From: Alice Ryhl <aliceryhl@google.com>
To: Carlos Llamas <cmllamas@google.com>
Cc: "Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Arve Hjønnevåg" <arve@android.com>,
"Todd Kjos" <tkjos@android.com>,
"Christian Brauner" <brauner@kernel.org>,
"Wedson Almeida Filho" <wedsonaf@gmail.com>,
"Matt Gilbride" <mattgilbride@google.com>,
"Paul Moore" <paul@paul-moore.com>,
"Vitaly Wool" <vitaly.wool@konsulko.se>,
"Miguel Ojeda" <ojeda@kernel.org>,
kernel-team@android.com, linux-kernel@vger.kernel.org,
"Tiffany Yang" <ynaffit@google.com>,
stable@vger.kernel.org
Subject: Re: [PATCH] rust_binder: fix oneway spam detection
Date: Wed, 11 Feb 2026 09:33:40 +0000 [thread overview]
Message-ID: <aYxM9JbH1tlTtxqi@google.com> (raw)
In-Reply-To: <20260210232949.3770644-1-cmllamas@google.com>
On Tue, Feb 10, 2026 at 11:28:20PM +0000, Carlos Llamas wrote:
> The spam detection logic in TreeRange was executed before the current
> request was inserted into the tree. So the new request was not being
> factored in the spam calculation. Fix this by moving the logic after
> the new range has been inserted.
>
> Also, the detection logic for ArrayRange was missing altogether which
> meant large spamming transactions could get away without being detected.
> Fix this by implementing an equivalent low_oneway_space() in ArrayRange.
>
> Note that I looked into centralizing this logic in RangeAllocator but
> iterating through 'state' and 'size' got a bit too complicated (for me)
> and I abandoned this effort.
I think current approach is fine.
> Cc: stable@vger.kernel.org
> Cc: Alice Ryhl <aliceryhl@google.com>
> Fixes: eafedbc7c050 ("rust_binder: add Rust Binder driver")
> Signed-off-by: Carlos Llamas <cmllamas@google.com>
Reviewed-by: Alice Ryhl <aliceryhl@google.com>
> + /// Find the amount and size of buffers allocated by the current caller.
> + ///
> + /// The idea is that once we cross the threshold, whoever is responsible
> + /// for the low async space is likely to try to send another async transaction,
> + /// and at some point we'll catch them in the act. This is more efficient
> + /// than keeping a map per pid.
> + fn low_oneway_space(&self, calling_pid: Pid) -> bool {
> + let mut total_alloc_size = 0;
> + let mut num_buffers = 0;
> +
> + // Warn if this pid has more than 50 transactions, or more than 50% of
> + // async space (which is 25% of total buffer size). Oneway spam is only
> + // detected when the threshold is exceeded.
> + for range in &self.ranges {
> + if range.state.is_oneway() && range.state.pid() == calling_pid {
> + total_alloc_size += range.size;
> + num_buffers += 1;
> + }
> + }
> + num_buffers > 50 || total_alloc_size > self.size / 4
The array can never contain 50 buffers, but we should still keep this
check in case that's changed in the future.
Alice
next prev parent reply other threads:[~2026-02-11 9:33 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-10 23:28 [PATCH] rust_binder: fix oneway spam detection Carlos Llamas
2026-02-10 23:55 ` Miguel Ojeda
2026-02-11 9:33 ` Alice Ryhl [this message]
2026-02-12 7:41 ` Tiffany Yang
2026-02-13 7:57 ` Alice Ryhl
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aYxM9JbH1tlTtxqi@google.com \
--to=aliceryhl@google.com \
--cc=arve@android.com \
--cc=brauner@kernel.org \
--cc=cmllamas@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=kernel-team@android.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mattgilbride@google.com \
--cc=ojeda@kernel.org \
--cc=paul@paul-moore.com \
--cc=stable@vger.kernel.org \
--cc=tkjos@android.com \
--cc=vitaly.wool@konsulko.se \
--cc=wedsonaf@gmail.com \
--cc=ynaffit@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox