From: Carlos Llamas <cmllamas@google.com>
To: Alice Ryhl <aliceryhl@google.com>
Cc: "Yunseong Kim" <yunseong.kim@est.tech>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Arve Hjønnevåg" <arve@android.com>,
"Todd Kjos" <tkjos@android.com>,
"Christian Brauner" <brauner@kernel.org>,
"Brian Swetland" <swetland@google.com>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Boqun Feng" <boqun@kernel.org>, "Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <lossin@kernel.org>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Trevor Gross" <tmgross@umich.edu>,
"Danilo Krummrich" <dakr@kernel.org>,
"Greg Kroah-Hartman" <gregkh@suse.de>,
linux-kernel@vger.kernel.org, rust-for-linux@vger.kernel.org,
"Yunseong Kim" <ysk@kzalloc.com>
Subject: Re: [PATCH 0/4] binder: cap max_threads and reject duplicate looper entry
Date: Sat, 6 Jun 2026 14:51:23 +0000 [thread overview]
Message-ID: <aiQz6zwXRQEpf7wF@google.com> (raw)
In-Reply-To: <aiKc-4v4T4X4DKSL@google.com>
On Fri, Jun 05, 2026 at 09:55:07AM +0000, Alice Ryhl wrote:
> On Thu, Jun 04, 2026 at 10:27:19PM +0200, Yunseong Kim wrote:
> > Hi Alice,
> >
> > On 6/3/26 20:57, Alice Ryhl wrote:
> > > On Wed, Jun 3, 2026 at 8:02 PM Yunseong Kim <yunseong.kim@est.tech> wrote:
> > >
> > > My understanding is that the only thing BINDER_SET_MAX_THREADS does is
> > > cause the kernel to tell userspace "please spawn more threads" when
> > > all threads are in use and there are incoming transactions. I don't
> > > understand how it helps by pass ulimit. Did you try running your test
Correct. SET_MAX_THREADS is simply the threshold at which the kernel
will stop pinging userspace to "please spawn more threads". Nothing
more.
Userspace can choose to ignore that or not. It's got complete control
(as it should) to spawn more threads, and it would still be bounded by
its system-level limits (RLIMIT_NPROC).
> > I think accepting 0xFFFFFFFF for a thread pool size is arguably poor input
> > validation. no sane userspace would request 4 billion threads.
> >
> > Would a separate patch (without Fixes tag) that caps max_threads at a
> > reasonable upper bound be welcome, or is it not worth the churn? this is
> > hardening, not a security fix.
>
> I don't think that's useful.
Right. Please let userspace decide it's own threshold. Let's instead use
the appropriate means to limit the thread creation. There is no need to
duplicate that in binder.
Cheers,
--
Carlos Llamas
prev parent reply other threads:[~2026-06-06 14:51 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-03 18:01 [PATCH 0/4] binder: cap max_threads and reject duplicate looper entry Yunseong Kim
2026-06-03 18:01 ` [PATCH 1/4] binder: cap BINDER_SET_MAX_THREADS at RLIMIT_NPROC Yunseong Kim
2026-06-03 18:01 ` [PATCH 2/4] binder: reject duplicate BC_ENTER_LOOPER commands Yunseong Kim
2026-06-03 18:01 ` [PATCH 3/4] rust_binder: cap set_max_threads at RLIMIT_NPROC Yunseong Kim
2026-06-03 18:01 ` [PATCH 4/4] rust_binder: reject duplicate BC_ENTER_LOOPER in looper_enter Yunseong Kim
2026-06-03 18:57 ` [PATCH 0/4] binder: cap max_threads and reject duplicate looper entry Alice Ryhl
2026-06-04 20:27 ` Yunseong Kim
2026-06-05 9:55 ` Alice Ryhl
2026-06-05 11:31 ` Yunseong Kim
2026-06-06 14:51 ` Carlos Llamas [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aiQz6zwXRQEpf7wF@google.com \
--to=cmllamas@google.com \
--cc=a.hindborg@kernel.org \
--cc=aliceryhl@google.com \
--cc=arve@android.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun@kernel.org \
--cc=brauner@kernel.org \
--cc=dakr@kernel.org \
--cc=gary@garyguo.net \
--cc=gregkh@linuxfoundation.org \
--cc=gregkh@suse.de \
--cc=linux-kernel@vger.kernel.org \
--cc=lossin@kernel.org \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=swetland@google.com \
--cc=tkjos@android.com \
--cc=tmgross@umich.edu \
--cc=ysk@kzalloc.com \
--cc=yunseong.kim@est.tech \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox