exec: Limit arg stack to at most 75% of _STK_LIM

To avoid pathological stack usage or the need to special-case setuid
execs, just limit all arg stack usage to at most 75% of _STK_LIM (6MB).

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

1 files changed, 6 insertions, 5 deletions

diff --git a/fs/exec.c b/fs/exec.c
index 904199086490..62175cbcc801 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -220,8 +220,7 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
 
         if (write) {
                 unsigned long size = bprm->vma->vm_end - bprm->vma->vm_start;
-                unsigned long ptr_size;
-                struct rlimit *rlim;
+                unsigned long ptr_size, limit;
 
                 /*
                  * Since the stack will hold pointers to the strings, we
@@ -250,14 +249,16 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
                         return page;
 
                 /*
-                 * Limit to 1/4-th the stack size for the argv+env strings.
+                 * Limit to 1/4 of the max stack size or 3/4 of _STK_LIM
+                 * (whichever is smaller) for the argv+env strings.
                  * This ensures that:
                  *  - the remaining binfmt code will not run out of stack space,
                  *  - the program will have a reasonable amount of stack left
                  *    to work from.
                  */
-                rlim = current->signal->rlim;
-                if (size > READ_ONCE(rlim[RLIMIT_STACK].rlim_cur) / 4)
+                limit = _STK_LIM / 4 * 3;
+                limit = min(limit, rlimit(RLIMIT_STACK) / 4);
+                if (size > limit)
                         goto fail;
         }