linux/arch/arm
Kees Cook 8f2af155b5 exec: pass stack rlimit into mm layout functions
Patch series "exec: Pin stack limit during exec".

Attempts to solve problems with the stack limit changing during exec
continue to be frustrated[1][2].  In addition to the specific issues
around the Stack Clash family of flaws, Andy Lutomirski pointed out[3]
other places during exec where the stack limit is used and is assumed to
be unchanging.  Given the many places it gets used and the fact that it
can be manipulated/raced via setrlimit() and prlimit(), I think the only
way to handle this is to move away from the "current" view of the stack
limit and instead attach it to the bprm, and plumb this down into the
functions that need to know the stack limits.  This series implements
the approach.

[1] 04e35f4495 ("exec: avoid RLIMIT_STACK races with prlimit()")
[2] 779f4e1c6c ("Revert "exec: avoid RLIMIT_STACK races with prlimit()"")
[3] to security@kernel.org, "Subject: existing rlimit races?"

This patch (of 3):

Since it is possible that the stack rlimit can change externally during
exec (either via another thread calling setrlimit() or another process
calling prlimit()), provide a way to pass the rlimit down into the
per-architecture mm layout functions so that the rlimit can stay in the
bprm structure instead of sitting in the signal structure until exec is
finalized.

Link: http://lkml.kernel.org/r/1518638796-20819-2-git-send-email-keescook@chromium.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: Ben Hutchings <ben@decadent.org.uk>
Cc: Willy Tarreau <w@1wt.eu>
Cc: Hugh Dickins <hughd@google.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Laura Abbott <labbott@redhat.com>
Cc: Greg KH <greg@kroah.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Ben Hutchings <ben.hutchings@codethink.co.uk>
Cc: Brad Spengler <spender@grsecurity.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-04-11 10:28:37 -07:00
..
boot Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-04-09 17:04:10 -07:00
common Merge branches 'fixes', 'misc', 'sa1111' and 'sa1100-for-next' into for-next 2018-01-21 15:38:10 +00:00
configs ARM: multi_v7_defconfig: add NXP FlexCAN IP support 2018-03-27 15:38:31 +02:00
crypto crypto: arm,arm64 - Fix random regeneration of S_shipped 2018-03-23 23:43:19 +08:00
firmware
include ARM: 2018-04-09 11:42:31 -07:00
kernel Merge branch 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm 2018-04-09 09:19:30 -07:00
kvm kvm/arm fixes for 4.16, take 2 2018-03-19 17:43:01 +00:00
lib Merge branches 'fixes', 'misc', 'sa1111' and 'sa1100-for-next' into for-next 2018-01-21 15:38:10 +00:00
mach-actions ARM: SoC platform updates for 4.15 2017-11-16 14:05:12 -08:00
mach-alpine License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mach-artpec
mach-asm9260
mach-aspeed
mach-at91 ARM: at91: Kconfig: Update company to Microchip 2018-02-28 16:21:51 +01:00
mach-axxia License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mach-bcm soc: brcmstb: biuctrl: Move to early_initcall 2017-12-20 17:37:44 -08:00
mach-berlin
mach-clps711x ARM: clps711x: mark clps711x_compat as const 2018-02-22 17:42:42 +01:00
mach-cns3xxx License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mach-davinci ARM: SoC platform updates for 4.17 2018-04-05 21:21:08 -07:00
mach-digicolor License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mach-dove License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mach-ebsa110 License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mach-efm32 License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mach-ep93xx ARM: ep93xx: ts72xx: Add support for BK3 board - ts72xx derivative 2017-12-13 22:26:10 +01:00
mach-exynos ARM: EXYNOS: Simplify code in coupled CPU idle hot path 2018-03-21 18:51:39 +01:00
mach-footbridge Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-13 17:56:58 -08:00
mach-gemini License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mach-highbank License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mach-hisi License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mach-imx ARM: SoC platform updates for 4.17 2018-04-05 21:21:08 -07:00
mach-integrator ARM: SoC platform updates for 4.15 2017-11-16 14:05:12 -08:00
mach-iop13xx License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mach-iop32x treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
mach-iop33x License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mach-ixp4xx w1: w1-gpio: Convert to use GPIO descriptors 2017-12-08 15:32:53 +01:00
mach-keystone License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mach-ks8695 Merge branch 'i2c/for-4.15' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2017-11-14 17:52:21 -08:00
mach-lpc18xx
mach-lpc32xx
mach-mediatek ARM: mediatek: use more generic prompts for SoCs with ARMv7 2017-12-20 15:48:18 +01:00
mach-meson Amlogic 32-bit DT changes for v4.16 2017-12-21 16:37:34 +01:00
mach-mmp mtd: nand: remove useless fields from pxa3xx NAND platform data 2018-03-02 21:51:41 +01:00
mach-moxart
mach-mv78xx0 License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mach-mvebu ARM: mvebu: Fix broken PL310_ERRATA_753970 selects 2018-02-13 16:39:51 +01:00
mach-mxs
mach-netx
mach-nomadik
mach-npcm arm: npcm: modify configuration for the NPCM7xx BMC. 2018-04-05 14:49:08 +02:00
mach-nspire ARM: nspire: Remove unneeded nspire_map_io() 2018-03-07 16:07:35 +01:00
mach-omap1 Move omap timer to drivers for 4.17 2018-03-07 16:16:07 +01:00
mach-omap2 ARM: omap2: fix am43xx build without L2X0 2018-04-05 11:06:41 +02:00
mach-orion5x ARM: orion5x: Revert commit 4904dbda41. 2018-02-26 13:41:47 -05:00
mach-oxnas
mach-picoxcell
mach-prima2 License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mach-pxa ARM: SoC platform updates for 4.17 2018-04-05 21:21:08 -07:00
mach-qcom
mach-realview
mach-rockchip ARM: rockchip: Set name of pmu regmap_config in smp code 2018-03-12 11:09:36 +01:00
mach-rpc License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mach-s3c24xx spi: spi-gpio: Rewrite to use GPIO descriptors 2018-02-14 16:02:41 +00:00
mach-s3c64xx spi: spi-gpio: Rewrite to use GPIO descriptors 2018-02-14 16:02:41 +00:00
mach-s5pv210 ARM: S5PV210: Add SPDX license identifiers 2018-01-03 18:43:04 +01:00
mach-sa1100 ARM: sa1100/simpad: switch simpad CF to use gpiod APIs 2018-04-06 15:53:22 +01:00
mach-shmobile ARM: shmobile: rcar-gen2: Add watchdog support 2018-03-13 20:54:16 +01:00
mach-socfpga ARM: socfpga: PM: Drop useless check for PM_SUSPEND_STANDBY 2018-03-07 16:08:20 +01:00
mach-spear License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mach-sti
mach-stm32 ARM: stm32: restore reboot capabilities 2018-03-05 09:11:58 +01:00
mach-sunxi ARM: sunxi: mc-smp: Split out SoC-specific device node lookup sequence 2018-03-10 16:14:57 +08:00
mach-tango License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mach-tegra Merge branch 'linus' into locking/core, to resolve conflicts 2017-11-07 10:32:44 +01:00
mach-u300 License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mach-uniphier kbuild: remove all dummy assignments to obj- 2017-11-18 11:46:06 +09:00
mach-ux500 ARM: ux500: Fix PMU IRQ regression 2018-03-07 16:42:38 +01:00
mach-versatile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mach-vexpress ARM: SoC platform updates for 4.15 2017-11-16 14:05:12 -08:00
mach-vt8500 arm: vt8500: kconfig: Remove blank help text 2018-02-02 23:53:10 +09:00
mach-w90x900 License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mach-zx License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mach-zynq License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mm exec: pass stack rlimit into mm layout functions 2018-04-11 10:28:37 -07:00
net bpf, arm: remove obsolete exception handling from div/mod 2018-01-26 16:42:07 -08:00
nwfpe License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
oprofile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
plat-iop License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
plat-omap ARM: SoC platform updates for 4.17 2018-04-05 21:21:08 -07:00
plat-orion ARM: orion: fix orion_ge00_switch_board_info initialization 2018-02-22 17:48:39 +01:00
plat-pxa
plat-samsung ARM: SAMSUNG: Add SPDX license identifiers 2018-01-03 18:43:13 +01:00
plat-versatile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
probes ARM: probes: avoid adding kprobes to sensitive kernel-entry/exit code 2017-12-17 22:14:21 +00:00
tools ARM: ep93xx: ts72xx: Add support for BK3 board - ts72xx derivative 2017-12-13 22:26:10 +01:00
vdso Merge branch 'linus' into locking/core, to resolve conflicts 2017-11-07 10:32:44 +01:00
vfp ARM: 8746/1: vfp: Go back to clearing vfp_current_hw_state[] 2018-03-24 14:27:48 +00:00
xen xen: re-introduce support for grant v2 interface 2017-11-06 15:50:17 -05:00
Kconfig Merge branch 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm 2018-04-09 09:19:30 -07:00
Kconfig-nommu Merge branch 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm 2017-11-16 12:50:35 -08:00
Kconfig.debug ARM: 8747/1: make CONFIG_DEBUG_WX depend on MMU 2018-03-24 14:27:48 +00:00
Makefile arm: npcm: add basic support for Nuvoton BMCs 2018-03-06 17:54:23 +01:00