From: Willy Tarreau <w@1wt.eu>
To: "Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>
Cc: linux-man <linux-man@vger.kernel.org>,
lkml <linux-kernel@vger.kernel.org>,
socketpair@gmail.com,
Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
linux-fsdevel@vger.kernel.org
Subject: Re: Document accounting of FDs passed over UNIX domain sockets
Date: Sat, 17 Dec 2016 08:04:31 +0100 [thread overview]
Message-ID: <20161217070431.GA13141@1wt.eu> (raw)
In-Reply-To: <68dec064-17bb-0994-8dcf-e06d54d80ada@gmail.com>
Hi Michael,
On Fri, Dec 16, 2016 at 12:08:33PM +0100, Michael Kerrisk (man-pages) wrote:
> Hello Willy,
>
> Your commit 712f4aad406bb1 ("unix: properly account for FDs passed over
> unix sockets" added accounting to ensure that the RLIMIT_NOFILE limit
> could not be bypassed when passing file descriptors across UNIX
> domain sockets.
>
> Such patches should be CCed to linux-api@vger.kernel.org ;-)
Yes, I learned this after your presentation at kernel recipes, but this
patch pre-dates it ;-)
> A documentation [atch would be great as well, but I had a shot
> at cobbling some text together. Does the text below (for the unix(7)
> man page) look okay?
I think so, though maybe we can arrange it very slightly given that
this was considered as a fix for a vulnerability and backported to
various kernels :
> ETOOMANYREFS
> This error can occur for sendmsg(2) when sending a file
> descriptor as ancilary data over a UNIX domain socket (see
> the description of SCM_RIGHTS, above). It occurs if the
> number of "in-flight" file descriptors exceeds the
> RLIMIT_NOFILE resource limit and the caller does not have
> the CAP_SYS_RESOURCE capability. An in-flight file
> descriptor is one that has been sent using sendmsg(2) but
> has not yet been accepted in the recipient process using
> recvmsg(2).
>
> This error is diagnosed since Linux 4.5. In earlier kernel
> versions, it was possible to place an unlimited number of
> file descriptors in flight, by sending each file descriptor
> with sendmsg(2) and then closing the file descriptor so
> that it was not accounted against the RLIMIT_NOFILE
> resource limit.
- resource limit.
+ resource limit. Some older stable kernels might have
+ included the same check by backporting the fix from 4.5.
I've just checked the exact versions containing this, but I don't think
it's worth providing the list, in my opinion mentionning that it could be
observed on some older versions is enough to help developers who see it
in field :
- 3.2.78
- 3.10.99
- 3.12.57
- 3.14.63
- 3.16.35
- 3.18.27
- 4.1.19
- 4.4.4
Best regards,
Willy
next prev parent reply other threads:[~2016-12-17 7:04 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-16 11:08 Document accounting of FDs passed over UNIX domain sockets Michael Kerrisk (man-pages)
2016-12-17 7:04 ` Willy Tarreau [this message]
[not found] ` <20161217070431.GA13141-K+wRfnb2/UA@public.gmane.org>
2016-12-17 9:34 ` Michael Kerrisk (man-pages)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161217070431.GA13141@1wt.eu \
--to=w@1wt.eu \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-man@vger.kernel.org \
--cc=mtk.manpages@gmail.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=socketpair@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox