From: "Eric W. Biederman" <ebiederm@xmission.com>
To: Miaohe Lin <linmiaohe@huawei.com>
Cc: <akpm@linux-foundation.org>, <hughd@google.com>,
<linux-mm@kvack.org>, <linux-kernel@vger.kernel.org>,
Alexey Gladkov <legion@kernel.org>
Subject: Re: [PATCH v2] mm/mlock: fix potential imbalanced rlimit ucounts adjustment
Date: Mon, 14 Mar 2022 10:21:10 -0500 [thread overview]
Message-ID: <87h78036hl.fsf@email.froward.int.ebiederm.org> (raw)
In-Reply-To: <20220314064039.62972-1-linmiaohe@huawei.com> (Miaohe Lin's message of "Mon, 14 Mar 2022 14:40:39 +0800")
Miaohe Lin <linmiaohe@huawei.com> writes:
> user_shm_lock forgets to set allowed to 0 when get_ucounts fails. So
> the later user_shm_unlock might do the extra dec_rlimit_ucounts. Fix
> this by resetting allowed to 0.
This fix looks correct. But the ability for people to follow and read
the code seems questionable. I saw in v1 of this patch Hugh originally
misread the logic.
Could we instead change the code to leave lock_limit at ULONG_MAX aka
RLIM_INFINITY, leave initialized to 0, and not even need a special case
of RLIM_INFINITY as nothing can be greater that ULONG_MAX?
Something like this?
diff --git a/mm/mlock.c b/mm/mlock.c
index 8f584eddd305..e7eabf5193ab 100644
--- a/mm/mlock.c
+++ b/mm/mlock.c
@@ -827,13 +827,12 @@ int user_shm_lock(size_t size, struct ucounts *ucounts)
locked = (size + PAGE_SIZE - 1) >> PAGE_SHIFT;
lock_limit = rlimit(RLIMIT_MEMLOCK);
- if (lock_limit == RLIM_INFINITY)
- allowed = 1;
- lock_limit >>= PAGE_SHIFT;
+ if (lock_limit != RLIM_INFINITY)
+ lock_limit >>= PAGE_SHIFT;
spin_lock(&shmlock_user_lock);
memlock = inc_rlimit_ucounts(ucounts, UCOUNT_RLIMIT_MEMLOCK, locked);
- if (!allowed && (memlock == LONG_MAX || memlock > lock_limit) && !capable(CAP_IPC_LOCK)) {
+ if ((memlock == LONG_MAX || memlock > lock_limit) && !capable(CAP_IPC_LOCK)) {
dec_rlimit_ucounts(ucounts, UCOUNT_RLIMIT_MEMLOCK, locked);
goto out;
}
>
> Fixes: d7c9e99aee48 ("Reimplement RLIMIT_MEMLOCK on top of ucounts")
> Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
> Acked-by: Hugh Dickins <hughd@google.com>
> ---
> v1->v2:
> correct Fixes tag and collect Acked-by tag
> Thanks Hugh for review!
> ---
> mm/mlock.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/mm/mlock.c b/mm/mlock.c
> index 29372c0eebe5..efd2dd2943de 100644
> --- a/mm/mlock.c
> +++ b/mm/mlock.c
> @@ -733,6 +733,7 @@ int user_shm_lock(size_t size, struct ucounts *ucounts)
> }
> if (!get_ucounts(ucounts)) {
> dec_rlimit_ucounts(ucounts, UCOUNT_RLIMIT_MEMLOCK, locked);
> + allowed = 0;
> goto out;
> }
> allowed = 1;
Eric
next prev parent reply other threads:[~2022-03-14 15:21 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-14 6:40 [PATCH v2] mm/mlock: fix potential imbalanced rlimit ucounts adjustment Miaohe Lin
2022-03-14 15:21 ` Eric W. Biederman [this message]
2022-03-15 12:17 ` Miaohe Lin
2022-03-15 18:32 ` Eric W. Biederman
2022-03-16 6:55 ` Miaohe Lin
2022-03-16 14:11 ` Eric W. Biederman
2022-03-17 1:50 ` Miaohe Lin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87h78036hl.fsf@email.froward.int.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=akpm@linux-foundation.org \
--cc=hughd@google.com \
--cc=legion@kernel.org \
--cc=linmiaohe@huawei.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.