[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5aac35f0-77e3-5693-ddf0-a03695ff1192@redhat.com>
Date: Wed, 2 May 2018 09:23:58 -0400
From: Waiman Long <longman@...hat.com>
To: "Eric W. Biederman" <ebiederm@...ssion.com>
Cc: "Luis R. Rodriguez" <mcgrof@...nel.org>,
Kees Cook <keescook@...omium.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Jonathan Corbet <corbet@....net>, linux-kernel@...r.kernel.org,
linux-fsdevel@...r.kernel.org, linux-doc@...r.kernel.org,
Al Viro <viro@...iv.linux.org.uk>,
Matthew Wilcox <willy@...radead.org>
Subject: Re: [PATCH v6 0/8] ipc: Clamp *mni to the real IPCMNI limit &
increase that limit
On 05/01/2018 10:18 PM, Eric W. Biederman wrote:
>
>> The sysctl parameters msgmni, shmmni and semmni have an inherent limit
>> of IPC_MNI (32k). However, users may not be aware of that because they
>> can write a value much higher than that without getting any error or
>> notification. Reading the parameters back will show the newly written
>> values which are not real.
>>
>> Enforcing the limit by failing sysctl parameter write, however, may
>> cause regressions if existing user setup scripts set those parameters
>> above 32k as those scripts will now fail in this case.
> I have a serious problem with this approach. Have you made any effort
> to identify any code that sets these values above 32k? Have you looked
> to see if these applications actually care if you return an error when
> a value is set too large?
It is not that an application cares about if an error is returned or
not. Most applications don't care. It is that if an error is returned,
it means that the sysctl parameter isn't change at all instead of being
set to a large value and then internally clamped to a smaller number
which is still bigger than the original value. That is what can break an
application because the sysctl parameters may be just too small for the
application.
> Right now this seems like a lot of work to avoid breaking applications
> and or users that may or may not exist. If you can find something that
> will care sure. We need to avoid breaking userspace and causing
> regressions. However as this stands it looks you are making maintenance
> of the kernel more difficult to avoid having to look to see if there are
> monsters under the bed.
I shall admit that it can be hard to find applications that will
explicitly need that as we usually don't have access to the applications
that the customers have. It is more a correctness issue where the
existing code is kind of lying about what can actually be supported. I
just want to make the users more aware of what the right limits are.
Cheers,
Longman
Powered by blists - more mailing lists