From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1825DC433EF for ; Tue, 15 Mar 2022 12:18:05 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 793F18D0002; Tue, 15 Mar 2022 08:18:04 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 71D0F8D0001; Tue, 15 Mar 2022 08:18:04 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 596718D0002; Tue, 15 Mar 2022 08:18:04 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0008.hostedemail.com [216.40.44.8]) by kanga.kvack.org (Postfix) with ESMTP id 4450E8D0001 for ; Tue, 15 Mar 2022 08:18:04 -0400 (EDT) Received: from smtpin22.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id EE05E181DB388 for ; Tue, 15 Mar 2022 12:18:03 +0000 (UTC) X-FDA: 79246522446.22.1E0055D Received: from szxga01-in.huawei.com (szxga01-in.huawei.com [45.249.212.187]) by imf28.hostedemail.com (Postfix) with ESMTP id 3CD96C0002 for ; Tue, 15 Mar 2022 12:18:02 +0000 (UTC) Received: from canpemm500002.china.huawei.com (unknown [172.30.72.56]) by szxga01-in.huawei.com (SkyGuard) with ESMTP id 4KHsp71FW2zfYtJ; Tue, 15 Mar 2022 20:16:31 +0800 (CST) Received: from [10.174.177.76] (10.174.177.76) by canpemm500002.china.huawei.com (7.192.104.244) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.21; Tue, 15 Mar 2022 20:17:57 +0800 Subject: Re: [PATCH v2] mm/mlock: fix potential imbalanced rlimit ucounts adjustment To: "Eric W. Biederman" CC: , , , , Alexey Gladkov References: <20220314064039.62972-1-linmiaohe@huawei.com> <87h78036hl.fsf@email.froward.int.ebiederm.org> From: Miaohe Lin Message-ID: <82cf5aa8-a721-3ff3-7b09-54a66da0d506@huawei.com> Date: Tue, 15 Mar 2022 20:17:57 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.6.0 MIME-Version: 1.0 In-Reply-To: <87h78036hl.fsf@email.froward.int.ebiederm.org> Content-Type: text/plain; charset="utf-8" Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [10.174.177.76] X-ClientProxiedBy: dggems704-chm.china.huawei.com (10.3.19.181) To canpemm500002.china.huawei.com (7.192.104.244) X-CFilter-Loop: Reflected X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: 3CD96C0002 X-Stat-Signature: nxfc3zgt15orsgwi4smufj1kn4rf9moo Authentication-Results: imf28.hostedemail.com; dkim=none; dmarc=pass (policy=quarantine) header.from=huawei.com; spf=pass (imf28.hostedemail.com: domain of linmiaohe@huawei.com designates 45.249.212.187 as permitted sender) smtp.mailfrom=linmiaohe@huawei.com X-Rspam-User: X-HE-Tag: 1647346682-621023 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 2022/3/14 23:21, Eric W. Biederman wrote: > Miaohe Lin writes: > >> user_shm_lock forgets to set allowed to 0 when get_ucounts fails. So >> the later user_shm_unlock might do the extra dec_rlimit_ucounts. Fix >> this by resetting allowed to 0. > > This fix looks correct. But the ability for people to follow and read > the code seems questionable. I saw in v1 of this patch Hugh originally > misread the logic. > > Could we instead change the code to leave lock_limit at ULONG_MAX aka > RLIM_INFINITY, leave initialized to 0, and not even need a special case > of RLIM_INFINITY as nothing can be greater that ULONG_MAX? > Many thanks for your advice. This looks good but it seems this results in different behavior: When (memlock == LONG_MAX) && !capable(CAP_IPC_LOCK), we would fail now while it will always success without this change. We should avoid this difference. Or am I miss something? Maybe the origin patch is more suitable and simple? Thanks. > Something like this? > > diff --git a/mm/mlock.c b/mm/mlock.c > index 8f584eddd305..e7eabf5193ab 100644 > --- a/mm/mlock.c > +++ b/mm/mlock.c > @@ -827,13 +827,12 @@ int user_shm_lock(size_t size, struct ucounts *ucounts) > > locked = (size + PAGE_SIZE - 1) >> PAGE_SHIFT; > lock_limit = rlimit(RLIMIT_MEMLOCK); > - if (lock_limit == RLIM_INFINITY) > - allowed = 1; > - lock_limit >>= PAGE_SHIFT; > + if (lock_limit != RLIM_INFINITY) > + lock_limit >>= PAGE_SHIFT; > spin_lock(&shmlock_user_lock); > memlock = inc_rlimit_ucounts(ucounts, UCOUNT_RLIMIT_MEMLOCK, locked); > > - if (!allowed && (memlock == LONG_MAX || memlock > lock_limit) && !capable(CAP_IPC_LOCK)) { > + if ((memlock == LONG_MAX || memlock > lock_limit) && !capable(CAP_IPC_LOCK)) { > dec_rlimit_ucounts(ucounts, UCOUNT_RLIMIT_MEMLOCK, locked); > goto out; > } > >> >> Fixes: d7c9e99aee48 ("Reimplement RLIMIT_MEMLOCK on top of ucounts") >> Signed-off-by: Miaohe Lin >> Acked-by: Hugh Dickins >> --- >> v1->v2: >> correct Fixes tag and collect Acked-by tag >> Thanks Hugh for review! >> --- >> mm/mlock.c | 1 + >> 1 file changed, 1 insertion(+) >> >> diff --git a/mm/mlock.c b/mm/mlock.c >> index 29372c0eebe5..efd2dd2943de 100644 >> --- a/mm/mlock.c >> +++ b/mm/mlock.c >> @@ -733,6 +733,7 @@ int user_shm_lock(size_t size, struct ucounts *ucounts) >> } >> if (!get_ucounts(ucounts)) { >> dec_rlimit_ucounts(ucounts, UCOUNT_RLIMIT_MEMLOCK, locked); >> + allowed = 0; >> goto out; >> } >> allowed = 1; > > Eric > . >