From: Alexey Gladkov <legion@kernel.org>
To: Andrei Vagin <avagin@google.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
Roman Gushchin <roman.gushchin@linux.dev>,
oleg@redhat.com, linux-kernel@vger.kernel.org,
Kees Cook <kees@kernel.org>,
stable@vger.kernel.org
Subject: Re: [PATCH] signal: restore the override_rlimit logic
Date: Sat, 2 Nov 2024 17:26:10 +0100 [thread overview]
Message-ID: <ZyZSotlacLgzWxUl@example.org> (raw)
In-Reply-To: <CAEWA0a4Kz9exk04Wgx9UZ9YFfURnS-=50TWyhPHm3i-N-D_8DA@mail.gmail.com>
On Fri, Nov 01, 2024 at 03:44:48PM -0700, Andrei Vagin wrote:
> On Fri, Nov 1, 2024 at 1:58 PM Eric W. Biederman <ebiederm@xmission.com> wrote:
>
> > > Well, personally I'd not use this limit too, but I don't think
> > > "it's broken, userspace shouldn't use it" argument is valid.
> >
> > I said if you don't want the limit don't use it.
> >
> > A version of "Doctor it hurts when I do this". To which the doctor
> > replies "Don't do that then".
>
> Unfortunately, it isn't an option here. This is a non-root user that
> creates a new user-namespace. It can't change RLIMIT_SIGPENDING
> beyond the current limit.
>
> We have to distinguish between two types of signals:
>
> * Kernel signals: These are essential for proper application behavior.
> If a user process triggers a memory fault, it gets SIGSEGV and it can’t
> ignore it. The number of such signals is limited by one per user thread.
>
> * User signals: These are sent by users and can be blocked by the
> receiving process, potentially leading to a large queue of pending
> signals. This is where the RLIMIT_SIGPENDING limit plays its role in
> preventing excessive resource consumption.
>
> New user namespaces inherit the current sigpending rlimit, so it is
> expected that the behavior of the user-namespace limit is aligned with
> the overall RLIMIT_SIGPENDING mechanism.
Hm. I think I understand the problem now.
+Cc Oleg Nesterov.
--
Rgrds, legion
next prev parent reply other threads:[~2024-11-02 16:26 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-31 20:04 [PATCH] signal: restore the override_rlimit logic Roman Gushchin
2024-11-01 19:51 ` Eric W. Biederman
2024-11-01 20:38 ` Roman Gushchin
2024-11-01 20:58 ` Eric W. Biederman
2024-11-01 21:21 ` Roman Gushchin
2024-11-01 22:44 ` Andrei Vagin
2024-11-02 16:26 ` Alexey Gladkov [this message]
2024-11-03 16:50 ` Oleg Nesterov
2024-11-04 18:21 ` Roman Gushchin
2024-11-04 18:44 ` Oleg Nesterov
2024-11-04 19:02 ` Alexey Gladkov
2024-11-04 19:42 ` Roman Gushchin
2024-11-01 23:28 ` Alexey Gladkov
2024-11-01 23:50 ` Roman Gushchin
2024-11-02 13:46 ` Alexey Gladkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZyZSotlacLgzWxUl@example.org \
--to=legion@kernel.org \
--cc=avagin@google.com \
--cc=ebiederm@xmission.com \
--cc=kees@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=oleg@redhat.com \
--cc=roman.gushchin@linux.dev \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.