LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Waiman Long <longman@redhat.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: "Luis R. Rodriguez" <mcgrof@kernel.org>,
	Kees Cook <keescook@chromium.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	Jonathan Corbet <corbet@lwn.net>,
	linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
	linux-doc@vger.kernel.org, Al Viro <viro@zeniv.linux.org.uk>,
	Matthew Wilcox <willy@infradead.org>
Subject: Re: [PATCH v6 0/8] ipc: Clamp *mni to the real IPCMNI limit & increase that limit
Date: Wed, 2 May 2018 09:23:58 -0400	[thread overview]
Message-ID: <5aac35f0-77e3-5693-ddf0-a03695ff1192@redhat.com> (raw)
In-Reply-To: <87po2ex0k6.fsf@xmission.com>

On 05/01/2018 10:18 PM, Eric W. Biederman wrote:
>
>> The sysctl parameters msgmni, shmmni and semmni have an inherent limit
>> of IPC_MNI (32k). However, users may not be aware of that because they
>> can write a value much higher than that without getting any error or
>> notification. Reading the parameters back will show the newly written
>> values which are not real.
>>
>> Enforcing the limit by failing sysctl parameter write, however, may
>> cause regressions if existing user setup scripts set those parameters
>> above 32k as those scripts will now fail in this case.
> I have a serious problem with this approach.  Have you made any effort
> to identify any code that sets these values above 32k?  Have you looked
> to see if these applications actually care if you return an error when
> a value is set too large?

It is not that an application cares about if an error is returned or
not. Most applications don't care. It is that if an error is returned,
it means that the sysctl parameter isn't change at all instead of being
set to a large value and then internally clamped to a smaller number
which is still bigger than the original value. That is what can break an
application because the sysctl parameters may be just too small for the
application.

> Right now this seems like a lot of work to avoid breaking applications
> and or users that may or may not exist.  If you can find something that
> will care sure.  We need to avoid breaking userspace and causing
> regressions.  However as this stands it looks you are making maintenance
> of the kernel more difficult to avoid having to look to see if there are
> monsters under the bed.

I shall admit that it can be hard to find applications that will
explicitly need that as we usually don't have access to the applications
that the customers have. It is more a correctness issue where the
existing code is kind of lying about what can actually be supported. I
just want to make the users more aware of what the right limits are.

Cheers,
Longman

  reply	other threads:[~2018-05-02 13:24 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-04-27 21:00 Waiman Long
2018-04-27 21:00 ` [PATCH v6 1/8] sysctl: Add flags to support min/max range clamping Waiman Long
2018-04-27 21:00 ` [PATCH v6 2/8] proc/sysctl: Provide additional ctl_table.flags checks Waiman Long
2018-04-27 21:00 ` [PATCH v6 3/8] sysctl: Warn when a clamped sysctl parameter is set out of range Waiman Long
2018-04-30 22:40   ` Kees Cook
2018-05-01 13:41     ` Waiman Long
2018-04-27 21:00 ` [PATCH v6 4/8] ipc: Clamp msgmni and shmmni to the real IPCMNI limit Waiman Long
2018-04-27 21:00 ` [PATCH v6 5/8] ipc: Clamp semmni " Waiman Long
2018-04-27 21:00 ` [PATCH v6 6/8] test_sysctl: Add range clamping test Waiman Long
2018-04-27 21:00 ` [PATCH v6 7/8] ipc: Allow boot time extension of IPCMNI from 32k to 2M Waiman Long
2018-04-29 15:54   ` kbuild test robot
2018-04-27 21:00 ` [PATCH v6 8/8] ipc: Conserve sequence numbers in extended IPCMNI mode Waiman Long
2018-04-29 16:51   ` kbuild test robot
2018-05-02  2:18 ` [PATCH v6 0/8] ipc: Clamp *mni to the real IPCMNI limit & increase that limit Eric W. Biederman
2018-05-02 13:23   ` Waiman Long [this message]
2018-05-02 15:06     ` Eric W. Biederman
2018-05-07 19:14       ` Waiman Long

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5aac35f0-77e3-5693-ddf0-a03695ff1192@redhat.com \
    --to=longman@redhat.com \
    --cc=akpm@linux-foundation.org \
    --cc=corbet@lwn.net \
    --cc=ebiederm@xmission.com \
    --cc=keescook@chromium.org \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mcgrof@kernel.org \
    --cc=viro@zeniv.linux.org.uk \
    --cc=willy@infradead.org \
    --subject='Re: [PATCH v6 0/8] ipc: Clamp *mni to the real IPCMNI limit & increase that limit' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).