Re: [PATCH] mm: optionally disable brk()

[Topi Miettinen]

On 5.10.2020 12.13, David Hildenbrand wrote:
> On 05.10.20 08:12, Michal Hocko wrote:
> > On Sat 03-10-20 00:44:09, Topi Miettinen wrote:
> > > On 2.10.2020 20.52, David Hildenbrand wrote:
> > > > On 02.10.20 19:19, Topi Miettinen wrote:
> > > > > The brk() system call allows to change data segment size (heap). This
> > > > > is mainly used by glibc for memory allocation, but it can use mmap()
> > > > > and that results in more randomized memory mappings since the heap is
> > > > > always located at fixed offset to program while mmap()ed memory is
> > > > > randomized.
> > > >
> > > > Want to take more Unix out of Linux?
> > > >
> > > > Honestly, why care about disabling? User space can happily use mmap() if
> > > > it prefers.
> > >
> > > brk() interface doesn't seem to be used much and glibc is happy to switch to
> > > mmap() if brk() fails, so why not allow disabling it optionally? If you
> > > don't care to disable, don't do it and this is even the default.
> >
> > I do not think we want to have config per syscall, do we?
>
> I do wonder if grouping would be a better option then (finding a proper
> level of abstraction ...).

If hardening and compatibility are seen as tradeoffs, perhaps there 
could be a top level config choice (CONFIG_HARDENING_TRADEOFF) for this. 
It would have options
- "compatibility" (default) to gear questions for maximum compatibility, 
deselecting any hardening options which reduce compatibility
- "hardening" to gear questions for maximum hardening, deselecting any 
compatibility options which reduce hardening
- "none/manual": ask all questions like before

-Topi