From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1754604AbdGJQwx (ORCPT <rfc822;w@1wt.eu>);
        Mon, 10 Jul 2017 12:52:53 -0400
Received: from wtarreau.pck.nerim.net ([62.212.114.60]:33003 "EHLO 1wt.eu"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1754009AbdGJQww (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 10 Jul 2017 12:52:52 -0400
Date: Mon, 10 Jul 2017 18:52:14 +0200
From: Willy Tarreau <w@1wt.eu>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Kees Cook <keescook@chromium.org>, Michal Hocko <mhocko@kernel.org>,
        Andy Lutomirski <luto@kernel.org>, Ben Hutchings <ben@decadent.org.uk>,
        Hugh Dickins <hughd@google.com>, Oleg Nesterov <oleg@redhat.com>,
        "Jason A. Donenfeld" <Jason@zx2c4.com>, Rik van Riel <riel@redhat.com>,
        Larry Woodman <lwoodman@redhat.com>,
        "Kirill A. Shutemov" <kirill@shutemov.name>,
        Tony Luck <tony.luck@intel.com>,
        "James E.J. Bottomley" <jejb@parisc-linux.org>,
        Helge Diller <deller@gmx.de>, James Hogan <james.hogan@imgtec.com>,
        Laura Abbott <labbott@redhat.com>, Greg KH <greg@kroah.com>,
        "security@kernel.org" <security@kernel.org>,
        Qualys Security Advisory <qsa@qualys.com>,
        LKML <linux-kernel@vger.kernel.org>, Ximin Luo <infinity0@debian.org>
Subject: Re: [RFC][PATCH] exec: Use init rlimits for setuid exec
Message-ID: <20170710165214.GC21543@1wt.eu>
References: <20170706043235.GA36170@beast>
 <CA+55aFwwvJRTvpDBZ2KsXvRB_EWEcHesuXmHgSJFB3PTMBd1Bg@mail.gmail.com>
 <CAGXu5jJ8_tTZGmS9mA6d5G+FBy0uj8=XHrOTs15NYnDjgCE=iQ@mail.gmail.com>
 <CA+55aFz+ZexQFWwLXLprDaz-VcGCZmHed0vr-+=jsKrdMDAKLA@mail.gmail.com>
 <CAGXu5jK9U8Wo=u0N4cZY_xt9TJ5Hyd2O4buxHu5eAqjCUz-PoA@mail.gmail.com>
 <20170710084415.GE19185@dhcp22.suse.cz>
 <CAGXu5jK5m1pVSon=uGy=dLgVi89k33+Lm-XHZ4xiNY-QdUxtng@mail.gmail.com>
 <CA+55aFzuLupZf==sb80oyyATsgyWstWBqJJFs0KMpi9GjVxMvA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CA+55aFzuLupZf==sb80oyyATsgyWstWBqJJFs0KMpi9GjVxMvA@mail.gmail.com>
User-Agent: Mutt/1.6.1 (2016-04-27)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Jul 10, 2017 at 09:18:09AM -0700, Linus Torvalds wrote:
> On Mon, Jul 10, 2017 at 9:12 AM, Kees Cook <keescook@chromium.org> wrote:
> >
> > Sounds good to me, but won't large-memory users in 32-bit get annoyed?
> 
> We'll see.
> 
> I suspect that all large-memory users have long since upgraded to
> x86-64 (rule of thumb: if you are upgrading kernels today, you
> probably upgraded hardware ten years ago), and that this may be a
> non-issue today.

I tend to agree. We've been using 32-bit machines with "a lot" (=2GB)
of RAM and haproxy using something like 1.3GB in the past, and it
started to become a bit complex due to ASLR puching large holes between
each and every shared object, forcing us to stop setting strict
overcommit limits for example. We've abandonned them after kernel 3.10,
when the new models had been migrated to 64 bits a few years ago already
and I think anyone doing anything serious with memory doesn't use 32-bit
at all.

Well I know of one exception :-)  My netbook has 3 GB and is 32-bit,
running on 4.9 :

willy@eeepc:~$ uname -a
Linux eeepc 4.9.36-eeepc #1 SMP Mon Jul 10 07:33:29 CEST 2017 i686 Intel(R) Atom(TM) CPU N2800   @ 1.86GHz GenuineIntel GNU/Linux
willy@eeepc:~$ free
             total       used       free     shared    buffers     cached
Mem:       3097840     649816    2448024          0      52476     507216
-/+ buffers/cache:      90124    3007716
Swap:      1025440          0    1025440

It only runs end-user stuff (firefox) so it cannot be considered anything
serious.

Willy