From: Andrew Morton <akpm@linux-foundation.org>
To: Benjamin Blum <bblum@google.com>
Cc: Paul Menage <menage@google.com>,
lizf@cn.fujitzu.com, serue@us.ibm.com,
containers@lists.linux-foundation.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 1/2] Adds a read-only "procs" file similar to "tasks" that shows only unique tgids
Date: Thu, 2 Jul 2009 17:53:41 -0700 [thread overview]
Message-ID: <20090702175341.fd2e26d5.akpm@linux-foundation.org> (raw)
In-Reply-To: <2f86c2480907021731h13e0bb95q94f06829eded9aa6@mail.gmail.com>
On Thu, 2 Jul 2009 17:31:38 -0700 Benjamin Blum <bblum@google.com> wrote:
> On Thu, Jul 2, 2009 at 4:46 PM, Andrew Morton<akpm@linux-foundation.org> wrote:
> >> +/**
> >> + * pidlist_uniq - given a kmalloc()ed list, strip out all duplicate entries
> >> + * returns -ENOMEM if the malloc fails; 0 on success
> >> + */
> >
> > The comment purports to be kerneldoc ("/**") but didn't document the
> > function's arguments.
>
> Wasn't aware of that restriction. Recommend making
> scripts/checkpatch.pl look for that sort of thing?
ooh, hard.
Probably the kerneldoc parsing tools are the place to do this checking
- there's no point in duplicating it. But they might not be smart
enough to detect missing arguments.
> >> + __ __ list = *p;
> >> + __ __ /*
> >> + __ __ __* we presume the 0th element is unique, so i starts at 1. trivial
> >> + __ __ __* edge cases first; no work needs to be done for either
> >> + __ __ __*/
> >> + __ __ if (*length == 0 || *length == 1)
> >> + __ __ __ __ __ __ return 0;
> >> + __ __ for (i = 1; i < *length; i++) {
> >> + __ __ __ __ __ __ BUG_ON(list[i] == PIDLIST_VALUE_NONE);
> >> + __ __ __ __ __ __ if (list[i] == list[last]) {
> >> + __ __ __ __ __ __ __ __ __ __ list[i] = PIDLIST_VALUE_NONE;
> >> + __ __ __ __ __ __ } else {
> >> + __ __ __ __ __ __ __ __ __ __ last = i;
> >> + __ __ __ __ __ __ __ __ __ __ count++;
> >> + __ __ __ __ __ __ }
> >> + __ __ }
Someone's email client is doing s/0x20/0xa0/grr
> >> + __ __ newlist = kmalloc(count * sizeof(pid_t), GFP_KERNEL);
> >
> > What is the maximum possible value of `count' here?
> >
> > Is there any way in which malicious code can exploit the potential
> > multiplicative overflow in this statement? __(kcalloc() checks for
> > this).
> >> + __ __ /*
> >> + __ __ __* If cgroup gets more users after we read count, we won't have
> >> + __ __ __* enough space - tough. __This race is indistinguishable to the
> >> + __ __ __* caller from the case that the additional cgroup users didn't
> >> + __ __ __* show up until sometime later on.
> >> + __ __ __*/
> >> + __ __ length = cgroup_task_count(cgrp);
> >> + __ __ array = kmalloc(length * sizeof(pid_t), GFP_KERNEL);
> >
> > max size?
> >
> > overflowable?
>
> In the first snippet, count will be at most equal to length. As length
> is determined from cgroup_task_count, it can be no greater than the
> total number of pids on the system.
Well that's a problem, because there can be tens or hundreds of
thousands of pids, and there's a fairly low maximum size for kmalloc()s
(include/linux/kmalloc_sizes.h).
And even if this allocation attempt doesn't exceed KMALLOC_MAX_SIZE,
large allocations are less unreliable. There is a large break point at
8*PAGE_SIZE (PAGE_ALLOC_COSTLY_ORDER).
It would be really nice if we could avoid "fixing" this via vmalloc().
Because vmalloc() causes, and is vulnerable to internal fragmentation
problems.
> (Also, the second snippet of code
> was there before, just relocated, so if there's an overflow bug in
> either it'll have already been there.)
>
> >> @@ -2389,21 +2457,27 @@ static int cgroup_write_notify_on_release(struct cgroup *cgrp,
> >> __/*
> >> __ * for the common functions, 'private' gives the type of file
> >> __ */
> >> +/* for hysterical reasons, we can't put this on the older files */
> >
> > "raisins" ;)
>
> They keys are right next to each other, I promise.
>
> There was a bit of discussion on how to name these files. Paul wanted
> to start naming the generic cgroup files with the "cgroup." prefix,
> but we can't change "tasks" and "notify_on_release" etc. We decided to
> use the new name format but only for the new file - can anything be
> done about the other ones, or do they have to stay as is?
One could perhaps create an alias (symlink?) and leave that in place
for a few kernel releases and then remove the old names. The trick to
doing this politely is to arrange for a friendly printk to come out
when userspace uses the old filename, so people know to change their
tools. That printk should come out once-per-boot, not once-per-access.
next prev parent reply other threads:[~2009-07-03 0:53 UTC|newest]
Thread overview: 85+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-07-02 23:26 [PATCH 0/2] CGroups: cgroup member list enhancement/fix Paul Menage
[not found] ` <20090702231814.3969.44308.stgit-u3IScbYxn0zHt/MElyovVYaSKrA+ACpX0E9HWUfgJXw@public.gmane.org>
2009-07-02 23:26 ` [PATCH 1/2] Adds a read-only "procs" file similar to "tasks" that shows only unique tgids Paul Menage
2009-07-02 23:26 ` Paul Menage
[not found] ` <20090702232620.3969.16680.stgit-u3IScbYxn0zHt/MElyovVYaSKrA+ACpX0E9HWUfgJXw@public.gmane.org>
2009-07-02 23:46 ` Andrew Morton
2009-07-02 23:46 ` Andrew Morton
2009-07-03 0:31 ` Benjamin Blum
[not found] ` <2f86c2480907021731h13e0bb95q94f06829eded9aa6-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2009-07-03 0:53 ` Andrew Morton
2009-07-03 0:53 ` Andrew Morton [this message]
[not found] ` <20090702175341.fd2e26d5.akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>
2009-07-03 1:08 ` Paul Menage
2009-07-03 1:08 ` Paul Menage
2009-07-03 1:17 ` Benjamin Blum
2009-07-03 2:08 ` Andrew Morton
[not found] ` <20090702190845.0cafc46a.akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>
2009-07-03 4:16 ` Paul Menage
2009-07-03 4:16 ` Paul Menage
[not found] ` <6599ad830907022116n7a711c7fs52ff9b400ec8797f-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2009-07-03 6:55 ` Andrew Morton
2009-07-03 6:55 ` Andrew Morton
2009-07-03 7:54 ` KAMEZAWA Hiroyuki
2009-07-03 16:11 ` Paul Menage
2009-07-03 16:50 ` Andrew Morton
2009-07-03 17:54 ` Paul Menage
[not found] ` <6599ad830907031054x74d90149y38aae60afa403d58-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2009-07-03 18:10 ` Andrew Morton
2009-07-03 18:10 ` Andrew Morton
[not found] ` <20090703111016.ceb28541.akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>
2009-07-15 8:33 ` Eric W. Biederman
2009-07-15 8:33 ` Eric W. Biederman
[not found] ` <m1ocrm73cu.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2009-07-15 16:18 ` Paul Menage
2009-07-15 16:18 ` Paul Menage
[not found] ` <20090703095000.cf46ad19.akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>
2009-07-03 17:54 ` Paul Menage
[not found] ` <6599ad830907030911m6176dc59id3a7d897b03d2bd-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2009-07-03 16:50 ` Andrew Morton
[not found] ` <20090702235527.7ddc873c.akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>
2009-07-03 7:54 ` KAMEZAWA Hiroyuki
2009-07-03 16:11 ` Paul Menage
[not found] ` <2f86c2480907021817o79fce75yd9785aab682f7bb4-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2009-07-03 2:08 ` Andrew Morton
2009-07-03 2:25 ` Matt Helsley
2009-07-03 2:25 ` Matt Helsley
2009-07-03 3:49 ` Paul Menage
2009-07-03 7:08 ` Benjamin Blum
[not found] ` <20090703022553.GJ19135-52DBMbEzqgQ/wnmkkaCWp/UQ3DHhIser@public.gmane.org>
2009-07-03 3:49 ` Paul Menage
2009-07-03 7:08 ` Benjamin Blum
[not found] ` <6599ad830907021808o6f3bb51eh324e4bf13544d83e-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2009-07-03 1:17 ` Benjamin Blum
2009-07-03 1:30 ` Andrew Morton
2009-07-03 1:30 ` Andrew Morton
2009-07-03 5:54 ` KAMEZAWA Hiroyuki
2009-07-03 15:52 ` Paul Menage
[not found] ` <6599ad830907030852p2cd667e3m353d68448e0cdc6a-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2009-07-04 2:07 ` KAMEZAWA Hiroyuki
2009-07-04 2:07 ` KAMEZAWA Hiroyuki
[not found] ` <3f9558558c68d9e2fe00f7c7681c3764.squirrel-n3SY6/QrmYVJe+uFzlzAcYO9/linGGC/AL8bYrjMMd8@public.gmane.org>
2009-07-04 16:10 ` Paul Menage
2009-07-04 16:10 ` Paul Menage
[not found] ` <6599ad830907040910k5c9d720bqafdf596bbc005783-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2009-07-05 23:53 ` KAMEZAWA Hiroyuki
2009-07-05 23:53 ` KAMEZAWA Hiroyuki
[not found] ` <20090703145441.f526793f.kamezawa.hiroyu-+CUm20s59erQFUHtdCDX3A@public.gmane.org>
2009-07-03 15:52 ` Paul Menage
[not found] ` <20090702183004.1e3f4315.akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>
2009-07-03 5:54 ` KAMEZAWA Hiroyuki
[not found] ` <20090702164649.303c4952.akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>
2009-07-03 0:31 ` Benjamin Blum
2009-07-02 23:26 ` [PATCH 2/2] Ensures correct concurrent opening/reading of pidlists across pid namespaces Paul Menage
2009-07-02 23:26 ` Paul Menage
[not found] ` <20090702232625.3969.54444.stgit-u3IScbYxn0zHt/MElyovVYaSKrA+ACpX0E9HWUfgJXw@public.gmane.org>
2009-07-02 23:54 ` Andrew Morton
2009-07-02 23:54 ` Andrew Morton
[not found] ` <20090702165413.f4a21471.akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>
2009-07-03 0:22 ` Paul Menage
2009-07-03 0:22 ` Paul Menage
[not found] ` <6599ad830907021722x7b012991i1eca056bc72c010c-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2009-07-03 0:26 ` Paul Menage
2009-07-03 0:26 ` Paul Menage
2009-07-03 0:43 ` Benjamin Blum
2009-07-03 0:43 ` Benjamin Blum
2009-07-03 1:15 ` [PATCH 0/2] CGroups: cgroup member list enhancement/fix Li Zefan
2009-07-05 6:38 ` Balbir Singh
2009-07-03 1:15 ` Li Zefan
2009-07-05 6:38 ` Balbir Singh
2009-07-10 23:58 ` Paul Menage
[not found] ` <6599ad830907101658i13e4046br70377a487dd6b49b-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2009-07-13 12:11 ` Balbir Singh
2009-07-13 12:11 ` Balbir Singh
2009-07-13 16:26 ` Paul Menage
2009-07-14 5:56 ` Balbir Singh
[not found] ` <20090714055638.GI5051-SINUvgVNF2CyUtPGxGje5AC/G2K4zDHf@public.gmane.org>
2009-07-14 6:49 ` Paul Menage
2009-07-14 6:49 ` Paul Menage
2009-07-14 7:16 ` Balbir Singh
[not found] ` <20090714071617.GK5051-SINUvgVNF2CyUtPGxGje5AC/G2K4zDHf@public.gmane.org>
2009-07-14 17:34 ` Benjamin Blum
2009-07-14 17:34 ` Benjamin Blum
[not found] ` <2f86c2480907141034r5a985cfue9e8fdf64ad28465-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2009-07-14 17:43 ` Paul Menage
2009-07-14 17:43 ` Paul Menage
2009-07-14 20:38 ` Paul Menage
2009-07-14 23:08 ` Matt Helsley
[not found] ` <6599ad830907141338t794e60admf81807b381c46e41-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2009-07-14 23:08 ` Matt Helsley
[not found] ` <6599ad830907141043s1c16d5c9saad9118c210ecef4-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2009-07-14 20:38 ` Paul Menage
[not found] ` <6599ad830907132349u6cf52060t4fafb6637cbe4ed1-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2009-07-14 7:16 ` Balbir Singh
[not found] ` <6599ad830907130926v7788af12hdcd76e4ccb3ab6de-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2009-07-14 5:56 ` Balbir Singh
[not found] ` <20090713121138.GC5051-SINUvgVNF2CyUtPGxGje5AC/G2K4zDHf@public.gmane.org>
2009-07-13 16:26 ` Paul Menage
[not found] ` <20090705063850.GX11273-SINUvgVNF2CyUtPGxGje5AC/G2K4zDHf@public.gmane.org>
2009-07-10 23:58 ` Paul Menage
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090702175341.fd2e26d5.akpm@linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=bblum@google.com \
--cc=containers@lists.linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lizf@cn.fujitzu.com \
--cc=menage@google.com \
--cc=serue@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.