From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on archive.lwn.net X-Spam-Level: X-Spam-Status: No, score=-6.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_EF,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_NONE,T_DKIMWL_WL_HIGH autolearn=ham autolearn_force=no version=3.4.2 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by archive.lwn.net (Postfix) with ESMTP id 7186F7D2F0 for ; Sat, 1 Jun 2019 00:00:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726842AbfFAAAs (ORCPT ); Fri, 31 May 2019 20:00:48 -0400 Received: from mail.kernel.org ([198.145.29.99]:48304 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726610AbfFAAAr (ORCPT ); Fri, 31 May 2019 20:00:47 -0400 Received: from localhost.localdomain (c-73-223-200-170.hsd1.ca.comcast.net [73.223.200.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 96A9F27044; Sat, 1 Jun 2019 00:00:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1559347247; bh=4BNWIjdigKxKDogULYqYoz0tNzxPsCrWNp7S7A4jrRA=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=i5SKVxIKwWz9x+xpHiX88TxAWiNaAXjJwtUcL5B9qRjmOPOaSo5fKCYr32jO3uJKu vjrVaS23xnmTy6YsjQ2s6sd2W7wi8Jze6nYHOgEZYloPkPYcO0sOXrM6auM8c24NGB 0WnkltjQJxUK6yvEUl41l/c1kR1zx27ga/mxrSSQ= Date: Fri, 31 May 2019 17:00:46 -0700 From: Andrew Morton To: Albert Vaca Cintora Cc: rdunlap@infradead.org, mingo@kernel.org, jack@suse.cz, ebiederm@xmission.com, nsaenzjulienne@suse.de, linux-kernel@vger.kernel.org, corbet@lwn.net, linux-doc@vger.kernel.org, mbrugger@suse.com Subject: Re: [PATCH v3 2/3] kernel/ucounts: expose count of inotify watches in use Message-Id: <20190531170046.ac2b52d8c4923fdeedf943cc@linux-foundation.org> In-Reply-To: <20190531195016.4430-2-albertvaka@gmail.com> References: <20190531195016.4430-1-albertvaka@gmail.com> <20190531195016.4430-2-albertvaka@gmail.com> X-Mailer: Sylpheed 3.5.1 (GTK+ 2.24.31; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-doc-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-doc@vger.kernel.org On Fri, 31 May 2019 21:50:15 +0200 Albert Vaca Cintora wrote: > Adds a readonly 'current_inotify_watches' entry to the user sysctl table. > The handler for this entry is a custom function that ends up calling > proc_dointvec. Said sysctl table already contains 'max_inotify_watches' > and it gets mounted under /proc/sys/user/. > > Inotify watches are a finite resource, in a similar way to available file > descriptors. The motivation for this patch is to be able to set up > monitoring and alerting before an application starts failing because > it runs out of inotify watches. > > ... > > --- a/kernel/ucount.c > +++ b/kernel/ucount.c > @@ -118,6 +118,26 @@ static void put_ucounts(struct ucounts *ucounts) > kfree(ucounts); > } > > +#ifdef CONFIG_INOTIFY_USER > +int proc_read_inotify_watches(struct ctl_table *table, int write, > + void __user *buffer, size_t *lenp, loff_t *ppos) > +{ > + struct ucounts *ucounts; > + struct ctl_table fake_table; hmm. > + int count = -1; > + > + ucounts = get_ucounts(current_user_ns(), current_euid()); > + if (ucounts != NULL) { > + count = atomic_read(&ucounts->ucount[UCOUNT_INOTIFY_WATCHES]); > + put_ucounts(ucounts); > + } > + > + fake_table.data = &count; > + fake_table.maxlen = sizeof(count); > + return proc_dointvec(&fake_table, write, buffer, lenp, ppos); proc_dointvec ->do_proc_dointvec ->__do_proc_dointvec ->proc_first_pos_non_zero_ignore ->warn_sysctl_write ->pr_warn_once(..., table->procname) and I think ->procname is uninitialized. That's from a cursory check. Perhaps other uninitialized members of fake_table are accessed, dunno. we could do { struct ctl_table fake_table = { .data = &count, .maxlen = sizeof(count), }; return proc_dointvec(&fake_table, write, buffer, lenp, ppos); } or whatever. That will cause the pr_warn_once to print "(null)" but that's OK I guess. Are there other places in the kernel which do this temp ctl_table trick? If so, what do they do? If not, what is special about this code?