-04-21 13:22:34 -04:00
target Documentation/target: add an example script to configure an iSCSI target 2017-05-01 22:21:35 -07:00
thermal Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux 2017-05-12 11:58:45 -07:00
timers time: Remove CONFIG_TIMER_STATS 2017-02-10 11:15:08 +01:00
trace New features for this release: 2017-05-03 18:41:21 -07:00
translations docs: update references to the device io book 2017-05-09 13:44:56 -06:00
usb doc-rst: fixed kernel-doc directives in usb/typec.rst 2017-05-17 11:52:44 +02:00
userspace-api docs: Convert unshare.txt to RST and add to the user-space API manual 2017-04-02 15:18:32 -06:00
virtual Second round of KVM/ARM Changes for v4.12. 2017-05-09 12:51:49 +02:00
vm Documentation/vm/transhuge.txt: fix trivial typos 2017-05-08 17:15:14 -07:00
w1 w1: add documentation for w1_ds2438 2017-03-17 15:10:49 +09:00
watchdog iTCO_wdt: all versions count down twice 2017-05-19 10:42:11 +02:00
wimax
x86 x86/intel_rdt: Fix a typo in Documentation 2017-05-09 09:41:42 +02:00
xtensa xtensa: cleanup MMU setup and kernel layout macros 2016-07-24 06:33:58 +03:00
.gitignore
00-INDEX Documentation: tee subsystem and op-tee driver 2017-03-10 14:51:57 +01:00
Changes
CodingStyle
DMA-API-HOWTO.txt
DMA-API.txt
DMA-ISA-LPC.txt Documentation: DMA-ISA-LPC.txt 2017-02-12 15:20:07 -07:00
DMA-attributes.txt
IPMI.txt
IRQ-affinity.txt
IRQ-domain.txt
IRQ.txt
Intel-IOMMU.txt
Makefile
Makefile.sphinx Add a target to check broken external links in the Documentation 2017-02-15 15:22:47 -07:00
SAK.txt
SM501.txt
SubmittingPatches
bcache.txt
bt8xxgpio.txt
btmrvl.txt
bus-virt-phys-mapping.txt
cachetlb.txt
cgroup-v2.txt mm, docs: update memory.stat description with workingset* entries 2017-05-12 15:57:16 -07:00
circular-buffers.txt
clk.txt
conf.py Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2017-05-03 12:38:20 -07:00
cpu-load.txt
cputopology.txt docs: Fix a couple typos 2017-04-27 15:54:39 -06:00
crc32.txt
dcdbas.txt
debugging-modules.txt
debugging-via-ohci1394.txt docs: Fix a couple typos 2017-04-27 15:54:39 -06:00
dell_rbu.txt
digsig.txt
docutils.conf
dontdiff
efi-stub.txt
eisa.txt
flexible-arrays.txt
futex-requeue-pi.txt
gcc-plugins.txt gcc-plugins: update architecture list in documentation 2017-03-21 22:20:05 +11:00
highuid.txt
hw_random.txt
hwspinlock.txt
index.rst docs-rst: add input docs at main index and use kernel-figure 2017-05-09 13:36:02 -06:00
intel_txt.txt
io-mapping.txt
io_ordering.txt
iostats.txt
irqflags-tracing.txt
isa.txt
isapnp.txt
kernel-doc-nano-HOWTO.txt
kernel-per-CPU-kthreads.txt
kobject.txt
kprobes.txt
kref.txt Revert "kref: double kref_put() in my_data_handler()" 2017-04-08 18:38:10 +02:00
kselftest.txt scripts/spelling.txt: add "an user" pattern and fix typo instances 2017-02-27 18:43:46 -08:00
ldm.txt
lockup-watchdogs.txt
logo.gif
logo.txt
lzo.txt
mailbox.txt
memory-barriers.txt Connect the newly RST-formatted documentation to the rest; this had to wait 2017-05-11 11:29:52 -07:00
memory-hotplug.txt scripts/spelling.txt: add "followings" pattern and fix typo instances 2017-02-27 18:43:47 -08:00
men-chameleon-bus.txt
nommu-mmap.txt
ntb.txt
numastat.txt
padata.txt
parport-lowlevel.txt
percpu-rw-semaphore.txt
phy.txt Documentation: phy: Fix repetition of word 'the' 2017-03-09 00:33:15 -07:00
pi-futex.txt
pinctrl.txt pinctrl: core: Fix pinctrl_register_and_init() with pinctrl_enable() 2017-04-07 01:08:08 +02:00
pnp.txt
preempt-locking.txt
printk-formats.txt
pwm.txt
rbtree.txt
remoteproc.txt
rfkill.txt
robust-futex-ABI.txt
robust-futexes.txt
rpmsg.txt
rtc.txt
sgi-ioc4.txt
siphash.txt
smsc_ece1099.txt
static-keys.txt docs: Fix a couple typos 2017-04-27 15:54:39 -06:00
svga.txt
switchtec.txt switchtec: Add IOCTLs to the Switchtec driver 2017-04-12 12:23:37 -05:00
sync_file.txt Documentation: sync_file.txt: Fix typos 2017-03-17 13:03:36 -06:00
tee.txt Documentation: tee subsystem and op-tee driver 2017-03-10 14:51:57 +01:00
this_cpu_ops.txt
unaligned-memory-access.txt
vfio-mediated-device.txt docs: Fix a spelling error in vfio-mediated-device.txt 2017-04-27 15:54:39 -06:00
vfio.txt
video-output.txt
xillybus.txt
xz.txt
zorro.txt docs: Fix a couple typos 2017-04-27 15:54:39 -06:00