public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: Willy Tarreau <w@1wt.eu>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Kees Cook <keescook@chromium.org>,
	Michal Hocko <mhocko@kernel.org>,
	Andy Lutomirski <luto@kernel.org>,
	Ben Hutchings <ben@decadent.org.uk>,
	Hugh Dickins <hughd@google.com>, Oleg Nesterov <oleg@redhat.com>,
	"Jason A. Donenfeld" <Jason@zx2c4.com>,
	Rik van Riel <riel@redhat.com>,
	Larry Woodman <lwoodman@redhat.com>,
	"Kirill A. Shutemov" <kirill@shutemov.name>,
	Tony Luck <tony.luck@intel.com>,
	"James E.J. Bottomley" <jejb@parisc-linux.org>,
	Helge Diller <deller@gmx.de>,
	James Hogan <james.hogan@imgtec.com>,
	Laura Abbott <labbott@redhat.com>, Greg KH <greg@kroah.com>,
	"security@kernel.org" <security@kernel.org>,
	Qualys Security Advisory <qsa@qualys.com>,
	LKML <linux-kernel@vger.kernel.org>,
	Ximin Luo <infinity0@debian.org>
Subject: Re: [RFC][PATCH] exec: Use init rlimits for setuid exec
Date: Mon, 10 Jul 2017 18:52:14 +0200	[thread overview]
Message-ID: <20170710165214.GC21543@1wt.eu> (raw)
In-Reply-To: <CA+55aFzuLupZf==sb80oyyATsgyWstWBqJJFs0KMpi9GjVxMvA@mail.gmail.com>

On Mon, Jul 10, 2017 at 09:18:09AM -0700, Linus Torvalds wrote:
> On Mon, Jul 10, 2017 at 9:12 AM, Kees Cook <keescook@chromium.org> wrote:
> >
> > Sounds good to me, but won't large-memory users in 32-bit get annoyed?
> 
> We'll see.
> 
> I suspect that all large-memory users have long since upgraded to
> x86-64 (rule of thumb: if you are upgrading kernels today, you
> probably upgraded hardware ten years ago), and that this may be a
> non-issue today.

I tend to agree. We've been using 32-bit machines with "a lot" (=2GB)
of RAM and haproxy using something like 1.3GB in the past, and it
started to become a bit complex due to ASLR puching large holes between
each and every shared object, forcing us to stop setting strict
overcommit limits for example. We've abandonned them after kernel 3.10,
when the new models had been migrated to 64 bits a few years ago already
and I think anyone doing anything serious with memory doesn't use 32-bit
at all.

Well I know of one exception :-)  My netbook has 3 GB and is 32-bit,
running on 4.9 :

willy@eeepc:~$ uname -a
Linux eeepc 4.9.36-eeepc #1 SMP Mon Jul 10 07:33:29 CEST 2017 i686 Intel(R) Atom(TM) CPU N2800   @ 1.86GHz GenuineIntel GNU/Linux
willy@eeepc:~$ free
             total       used       free     shared    buffers     cached
Mem:       3097840     649816    2448024          0      52476     507216
-/+ buffers/cache:      90124    3007716
Swap:      1025440          0    1025440

It only runs end-user stuff (firefox) so it cannot be considered anything
serious.

Willy

  reply	other threads:[~2017-07-10 16:52 UTC|newest]

Thread overview: 36+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-07-06  4:32 [RFC][PATCH] exec: Use init rlimits for setuid exec Kees Cook
2017-07-06  4:59 ` Andy Lutomirski
2017-07-06 12:45   ` Eric W. Biederman
2017-07-06 15:27     ` Andy Lutomirski
2017-07-06  5:47 ` Willy Tarreau
2017-07-06 12:38 ` Eric W. Biederman
2017-07-06 15:30   ` Andy Lutomirski
2017-07-06 16:34 ` Linus Torvalds
2017-07-06 16:50   ` Linus Torvalds
2017-07-06 17:29   ` Kees Cook
2017-07-06 17:52     ` Linus Torvalds
2017-07-06 19:12       ` Kees Cook
2017-07-07  4:48         ` Andy Lutomirski
2017-07-07  5:03           ` Linus Torvalds
2017-07-07  5:10           ` Kees Cook
2017-07-07  5:15             ` Kees Cook
2017-07-07  5:36               ` Andy Lutomirski
2017-07-07  5:45                 ` Kees Cook
2017-07-07  6:02                   ` Linus Torvalds
2017-07-07  6:10                     ` Kees Cook
2017-07-07 16:06                       ` Linus Torvalds
2017-07-07 18:28                         ` Kees Cook
2017-07-07 14:48                   ` Andy Lutomirski
2017-07-07  5:39               ` Linus Torvalds
2017-07-07  5:49                 ` Kees Cook
2017-07-07  6:40                   ` Kees Cook
2017-07-07 16:22                     ` Linus Torvalds
2017-07-07 18:27                       ` Kees Cook
2017-07-10  8:44         ` Michal Hocko
2017-07-10 16:12           ` Kees Cook
2017-07-10 16:18             ` Linus Torvalds
2017-07-10 16:52               ` Willy Tarreau [this message]
2017-07-10 16:27             ` Michal Hocko
2017-07-10 18:16               ` Michal Hocko
2017-07-10 18:29                 ` Rik van Riel
2017-07-12 23:50   ` Alan Cox

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170710165214.GC21543@1wt.eu \
    --to=w@1wt.eu \
    --cc=Jason@zx2c4.com \
    --cc=ben@decadent.org.uk \
    --cc=deller@gmx.de \
    --cc=greg@kroah.com \
    --cc=hughd@google.com \
    --cc=infinity0@debian.org \
    --cc=james.hogan@imgtec.com \
    --cc=jejb@parisc-linux.org \
    --cc=keescook@chromium.org \
    --cc=kirill@shutemov.name \
    --cc=labbott@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@kernel.org \
    --cc=lwoodman@redhat.com \
    --cc=mhocko@kernel.org \
    --cc=oleg@redhat.com \
    --cc=qsa@qualys.com \
    --cc=riel@redhat.com \
    --cc=security@kernel.org \
    --cc=tony.luck@intel.com \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox