lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 2 Sep 2009 23:51:01 +0200
From:	Oleg Nesterov <oleg@...hat.com>
To:	Jiri Slaby <jirislaby@...il.com>
Cc:	akpm@...ux-foundation.org, mingo@...hat.com,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/2] core: allow setrlimit to non-current tasks

On 09/02, Jiri Slaby wrote:
>
> On 09/02/2009 03:50 PM, Oleg Nesterov wrote:
> > But there is another minor problem. If we use read_lock(ttasklist), then
> > the write to /proc/application_pid/limits can race with application doing
> > sys_setrlimits().
> >
> > Nothing bad can happen, but this means that "echo ... > /proc/limits" can
> > be lost. Not good, if admin wants to lower ->rlim_max we should try to ensure
> > this always works.
>
> Actually, process cpu timer may be set to a wrong value. When

Yes, I thought about this too. In fact I was going to complain, but then
decided this is OK.

> * somebody unrelated holds sighand->siglock
> * process one stores rlim_new to rlim and gets stuck on spin_lock(siglock)
> * process two does the same

s/process/thread/. (I am talking about the current code). IOW, if the
application is stupid and does setrlimit() from multimple threads at
the same time - we can't help, the result is not predictable.

But, unless I missed something I think this case is fine, please see below.

> * somebody releases sighand->siglock
> * process one continues...

Now, it is possible that cputime_expires.xxx_exp does not match
->rlim[RLIMIT_CPU].rlim_cur.

But we don't care. update_rlimit_cpu() must ensure that cputime_expires.xxx_exp
is not greater than necessary, nothing else.

> I can't think of anything else than doing all the checks and updates
> under alloc_lock, introducing coarse grained static mutex in setrlimit
> to protect it,

Oh, please don't ;)

Or I missed your point?


But if you mean this series, then yes, I agree. We should try to do something
to ensure that at least rlim_max can be always lowered when admin writes to
/proc/pid/limits.

Oleg.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ