From: Marcelo Tosatti <marcelo.tosatti@cyclades.com>
To: Chris Wright <chrisw@osdl.org>
Cc: linux-kernel@vger.kernel.org,
Manfred Spraul <manfred@colorfullife.com>,
Andrew Morton <akpm@osdl.org>, Jakub Jelinek <jakub@redhat.com>
Subject: Re: [PATCH] per-user signal pending and message queue limits
Date: Thu, 6 May 2004 09:32:22 -0300 [thread overview]
Message-ID: <20040506123222.GC3133@logos.cnet> (raw)
In-Reply-To: <20040505170811.W22989@build.pdx.osdl.net>
> This BUG() is too easy to trigger, e.g. user creates mqueue, logs out,
> root comes by later and cleans up...BUG(). Simply caching user directly
> eliminates this altogether.
And with user_struct->__count you deal with that, yes?
Caching the user_struct directly is indeed much nicer.
>
> Some inconsistent use of p and current below.
>
> > struct msg_msg **msgs = NULL;
> > struct mq_attr attr;
> > int ret;
> > @@ -553,15 +578,26 @@
> > attr.mq_msgsize > msgsize_max)
> > return ERR_PTR(-EINVAL);
> > }
> > + if(p->user->msg_queues+ ((attr.mq_maxmsg * sizeof(struct msg_msg *)
> > + + (attr.mq_maxmsg * attr.mq_msgsize)))
> > + >= p->rlim[RLIMIT_MSGQUEUE].rlim_cur)
>
> Hrm, this thing can overflow. Seems like the hard maxes should be
> smaller. As it stands, looks like the hard max mq_msgsize that root
> could setup is INT_MAX.
Eek. Just decreasing max mq_msgsize to something _much_ smaller is ok, isnt it?
Like, say, 64MB.
> > + return ERR_PTR(-ENOMEM);
> > +
> > msgs = kmalloc(attr.mq_maxmsg * sizeof(*msgs), GFP_KERNEL);
> > if (!msgs)
> > return ERR_PTR(-ENOMEM);
> > +
> > + spin_lock(&mq_lock);
> > + current->user->msg_queues += (attr.mq_maxmsg * sizeof(*msgs) +
> > + (attr.mq_maxmsg * attr.mq_msgsize));
> > + spin_unlock(&mq_lock);
>
> This path means the user is penalized for the mq_attr sized accounting,
> plus the default sized accounting which happens later in mqueue_get_inode().
> It is removed below, but as mentioned above, this could incorrectly
> cause mq_open() to fail.
OK!
> > } else {
> > msgs = NULL;
> > }
> >
> > ret = vfs_create(dir->d_inode, dentry, mode, NULL);
> > if (ret) {
> > + /* kfree(msgs): msgs can be NULL -mt */
> > kfree(msgs);
> > return ERR_PTR(ret);
> > }
> > @@ -572,8 +608,17 @@
> > if (msgs) {
> > info->attr.mq_maxmsg = attr.mq_maxmsg;
> > info->attr.mq_msgsize = attr.mq_msgsize;
> > + spin_lock(&mq_lock);
> > + current->user->msg_queues -= (info->attr.mq_maxmsg
> > + * sizeof (struct msg_msg *) +
> > + (info->attr.mq_maxmsg *
> > + info->attr.mq_msgsize));
> > + if (current->user->msg_queues < 0)
> > + current->user->msg_queues = 0;
>
> Oops, I think the subtraction is slightly wrong here. Should be before
> the info->attr is updated, else you are actually carrying accounting for
> the default size (minus the actually allocated size). Should be
> subtracting off the recently added default size.
>
> New patch below (based on 2.6.6-rc3-bk). Couple known issues are the
> possible mq_bytes caluclation overflow (not yet fixed in this patch),
> and setuid issue on signal side. All other known issues have been
> addressed.
The setuid issue on signal side is pretty harmless though. It only affects the
users which are setuid() capable, and which do so with signal pending.
I see no other way to fix it than cache the user struct in "struct sigqueue".
Thats not good news for performance (not sure how bad it would matter).
Again, thanks!
next prev parent reply other threads:[~2004-05-06 12:31 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-04-19 21:28 [PATCH] per-user signal pending and message queue limits Marcelo Tosatti
2004-04-19 22:49 ` Jakub Jelinek
2004-04-20 14:13 ` Marcelo Tosatti
2004-04-20 18:05 ` Manfred Spraul
2004-04-20 20:04 ` Andrew Morton
2004-04-20 23:13 ` Marcelo Tosatti
2004-04-20 23:34 ` Andrew Morton
2004-04-21 20:34 ` Marcelo Tosatti
2004-04-22 5:33 ` Manfred Spraul
2004-04-27 14:54 ` Marcelo Tosatti
2004-04-27 18:09 ` Manfred Spraul
2004-04-28 17:09 ` Marcelo Tosatti
2004-04-28 21:03 ` Andrew Morton
2004-04-29 1:33 ` Chris Wright
2004-04-29 12:17 ` Marcelo Tosatti
2004-04-29 19:58 ` Chris Wright
2004-05-06 0:08 ` Chris Wright
2004-05-06 12:09 ` Marcelo Tosatti
2004-05-06 12:32 ` Marcelo Tosatti [this message]
2004-05-07 0:56 ` Chris Wright
2004-04-19 22:59 ` Andrew Morton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040506123222.GC3133@logos.cnet \
--to=marcelo.tosatti@cyclades.com \
--cc=akpm@osdl.org \
--cc=chrisw@osdl.org \
--cc=jakub@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=manfred@colorfullife.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox