• Kees Cook's avatar
    exec: pass stack rlimit into mm layout functions · 8f2af155
    Kees Cook authored
    Patch series "exec: Pin stack limit during exec".
    
    Attempts to solve problems with the stack limit changing during exec
    continue to be frustrated[1][2].  In addition to the specific issues
    around the Stack Clash family of flaws, Andy Lutomirski pointed out[3]
    other places during exec where the stack limit is used and is assumed to
    be unchanging.  Given the many places it gets used and the fact that it
    can be manipulated/raced via setrlimit() and prlimit(), I think the only
    way to handle this is to move away from the "current" view of the stack
    limit and instead attach it to the bprm, and plumb this down into the
    functions that need to know the stack limits.  This series implements
    the approach.
    
    [1] 04e35f44 ("exec: avoid RLIMIT_STACK races with prlimit()")
    [2] 779f4e1c ("Revert "exec: avoid RLIMIT_STACK races with prlimit()"")
    [3] to security@kernel.org, "Subject: existing rlimit races?"
    
    This patch (of 3):
    
    Since it is possible that the stack rlimit can change externally during
    exec (either via another thread calling setrlimit() or another process
    calling prlimit()), provide a way to pass the rlimit down into the
    per-architecture mm layout functions so that the rlimit can stay in the
    bprm structure instead of sitting in the signal structure until exec is
    finalized.
    
    Link: http://lkml.kernel.org/r/1518638796-20819-2-git-send-email-keescook@chromium.org
    
    Signed-off-by: default avatarKees Cook <keescook@chromium.org>
    Cc: Michal Hocko <mhocko@kernel.org>
    Cc: Ben Hutchings <ben@decadent.org.uk>
    Cc: Willy Tarreau <w@1wt.eu>
    Cc: Hugh Dickins <hughd@google.com>
    Cc: Oleg Nesterov <oleg@redhat.com>
    Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>
    Cc: Rik van Riel <riel@redhat.com>
    Cc: Laura Abbott <labbott@redhat.com>
    Cc: Greg KH <greg@kroah.com>
    Cc: Andy Lutomirski <luto@kernel.org>
    Cc: Ben Hutchings <ben.hutchings@codethink.co.uk>
    Cc: Brad Spengler <spender@grsecurity.net>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    8f2af155
util.c 19.2 KB