MAX_ARG_PAGES has no effect?

MAX_ARG_PAGES has no effect?

[Nick Matteo]

The other day I was running a grep on a big directory tree and got a 
"Argument list too long" error.  Since I'd like to have this work 
without messing with find and xargs each time, I went into 
include/linux/binfmts.h and changed

#define MAX_ARG_PAGES 32

to

#define MAX_ARG_PAGES 64

I recompiled and installed the kernel, but there's no change (getconf 
ARG_MAX still gives 131072.)  What am I missing?

I am running 2.6.13 on amd64.

Thanks,
Nick Matteo

Re: MAX_ARG_PAGES has no effect?

[Ingo Molnar]

* Nick Matteo <kundor@kundor.org> wrote:

> The other day I was running a grep on a big directory tree and got a 
> "Argument list too long" error.  Since I'd like to have this work 
> without messing with find and xargs each time, I went into 
> include/linux/binfmts.h and changed
> 
> #define MAX_ARG_PAGES 32
> 
> to
> 
> #define MAX_ARG_PAGES 64
> 
> I recompiled and installed the kernel, but there's no change (getconf 
> ARG_MAX still gives 131072.)  What am I missing?

MAX_ARG_PAGES should work just fine. I think the 'getconf ARG_MAX' 
output is hardcoded. (because the kernel does not provide the 
information dynamically)

	Ingo

Re: MAX_ARG_PAGES has no effect?

[Jakub Jelinek]

On Wed, Aug 31, 2005 at 02:11:44PM +0200, Ingo Molnar wrote:
> > I recompiled and installed the kernel, but there's no change (getconf 
> > ARG_MAX still gives 131072.)  What am I missing?
> 
> MAX_ARG_PAGES should work just fine. I think the 'getconf ARG_MAX' 
> output is hardcoded. (because the kernel does not provide the 
> information dynamically)

Yeah, you get the value of ARG_MAX from <linux/limits.h> that was compiled
in when you compiled glibc.

	Jakub

Re: MAX_ARG_PAGES has no effect?

[Andi Kleen]

Ingo Molnar <mingo@elte.hu> writes:
> 
> MAX_ARG_PAGES should work just fine. I think the 'getconf ARG_MAX' 
> output is hardcoded. (because the kernel does not provide the 
> information dynamically)

Perhaps it would be a good idea to make it a sysctl. Is there 
any reason it should be hardcoded?  I cannot think of any.

Ok if someone lowers the sysctl then execve has to handle
the case of the args/environment possibly not fitting anymore,
but that should be easy.

-Andi

Re: MAX_ARG_PAGES has no effect?

[Ingo Molnar]

* Andi Kleen <ak@suse.de> wrote:

> Ingo Molnar <mingo@elte.hu> writes:
> > 
> > MAX_ARG_PAGES should work just fine. I think the 'getconf ARG_MAX' 
> > output is hardcoded. (because the kernel does not provide the 
> > information dynamically)
> 
> Perhaps it would be a good idea to make it a sysctl. Is there any 
> reason it should be hardcoded?  I cannot think of any.
> 
> Ok if someone lowers the sysctl then execve has to handle the case of 
> the args/environment possibly not fitting anymore, but that should be 
> easy.

the whole thing should be reworked, so that there is no artificial limit 
like MAX_ARG_PAGES. (it is after all just another piece of memory, in 
theory)

I have tried this a couple of times but failed - it's a hard problem. 
Linus had the idea years ago to page-flip the argument data into the new 
process's address space, but that doesnt work out in practice due to the 
way glibc has to extend the environment space. (glibc extends it by 
modifying the environment array, or relocating it if it has to be grown.  
execve() currently automatically 'linearizes' the environment by copying 
both the array and the old and new environment strings to a linear piece 
of memory.)

If we do unconditional page-flipping then we fragment the argument 
space, if we do both page-flipping if things are unfragmented and 
well-aligned, and 'compact' the layout otherwise, we havent solved the 
problem and have introduced a significant extra layer of complexity to 
an already security-sensitive and fragile piece of code.

The best method i found was to get rid of bprm->pages[] and to directly 
copy strings into the new mm via kmap (and to follow whatever RAM 
allocation policies/limits there are for the new mm), but that's quite 
ugly.

	Ingo

Re: MAX_ARG_PAGES has no effect?

[Andi Kleen]

On Thursday 01 September 2005 08:57, Ingo Molnar wrote:

> the whole thing should be reworked, so that there is no artificial limit
> like MAX_ARG_PAGES. (it is after all just another piece of memory, in
> theory)

Yes, a sysctl would probably lead to fragmentation problems and then
people would do ugly linked lists of buffers like poll.

> If we do unconditional page-flipping then we fragment the argument
> space, if we do both page-flipping if things are unfragmented and
> well-aligned, and 'compact' the layout otherwise, we havent solved the
> problem and have introduced a significant extra layer of complexity to
> an already security-sensitive and fragile piece of code.

Page flipping = COW like fork would do?

Not sure how this would work - the arguments of execve can be anywhere
in the address space and would presumably be often be in a inconvenient
place like in the middle of the stack of the new executable.

> The best method i found was to get rid of bprm->pages[] and to directly
> copy strings into the new mm via kmap (and to follow whatever RAM
> allocation policies/limits there are for the new mm), but that's quite
> ugly.

That sounds better.

-Andi

Re: MAX_ARG_PAGES has no effect?

[Ingo Molnar]

* Andi Kleen <ak@suse.de> wrote:

> On Thursday 01 September 2005 08:57, Ingo Molnar wrote:
> 
> > the whole thing should be reworked, so that there is no artificial limit
> > like MAX_ARG_PAGES. (it is after all just another piece of memory, in
> > theory)
> 
> Yes, a sysctl would probably lead to fragmentation problems and then 
> people would do ugly linked lists of buffers like poll.

not really fragmentation problems (the unit of allocation of argument 
pages is already a single page, and we do an array of pages), the real 
problem is the DoS - right now the array pages are unswappable while an 
exec() is ongoing.

> > If we do unconditional page-flipping then we fragment the argument
> > space, if we do both page-flipping if things are unfragmented and
> > well-aligned, and 'compact' the layout otherwise, we havent solved the
> > problem and have introduced a significant extra layer of complexity to
> > an already security-sensitive and fragile piece of code.
> 
> Page flipping = COW like fork would do?

i dont think we need COW. During execve() we are destroying the old 
context and are creating a completely new context, so in theory we could 
just 'flip over' the argument/environment pages (which are a parameter 
to sys_execve()) from the old mm into the newly created mm, without 
caring about the old mm.

> Not sure how this would work - the arguments of execve can be anywhere 
> in the address space and would presumably be often be in a 
> inconvenient place like in the middle of the stack of the new 
> executable.

yes, that's one of the issues. I've done some instrumentation some time 
ago and it seemed that the arguments are typically page-aligned, so the 
only issue would be to clear the partial page at the end of the 
arguments. But i still think the concept is volatile.

> > The best method i found was to get rid of bprm->pages[] and to directly
> > copy strings into the new mm via kmap (and to follow whatever RAM
> > allocation policies/limits there are for the new mm), but that's quite
> > ugly.
> 
> That sounds better.

yeah. It's also pretty laborous though.

	Ingo