[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CANaxB-x413bEkfA=1FRrYz6=P+T-V372UUuP0o67KT2=7-eTPA@mail.gmail.com>
Date: Thu, 25 Oct 2012 19:02:18 +0400
From: Andrey Wagin <avagin@...il.com>
To: Andrew Morton <akpm@...ux-foundation.org>
Cc: linux-kernel@...r.kernel.org, Oleg Nesterov <oleg@...hat.com>,
Cyrill Gorcunov <gorcunov@...nvz.org>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Pavel Emelyanov <xemul@...allels.com>
Subject: Re: [PATCH] pidns: limit the nesting depth of pid namespaces
2012/10/24 Andrew Morton <akpm@...ux-foundation.org>:
> On Wed, 24 Oct 2012 09:38:57 +0400
> Andrey Wagin <avagin@...il.com> wrote:
>
>> >
>> > I think that returning -ENOMEM in response to an excessive nesting
>> > attempt is misleading - the system *didn't* run out of memory. EINVAL
>> > is better?
>>
>> I chose ENOMEM by analogy with max_pid. When a new PID can not be
>> allocated, ENOMEM is returned too.
>
> I don't know what this means - please be carefully specific when
> identifying kernel code.
Sorry.
>
> If you're referring to kernel/pid.c:alloc_pid() then -ENOMEM is
> appropriate there, because a failure *is* caused by memory allocation
> failure.
I'm referring to alloc_pidmap().
For example I set pid_max to 500 and try to create more than 500 processes.
[pid 345] clone(child_stack=0,
flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD,
child_tidptr=0x7f8721716a10) = -1 ENOMEM (Cannot allocate memory)
Actually I'm agree with EINVAL and a patch is attached to this message.
Thanks.
>
> But ENOMEM isn't appropriate for nesting-depth-exceeded - we shouldn't
> tell the user "you ran out of memory" when he didn't! -EINVAL isn't
> really appropriate either ("Invalid argument") but it has become a
> general you-screwed-up catchall and seems to me to be the most
> appropriate errno we have available.
>
Download attachment "0001-pidns-limit-the-nesting-depth-of-pid-namespaces-v2.patch" of type "application/octet-stream" (2566 bytes)
Powered by blists - more mailing lists