From: Manfred Spraul <manfred@colorfullife.com>
To: Davidlohr Bueso <davidlohr@hp.com>,
Andrew Morton <akpm@linux-foundation.org>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>,
KOSAKI Motohiro <kosaki.motohiro@gmail.com>,
Kamezawa Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>,
Greg Thelen <gthelen@google.com>,
aswin@hp.com, LKML <linux-kernel@vger.kernel.org>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
linux-api@vger.kernel.org
Subject: Re: [PATCH v3] ipc,shm: disable shmmax and shmall by default
Date: Fri, 18 Apr 2014 11:26:02 +0200 [thread overview]
Message-ID: <5350EFAA.2030607@colorfullife.com> (raw)
In-Reply-To: <1397784345.2556.26.camel@buesod1.americas.hpqcorp.net>
Hi Davidlohr,
On 04/18/2014 03:25 AM, Davidlohr Bueso wrote:
> So a value of 0 bytes or pages, for shmmax and shmall, respectively,
> implies unlimited memory, as opposed to disabling sysv shared memory.
That might be a second risk:
Right now, a sysadmin can prevent sysv memory allocations with
# sysctl kernel.shmall=0
After your patch is applied, this line allows unlimited allocations.
Obviously my patch has the opposite problem: 64-bit wrap-arounds.
> --- a/include/uapi/linux/shm.h
> +++ b/include/uapi/linux/shm.h
> @@ -9,14 +9,14 @@
>
> /*
> * SHMMAX, SHMMNI and SHMALL are upper limits are defaults which can
> - * be increased by sysctl
> + * be modified by sysctl. By default, disable SHMMAX and SHMALL with
> + * 0 bytes, thus allowing processes to have unlimited shared memory.
> */
> -
> -#define SHMMAX 0x2000000 /* max shared seg size (bytes) */
> +#define SHMMAX 0 /* max shared seg size (bytes) */
> #define SHMMIN 1 /* min shared seg size (bytes) */
> #define SHMMNI 4096 /* max num of segs system wide */
> #ifndef __KERNEL__
> -#define SHMALL (SHMMAX/getpagesize()*(SHMMNI/16))
> +#define SHMALL 0
> #endif
> #define SHMSEG SHMMNI /* max shared segs per process */
>
The "#ifndef __KERNEL__" is not required:
As there is no reference to PAGE_SIZE anymore, one definition for SHMALL
is sufficient.
--
Manfred
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Manfred Spraul <manfred@colorfullife.com>
To: Davidlohr Bueso <davidlohr@hp.com>,
Andrew Morton <akpm@linux-foundation.org>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>,
KOSAKI Motohiro <kosaki.motohiro@gmail.com>,
Kamezawa Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>,
Greg Thelen <gthelen@google.com>,
aswin@hp.com, LKML <linux-kernel@vger.kernel.org>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
linux-api@vger.kernel.org
Subject: Re: [PATCH v3] ipc,shm: disable shmmax and shmall by default
Date: Fri, 18 Apr 2014 11:26:02 +0200 [thread overview]
Message-ID: <5350EFAA.2030607@colorfullife.com> (raw)
In-Reply-To: <1397784345.2556.26.camel@buesod1.americas.hpqcorp.net>
Hi Davidlohr,
On 04/18/2014 03:25 AM, Davidlohr Bueso wrote:
> So a value of 0 bytes or pages, for shmmax and shmall, respectively,
> implies unlimited memory, as opposed to disabling sysv shared memory.
That might be a second risk:
Right now, a sysadmin can prevent sysv memory allocations with
# sysctl kernel.shmall=0
After your patch is applied, this line allows unlimited allocations.
Obviously my patch has the opposite problem: 64-bit wrap-arounds.
> --- a/include/uapi/linux/shm.h
> +++ b/include/uapi/linux/shm.h
> @@ -9,14 +9,14 @@
>
> /*
> * SHMMAX, SHMMNI and SHMALL are upper limits are defaults which can
> - * be increased by sysctl
> + * be modified by sysctl. By default, disable SHMMAX and SHMALL with
> + * 0 bytes, thus allowing processes to have unlimited shared memory.
> */
> -
> -#define SHMMAX 0x2000000 /* max shared seg size (bytes) */
> +#define SHMMAX 0 /* max shared seg size (bytes) */
> #define SHMMIN 1 /* min shared seg size (bytes) */
> #define SHMMNI 4096 /* max num of segs system wide */
> #ifndef __KERNEL__
> -#define SHMALL (SHMMAX/getpagesize()*(SHMMNI/16))
> +#define SHMALL 0
> #endif
> #define SHMSEG SHMMNI /* max shared segs per process */
>
The "#ifndef __KERNEL__" is not required:
As there is no reference to PAGE_SIZE anymore, one definition for SHMALL
is sufficient.
--
Manfred
next prev parent reply other threads:[~2014-04-18 9:26 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-18 1:25 [PATCH v3] ipc,shm: disable shmmax and shmall by default Davidlohr Bueso
2014-04-18 1:25 ` Davidlohr Bueso
2014-04-18 1:25 ` Davidlohr Bueso
2014-04-18 9:26 ` Manfred Spraul [this message]
2014-04-18 9:26 ` Manfred Spraul
2014-04-18 15:36 ` Michael Kerrisk (man-pages)
2014-04-18 15:36 ` Michael Kerrisk (man-pages)
[not found] ` <CAKgNAkhY94Y5Nut9+Jj1gcnio81CEmE5sQL_gH_zFnHD-yNx2Q-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-04-18 17:51 ` Manfred Spraul
2014-04-18 17:51 ` Manfred Spraul
2014-04-18 17:51 ` Manfred Spraul
2014-04-18 16:33 ` Davidlohr Bueso
2014-04-18 16:33 ` Davidlohr Bueso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5350EFAA.2030607@colorfullife.com \
--to=manfred@colorfullife.com \
--cc=akpm@linux-foundation.org \
--cc=aswin@hp.com \
--cc=davidlohr@hp.com \
--cc=gthelen@google.com \
--cc=kamezawa.hiroyu@jp.fujitsu.com \
--cc=kosaki.motohiro@gmail.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mtk.manpages@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.