* [PATCH v5 1/9] sysctl: Add flags to support min/max range clamping
2018-03-16 18:13 [PATCH v5 0/9] ipc: Clamp *mni to the real IPCMNI limit & increase that limit Waiman Long
@ 2018-03-16 18:13 ` Waiman Long
2018-03-17 1:10 ` Luis R. Rodriguez
2018-03-16 18:13 ` [PATCH v5 2/9] proc/sysctl: Provide additional ctl_table.flags checks Waiman Long
` (8 subsequent siblings)
9 siblings, 1 reply; 20+ messages in thread
From: Waiman Long @ 2018-03-16 18:13 UTC (permalink / raw)
To: Luis R. Rodriguez, Kees Cook
Cc: linux-kernel, linux-fsdevel, linux-doc, Jonathan Corbet,
Andrew Morton, Al Viro, Matthew Wilcox, Eric W. Biederman,
Waiman Long
When minimum/maximum values are specified for a sysctl parameter in
the ctl_table structure with proc_dointvec_minmax() handler, update
to that parameter will fail with error if the given value is outside
of the required range.
There are use cases where it may be better to clamp the value of
the sysctl parameter to the given range without failing the update,
especially if the users are not aware of the actual range limits.
Reading the value back after the update will now be a good practice
to see if the provided value exceeds the range limits.
To provide this less restrictive form of range checking, a new flags
field is added to the ctl_table structure. The new field is a 16-bit
value that just fits into the hole left by the 16-bit umode_t field
without increasing the size of the structure.
When the CTL_FLAGS_CLAMP_RANGE flag is set in the ctl_table
entry, any update from the userspace will be clamped to the given
range without error if either the proc_dointvec_minmax() or the
proc_douintvec_minmax() handlers is used.
The clamped value is either the maximum or minimum value that is
closest to the input value provided by the user.
Signed-off-by: Waiman Long <longman@redhat.com>
---
include/linux/sysctl.h | 20 ++++++++++++++++++++
kernel/sysctl.c | 48 +++++++++++++++++++++++++++++++++++++++---------
2 files changed, 59 insertions(+), 9 deletions(-)
diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
index b769ecf..e446e1f 100644
--- a/include/linux/sysctl.h
+++ b/include/linux/sysctl.h
@@ -116,6 +116,7 @@ struct ctl_table
void *data;
int maxlen;
umode_t mode;
+ uint16_t flags;
struct ctl_table *child; /* Deprecated */
proc_handler *proc_handler; /* Callback for text formatting */
struct ctl_table_poll *poll;
@@ -123,6 +124,25 @@ struct ctl_table
void *extra2;
} __randomize_layout;
+/**
+ * enum ctl_table_flags - flags for the ctl table (struct ctl_table.flags)
+ *
+ * @CTL_FLAGS_CLAMP_RANGE: Set to indicate that the entry should be
+ * flexibly clamped to the provided min/max value in case the user
+ * provided a value outside of the given range. The clamped value is
+ * either the provided minimum or maximum value that is closest to
+ * the input value. No lower bound or upper bound checking will be
+ * done if the corresponding minimum or maximum value isn't provided.
+ *
+ * At most 16 different flags are allowed.
+ */
+enum ctl_table_flags {
+ CTL_FLAGS_CLAMP_RANGE = BIT(0),
+ __CTL_FLAGS_MAX = BIT(1),
+};
+
+#define CTL_TABLE_FLAGS_ALL (__CTL_FLAGS_MAX - 1)
+
struct ctl_node {
struct rb_node node;
struct ctl_table_header *header;
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index d2aa6b4..af351ed 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -2504,6 +2504,7 @@ static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write,
* struct do_proc_dointvec_minmax_conv_param - proc_dointvec_minmax() range checking structure
* @min: pointer to minimum allowable value
* @max: pointer to maximum allowable value
+ * @flags: pointer to flags
*
* The do_proc_dointvec_minmax_conv_param structure provides the
* minimum and maximum values for doing range checking for those sysctl
@@ -2512,6 +2513,7 @@ static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write,
struct do_proc_dointvec_minmax_conv_param {
int *min;
int *max;
+ uint16_t *flags;
};
static int do_proc_dointvec_minmax_conv(bool *negp, unsigned long *lvalp,
@@ -2521,9 +2523,21 @@ static int do_proc_dointvec_minmax_conv(bool *negp, unsigned long *lvalp,
struct do_proc_dointvec_minmax_conv_param *param = data;
if (write) {
int val = *negp ? -*lvalp : *lvalp;
- if ((param->min && *param->min > val) ||
- (param->max && *param->max < val))
- return -EINVAL;
+ bool clamp = param->flags &&
+ (*param->flags & CTL_FLAGS_CLAMP_RANGE);
+
+ if (param->min && *param->min > val) {
+ if (clamp)
+ val = *param->min;
+ else
+ return -EINVAL;
+ }
+ if (param->max && *param->max < val) {
+ if (clamp)
+ val = *param->max;
+ else
+ return -EINVAL;
+ }
*valp = val;
} else {
int val = *valp;
@@ -2552,7 +2566,8 @@ static int do_proc_dointvec_minmax_conv(bool *negp, unsigned long *lvalp,
* This routine will ensure the values are within the range specified by
* table->extra1 (min) and table->extra2 (max).
*
- * Returns 0 on success or -EINVAL on write when the range check fails.
+ * Returns 0 on success or -EINVAL on write when the range check fails
+ * without the CTL_FLAGS_CLAMP_RANGE flag.
*/
int proc_dointvec_minmax(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
@@ -2560,6 +2575,7 @@ int proc_dointvec_minmax(struct ctl_table *table, int write,
struct do_proc_dointvec_minmax_conv_param param = {
.min = (int *) table->extra1,
.max = (int *) table->extra2,
+ .flags = &table->flags,
};
return do_proc_dointvec(table, write, buffer, lenp, ppos,
do_proc_dointvec_minmax_conv, ¶m);
@@ -2569,6 +2585,7 @@ int proc_dointvec_minmax(struct ctl_table *table, int write,
* struct do_proc_douintvec_minmax_conv_param - proc_douintvec_minmax() range checking structure
* @min: pointer to minimum allowable value
* @max: pointer to maximum allowable value
+ * @flags: pointer to flags
*
* The do_proc_douintvec_minmax_conv_param structure provides the
* minimum and maximum values for doing range checking for those sysctl
@@ -2577,6 +2594,7 @@ int proc_dointvec_minmax(struct ctl_table *table, int write,
struct do_proc_douintvec_minmax_conv_param {
unsigned int *min;
unsigned int *max;
+ uint16_t *flags;
};
static int do_proc_douintvec_minmax_conv(unsigned long *lvalp,
@@ -2587,14 +2605,24 @@ static int do_proc_douintvec_minmax_conv(unsigned long *lvalp,
if (write) {
unsigned int val = *lvalp;
+ bool clamp = param->flags &&
+ (*param->flags & CTL_FLAGS_CLAMP_RANGE);
if (*lvalp > UINT_MAX)
return -EINVAL;
- if ((param->min && *param->min > val) ||
- (param->max && *param->max < val))
- return -ERANGE;
-
+ if (param->min && *param->min > val) {
+ if (clamp)
+ val = *param->min;
+ else
+ return -ERANGE;
+ }
+ if (param->max && *param->max < val) {
+ if (clamp)
+ val = *param->max;
+ else
+ return -ERANGE;
+ }
*valp = val;
} else {
unsigned int val = *valp;
@@ -2621,7 +2649,8 @@ static int do_proc_douintvec_minmax_conv(unsigned long *lvalp,
* check for UINT_MAX to avoid having to support wrap around uses from
* userspace.
*
- * Returns 0 on success or -ERANGE on write when the range check fails.
+ * Returns 0 on success or -ERANGE on write when the range check fails
+ * without the CTL_FLAGS_CLAMP_RANGE flag.
*/
int proc_douintvec_minmax(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
@@ -2629,6 +2658,7 @@ int proc_douintvec_minmax(struct ctl_table *table, int write,
struct do_proc_douintvec_minmax_conv_param param = {
.min = (unsigned int *) table->extra1,
.max = (unsigned int *) table->extra2,
+ .flags = &table->flags,
};
return do_proc_douintvec(table, write, buffer, lenp, ppos,
do_proc_douintvec_minmax_conv, ¶m);
--
1.8.3.1
^ permalink raw reply related [flat|nested] 20+ messages in thread
* Re: [PATCH v5 1/9] sysctl: Add flags to support min/max range clamping
2018-03-16 18:13 ` [PATCH v5 1/9] sysctl: Add flags to support min/max range clamping Waiman Long
@ 2018-03-17 1:10 ` Luis R. Rodriguez
2018-03-19 15:39 ` Waiman Long
0 siblings, 1 reply; 20+ messages in thread
From: Luis R. Rodriguez @ 2018-03-17 1:10 UTC (permalink / raw)
To: Waiman Long
Cc: Luis R. Rodriguez, Kees Cook, linux-kernel, linux-fsdevel,
linux-doc, Jonathan Corbet, Andrew Morton, Al Viro,
Matthew Wilcox, Eric W. Biederman
On Fri, Mar 16, 2018 at 02:13:42PM -0400, Waiman Long wrote:
> When the CTL_FLAGS_CLAMP_RANGE flag is set in the ctl_table
> entry, any update from the userspace will be clamped to the given
> range without error if either the proc_dointvec_minmax() or the
> proc_douintvec_minmax() handlers is used.
I don't get it. Why define a generic range flag when we can be mores specific and
you do that in your next patch. What's the point of this flag then?
Luis
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH v5 1/9] sysctl: Add flags to support min/max range clamping
2018-03-17 1:10 ` Luis R. Rodriguez
@ 2018-03-19 15:39 ` Waiman Long
2018-03-29 18:15 ` Luis R. Rodriguez
0 siblings, 1 reply; 20+ messages in thread
From: Waiman Long @ 2018-03-19 15:39 UTC (permalink / raw)
To: Luis R. Rodriguez
Cc: Kees Cook, linux-kernel, linux-fsdevel, linux-doc,
Jonathan Corbet, Andrew Morton, Al Viro, Matthew Wilcox,
Eric W. Biederman
On 03/16/2018 09:10 PM, Luis R. Rodriguez wrote:
> On Fri, Mar 16, 2018 at 02:13:42PM -0400, Waiman Long wrote:
>> When the CTL_FLAGS_CLAMP_RANGE flag is set in the ctl_table
>> entry, any update from the userspace will be clamped to the given
>> range without error if either the proc_dointvec_minmax() or the
>> proc_douintvec_minmax() handlers is used.
> I don't get it. Why define a generic range flag when we can be mores specific and
> you do that in your next patch. What's the point of this flag then?
>
> Luis
I was thinking about using the signed/unsigned bits as just annotations
for ranges for future extension. For the purpose of this patchset alone,
I can merge the three bits into just two.
Cheers,
Longman
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH v5 1/9] sysctl: Add flags to support min/max range clamping
2018-03-19 15:39 ` Waiman Long
@ 2018-03-29 18:15 ` Luis R. Rodriguez
2018-03-29 18:47 ` Waiman Long
0 siblings, 1 reply; 20+ messages in thread
From: Luis R. Rodriguez @ 2018-03-29 18:15 UTC (permalink / raw)
To: Waiman Long
Cc: Luis R. Rodriguez, Kees Cook, linux-kernel, linux-fsdevel,
linux-doc, Jonathan Corbet, Andrew Morton, Al Viro,
Matthew Wilcox, Eric W. Biederman
On Mon, Mar 19, 2018 at 11:39:19AM -0400, Waiman Long wrote:
> On 03/16/2018 09:10 PM, Luis R. Rodriguez wrote:
> > On Fri, Mar 16, 2018 at 02:13:42PM -0400, Waiman Long wrote:
> >> When the CTL_FLAGS_CLAMP_RANGE flag is set in the ctl_table
> >> entry, any update from the userspace will be clamped to the given
> >> range without error if either the proc_dointvec_minmax() or the
> >> proc_douintvec_minmax() handlers is used.
> > I don't get it. Why define a generic range flag when we can be mores specific and
> > you do that in your next patch. What's the point of this flag then?
> >
> > Luis
>
> I was thinking about using the signed/unsigned bits as just annotations
> for ranges for future extension. For the purpose of this patchset alone,
> I can merge the three bits into just two.
Only introduce flags which you will actually use in the same patch series.
Luis
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH v5 1/9] sysctl: Add flags to support min/max range clamping
2018-03-29 18:15 ` Luis R. Rodriguez
@ 2018-03-29 18:47 ` Waiman Long
2018-03-29 18:56 ` Luis R. Rodriguez
0 siblings, 1 reply; 20+ messages in thread
From: Waiman Long @ 2018-03-29 18:47 UTC (permalink / raw)
To: Luis R. Rodriguez
Cc: Kees Cook, linux-kernel, linux-fsdevel, linux-doc,
Jonathan Corbet, Andrew Morton, Al Viro, Matthew Wilcox,
Eric W. Biederman
On 03/29/2018 02:15 PM, Luis R. Rodriguez wrote:
> On Mon, Mar 19, 2018 at 11:39:19AM -0400, Waiman Long wrote:
>> On 03/16/2018 09:10 PM, Luis R. Rodriguez wrote:
>>> On Fri, Mar 16, 2018 at 02:13:42PM -0400, Waiman Long wrote:
>>>> When the CTL_FLAGS_CLAMP_RANGE flag is set in the ctl_table
>>>> entry, any update from the userspace will be clamped to the given
>>>> range without error if either the proc_dointvec_minmax() or the
>>>> proc_douintvec_minmax() handlers is used.
>>> I don't get it. Why define a generic range flag when we can be mores specific and
>>> you do that in your next patch. What's the point of this flag then?
>>>
>>> Luis
>> I was thinking about using the signed/unsigned bits as just annotations
>> for ranges for future extension. For the purpose of this patchset alone,
>> I can merge the three bits into just two.
> Only introduce flags which you will actually use in the same patch series.
>
> Luis
Yes, will do. Since the merge window is coming, should I wait until it
is over to send out the new patch?
Cheers,
Longman
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH v5 1/9] sysctl: Add flags to support min/max range clamping
2018-03-29 18:47 ` Waiman Long
@ 2018-03-29 18:56 ` Luis R. Rodriguez
0 siblings, 0 replies; 20+ messages in thread
From: Luis R. Rodriguez @ 2018-03-29 18:56 UTC (permalink / raw)
To: Waiman Long
Cc: Luis R. Rodriguez, Kees Cook, linux-kernel, linux-fsdevel,
linux-doc, Jonathan Corbet, Andrew Morton, Al Viro,
Matthew Wilcox, Eric W. Biederman
On Thu, Mar 29, 2018 at 02:47:18PM -0400, Waiman Long wrote:
> On 03/29/2018 02:15 PM, Luis R. Rodriguez wrote:
> > On Mon, Mar 19, 2018 at 11:39:19AM -0400, Waiman Long wrote:
> >> On 03/16/2018 09:10 PM, Luis R. Rodriguez wrote:
> >>> On Fri, Mar 16, 2018 at 02:13:42PM -0400, Waiman Long wrote:
> >>>> When the CTL_FLAGS_CLAMP_RANGE flag is set in the ctl_table
> >>>> entry, any update from the userspace will be clamped to the given
> >>>> range without error if either the proc_dointvec_minmax() or the
> >>>> proc_douintvec_minmax() handlers is used.
> >>> I don't get it. Why define a generic range flag when we can be mores specific and
> >>> you do that in your next patch. What's the point of this flag then?
> >>>
> >>> Luis
> >> I was thinking about using the signed/unsigned bits as just annotations
> >> for ranges for future extension. For the purpose of this patchset alone,
> >> I can merge the three bits into just two.
> > Only introduce flags which you will actually use in the same patch series.
> >
> > Luis
>
> Yes, will do. Since the merge window is coming, should I wait until it
> is over to send out the new patch?
Probably best. May be too tight for review now if Linus spins out a release
this weekend.
Luis
^ permalink raw reply [flat|nested] 20+ messages in thread
* [PATCH v5 2/9] proc/sysctl: Provide additional ctl_table.flags checks
2018-03-16 18:13 [PATCH v5 0/9] ipc: Clamp *mni to the real IPCMNI limit & increase that limit Waiman Long
2018-03-16 18:13 ` [PATCH v5 1/9] sysctl: Add flags to support min/max range clamping Waiman Long
@ 2018-03-16 18:13 ` Waiman Long
2018-03-17 0:54 ` Luis R. Rodriguez
2018-03-16 18:13 ` [PATCH v5 3/9] sysctl: Warn when a clamped sysctl parameter is set out of range Waiman Long
` (7 subsequent siblings)
9 siblings, 1 reply; 20+ messages in thread
From: Waiman Long @ 2018-03-16 18:13 UTC (permalink / raw)
To: Luis R. Rodriguez, Kees Cook
Cc: linux-kernel, linux-fsdevel, linux-doc, Jonathan Corbet,
Andrew Morton, Al Viro, Matthew Wilcox, Eric W. Biederman,
Waiman Long
Checking code is added to provide the following additional
ctl_table.flags checks:
1) No unknown flag is allowed.
2) Minimum of a range cannot be larger than the maximum value.
3) The signed and unsigned flags are mutually exclusive.
4) The proc_handler should be consistent with the signed or unsigned
flags.
Two new flags are added to indicate if the min/max values are signed
or unsigned - CTL_FLAGS_SIGNED_RANGE & CTL_FLAGS_UNSIGNED_RANGE.
These 2 flags can be optionally enabled for range checking purpose.
But either one of them must be set with CTL_FLAGS_CLAMP_RANGE.
Signed-off-by: Waiman Long <longman@redhat.com>
---
fs/proc/proc_sysctl.c | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++
include/linux/sysctl.h | 16 +++++++++++--
2 files changed, 76 insertions(+), 2 deletions(-)
diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
index 493c975..2863ea1 100644
--- a/fs/proc/proc_sysctl.c
+++ b/fs/proc/proc_sysctl.c
@@ -1092,6 +1092,66 @@ static int sysctl_check_table_array(const char *path, struct ctl_table *table)
return err;
}
+static int sysctl_check_flags(const char *path, struct ctl_table *table)
+{
+ int err = 0;
+ uint16_t sign_flags = CTL_FLAGS_SIGNED_RANGE|CTL_FLAGS_UNSIGNED_RANGE;
+
+ if ((table->flags & ~CTL_TABLE_FLAGS_ALL) ||
+ ((table->flags & sign_flags) == sign_flags))
+ err = sysctl_err(path, table, "invalid flags");
+
+ if (table->flags & (CTL_FLAGS_CLAMP_RANGE | sign_flags)) {
+ int range_err = 0;
+ bool is_int = (table->maxlen == sizeof(int));
+
+ if (!is_int && (table->maxlen != sizeof(long))) {
+ range_err++;
+ } else if (!table->extra1 || !table->extra2) {
+ /* No min > max checking needed */
+ } else if (table->flags & CTL_FLAGS_UNSIGNED_RANGE) {
+ unsigned long min, max;
+
+ min = is_int ? *(unsigned int *)table->extra1
+ : *(unsigned long *)table->extra1;
+ max = is_int ? *(unsigned int *)table->extra2
+ : *(unsigned long *)table->extra2;
+ range_err += (min > max);
+ } else if (table->flags & CTL_FLAGS_SIGNED_RANGE) {
+
+ long min, max;
+
+ min = is_int ? *(int *)table->extra1
+ : *(long *)table->extra1;
+ max = is_int ? *(int *)table->extra2
+ : *(long *)table->extra2;
+ range_err += (min > max);
+ } else {
+ /*
+ * Either CTL_FLAGS_UNSIGNED_RANGE or
+ * CTL_FLAGS_SIGNED_RANGE should be set.
+ */
+ range_err++;
+ }
+
+ /*
+ * proc_handler and flag consistency check.
+ */
+ if (((table->proc_handler == proc_douintvec_minmax) ||
+ (table->proc_handler == proc_doulongvec_minmax)) &&
+ !(table->flags & CTL_FLAGS_UNSIGNED_RANGE))
+ range_err++;
+
+ if ((table->proc_handler == proc_dointvec_minmax) &&
+ !(table->flags & CTL_FLAGS_SIGNED_RANGE))
+ range_err++;
+
+ if (range_err)
+ err |= sysctl_err(path, table, "Invalid range");
+ }
+ return err;
+}
+
static int sysctl_check_table(const char *path, struct ctl_table *table)
{
int err = 0;
@@ -1111,6 +1171,8 @@ static int sysctl_check_table(const char *path, struct ctl_table *table)
(table->proc_handler == proc_doulongvec_ms_jiffies_minmax)) {
if (!table->data)
err |= sysctl_err(path, table, "No data");
+ if (table->flags)
+ err |= sysctl_check_flags(path, table);
if (!table->maxlen)
err |= sysctl_err(path, table, "No maxlen");
else
diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
index e446e1f..088f032 100644
--- a/include/linux/sysctl.h
+++ b/include/linux/sysctl.h
@@ -134,14 +134,26 @@ struct ctl_table
* the input value. No lower bound or upper bound checking will be
* done if the corresponding minimum or maximum value isn't provided.
*
+ * @CTL_FLAGS_SIGNED_RANGE: Set to indicate that the extra1 and extra2
+ * fields are pointers to minimum and maximum signed values of
+ * an allowable range.
+ *
+ * @CTL_FLAGS_UNSIGNED_RANGE: Set to indicate that the extra1 and extra2
+ * fields are pointers to minimum and maximum unsigned values of
+ * an allowable range.
+ *
* At most 16 different flags are allowed.
*/
enum ctl_table_flags {
CTL_FLAGS_CLAMP_RANGE = BIT(0),
- __CTL_FLAGS_MAX = BIT(1),
+ CTL_FLAGS_SIGNED_RANGE = BIT(1),
+ CTL_FLAGS_UNSIGNED_RANGE = BIT(2),
+ __CTL_FLAGS_MAX = BIT(3),
};
-#define CTL_TABLE_FLAGS_ALL (__CTL_FLAGS_MAX - 1)
+#define CTL_TABLE_FLAGS_ALL (__CTL_FLAGS_MAX - 1)
+#define CTL_FLAGS_CLAMP_RANGE_SIGNED (CTL_FLAGS_CLAMP_RANGE|CTL_FLAGS_SIGNED_RANGE)
+#define CTL_FLAGS_CLAMP_RANGE_UNSIGNED (CTL_FLAGS_CLAMP_RANGE|CTL_FLAGS_UNSIGNED_RANGE)
struct ctl_node {
struct rb_node node;
--
1.8.3.1
^ permalink raw reply related [flat|nested] 20+ messages in thread
* Re: [PATCH v5 2/9] proc/sysctl: Provide additional ctl_table.flags checks
2018-03-16 18:13 ` [PATCH v5 2/9] proc/sysctl: Provide additional ctl_table.flags checks Waiman Long
@ 2018-03-17 0:54 ` Luis R. Rodriguez
2018-03-19 15:35 ` Waiman Long
0 siblings, 1 reply; 20+ messages in thread
From: Luis R. Rodriguez @ 2018-03-17 0:54 UTC (permalink / raw)
To: Waiman Long
Cc: Luis R. Rodriguez, Kees Cook, linux-kernel, linux-fsdevel,
linux-doc, Jonathan Corbet, Andrew Morton, Al Viro,
Matthew Wilcox, Eric W. Biederman
On Fri, Mar 16, 2018 at 02:13:43PM -0400, Waiman Long wrote:
> Checking code is added to provide the following additional
> ctl_table.flags checks:
>
> 1) No unknown flag is allowed.
> 2) Minimum of a range cannot be larger than the maximum value.
> 3) The signed and unsigned flags are mutually exclusive.
> 4) The proc_handler should be consistent with the signed or unsigned
> flags.
>
> Two new flags are added to indicate if the min/max values are signed
> or unsigned - CTL_FLAGS_SIGNED_RANGE & CTL_FLAGS_UNSIGNED_RANGE.
> These 2 flags can be optionally enabled for range checking purpose.
> But either one of them must be set with CTL_FLAGS_CLAMP_RANGE.
>
> Signed-off-by: Waiman Long <longman@redhat.com>
> ---
> diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
> index e446e1f..088f032 100644
> --- a/include/linux/sysctl.h
> +++ b/include/linux/sysctl.h
> @@ -134,14 +134,26 @@ struct ctl_table
> * the input value. No lower bound or upper bound checking will be
> * done if the corresponding minimum or maximum value isn't provided.
> *
> + * @CTL_FLAGS_SIGNED_RANGE: Set to indicate that the extra1 and extra2
> + * fields are pointers to minimum and maximum signed values of
> + * an allowable range.
> + *
> + * @CTL_FLAGS_UNSIGNED_RANGE: Set to indicate that the extra1 and extra2
> + * fields are pointers to minimum and maximum unsigned values of
> + * an allowable range.
> + *
> * At most 16 different flags are allowed.
> */
> enum ctl_table_flags {
> CTL_FLAGS_CLAMP_RANGE = BIT(0),
> - __CTL_FLAGS_MAX = BIT(1),
> + CTL_FLAGS_SIGNED_RANGE = BIT(1),
> + CTL_FLAGS_UNSIGNED_RANGE = BIT(2),
> + __CTL_FLAGS_MAX = BIT(3),
> };
You are adding new flags which the user can set, and yet these are used
internally.
It would be best if internal flags are just that, not flags that a user can set.
This patch should be folded with the first one.
I'm starting to loose hope on these patch sets.
Luis
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH v5 2/9] proc/sysctl: Provide additional ctl_table.flags checks
2018-03-17 0:54 ` Luis R. Rodriguez
@ 2018-03-19 15:35 ` Waiman Long
2018-03-29 18:16 ` Luis R. Rodriguez
0 siblings, 1 reply; 20+ messages in thread
From: Waiman Long @ 2018-03-19 15:35 UTC (permalink / raw)
To: Luis R. Rodriguez
Cc: Kees Cook, linux-kernel, linux-fsdevel, linux-doc,
Jonathan Corbet, Andrew Morton, Al Viro, Matthew Wilcox,
Eric W. Biederman
On 03/16/2018 08:54 PM, Luis R. Rodriguez wrote:
> On Fri, Mar 16, 2018 at 02:13:43PM -0400, Waiman Long wrote:
>> Checking code is added to provide the following additional
>> ctl_table.flags checks:
>>
>> 1) No unknown flag is allowed.
>> 2) Minimum of a range cannot be larger than the maximum value.
>> 3) The signed and unsigned flags are mutually exclusive.
>> 4) The proc_handler should be consistent with the signed or unsigned
>> flags.
>>
>> Two new flags are added to indicate if the min/max values are signed
>> or unsigned - CTL_FLAGS_SIGNED_RANGE & CTL_FLAGS_UNSIGNED_RANGE.
>> These 2 flags can be optionally enabled for range checking purpose.
>> But either one of them must be set with CTL_FLAGS_CLAMP_RANGE.
>>
>> Signed-off-by: Waiman Long <longman@redhat.com>
>> ---
>> diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
>> index e446e1f..088f032 100644
>> --- a/include/linux/sysctl.h
>> +++ b/include/linux/sysctl.h
>> @@ -134,14 +134,26 @@ struct ctl_table
>> * the input value. No lower bound or upper bound checking will be
>> * done if the corresponding minimum or maximum value isn't provided.
>> *
>> + * @CTL_FLAGS_SIGNED_RANGE: Set to indicate that the extra1 and extra2
>> + * fields are pointers to minimum and maximum signed values of
>> + * an allowable range.
>> + *
>> + * @CTL_FLAGS_UNSIGNED_RANGE: Set to indicate that the extra1 and extra2
>> + * fields are pointers to minimum and maximum unsigned values of
>> + * an allowable range.
>> + *
>> * At most 16 different flags are allowed.
>> */
>> enum ctl_table_flags {
>> CTL_FLAGS_CLAMP_RANGE = BIT(0),
>> - __CTL_FLAGS_MAX = BIT(1),
>> + CTL_FLAGS_SIGNED_RANGE = BIT(1),
>> + CTL_FLAGS_UNSIGNED_RANGE = BIT(2),
>> + __CTL_FLAGS_MAX = BIT(3),
>> };
> You are adding new flags which the user can set, and yet these are used
> internally.
>
> It would be best if internal flags are just that, not flags that a user can set.
>
> This patch should be folded with the first one.
>
> I'm starting to loose hope on these patch sets.
>
> Luis
In order to do the correct min > max check, I need to know if the
quantity is signed or not. Just looking at the proc_handler alone is not
a reliable indicator if it is signed or unsigned.
Yes, I can put the signed bit into the previous patch.
-Longman
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH v5 2/9] proc/sysctl: Provide additional ctl_table.flags checks
2018-03-19 15:35 ` Waiman Long
@ 2018-03-29 18:16 ` Luis R. Rodriguez
0 siblings, 0 replies; 20+ messages in thread
From: Luis R. Rodriguez @ 2018-03-29 18:16 UTC (permalink / raw)
To: Waiman Long
Cc: Luis R. Rodriguez, Kees Cook, linux-kernel, linux-fsdevel,
linux-doc, Jonathan Corbet, Andrew Morton, Al Viro,
Matthew Wilcox, Eric W. Biederman
On Mon, Mar 19, 2018 at 11:35:19AM -0400, Waiman Long wrote:
> On 03/16/2018 08:54 PM, Luis R. Rodriguez wrote:
> > On Fri, Mar 16, 2018 at 02:13:43PM -0400, Waiman Long wrote:
> >> Checking code is added to provide the following additional
> >> ctl_table.flags checks:
> >>
> >> 1) No unknown flag is allowed.
> >> 2) Minimum of a range cannot be larger than the maximum value.
> >> 3) The signed and unsigned flags are mutually exclusive.
> >> 4) The proc_handler should be consistent with the signed or unsigned
> >> flags.
> >>
> >> Two new flags are added to indicate if the min/max values are signed
> >> or unsigned - CTL_FLAGS_SIGNED_RANGE & CTL_FLAGS_UNSIGNED_RANGE.
> >> These 2 flags can be optionally enabled for range checking purpose.
> >> But either one of them must be set with CTL_FLAGS_CLAMP_RANGE.
> >>
> >> Signed-off-by: Waiman Long <longman@redhat.com>
> >> ---
> >> diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
> >> index e446e1f..088f032 100644
> >> --- a/include/linux/sysctl.h
> >> +++ b/include/linux/sysctl.h
> >> @@ -134,14 +134,26 @@ struct ctl_table
> >> * the input value. No lower bound or upper bound checking will be
> >> * done if the corresponding minimum or maximum value isn't provided.
> >> *
> >> + * @CTL_FLAGS_SIGNED_RANGE: Set to indicate that the extra1 and extra2
> >> + * fields are pointers to minimum and maximum signed values of
> >> + * an allowable range.
> >> + *
> >> + * @CTL_FLAGS_UNSIGNED_RANGE: Set to indicate that the extra1 and extra2
> >> + * fields are pointers to minimum and maximum unsigned values of
> >> + * an allowable range.
> >> + *
> >> * At most 16 different flags are allowed.
> >> */
> >> enum ctl_table_flags {
> >> CTL_FLAGS_CLAMP_RANGE = BIT(0),
> >> - __CTL_FLAGS_MAX = BIT(1),
> >> + CTL_FLAGS_SIGNED_RANGE = BIT(1),
> >> + CTL_FLAGS_UNSIGNED_RANGE = BIT(2),
> >> + __CTL_FLAGS_MAX = BIT(3),
> >> };
> > You are adding new flags which the user can set, and yet these are used
> > internally.
> >
> > It would be best if internal flags are just that, not flags that a user can set.
> >
> > This patch should be folded with the first one.
> >
> > I'm starting to loose hope on these patch sets.
> >
> > Luis
>
> In order to do the correct min > max check, I need to know if the
> quantity is signed or not. Just looking at the proc_handler alone is not
> a reliable indicator if it is signed or unsigned.
>
> Yes, I can put the signed bit into the previous patch.
Do that and also remove the unused flags. It is confusing as a reviewer
why a flag was added and then you use another flag later. Seriously, please
take a bit more time to review your own patches prior to submission. Each
change should make sense and have use in the patch series.
Luis
^ permalink raw reply [flat|nested] 20+ messages in thread
* [PATCH v5 3/9] sysctl: Warn when a clamped sysctl parameter is set out of range
2018-03-16 18:13 [PATCH v5 0/9] ipc: Clamp *mni to the real IPCMNI limit & increase that limit Waiman Long
2018-03-16 18:13 ` [PATCH v5 1/9] sysctl: Add flags to support min/max range clamping Waiman Long
2018-03-16 18:13 ` [PATCH v5 2/9] proc/sysctl: Provide additional ctl_table.flags checks Waiman Long
@ 2018-03-16 18:13 ` Waiman Long
2018-03-16 18:13 ` [PATCH v5 4/9] ipc: Clamp msgmni and shmmni to the real IPCMNI limit Waiman Long
` (6 subsequent siblings)
9 siblings, 0 replies; 20+ messages in thread
From: Waiman Long @ 2018-03-16 18:13 UTC (permalink / raw)
To: Luis R. Rodriguez, Kees Cook
Cc: linux-kernel, linux-fsdevel, linux-doc, Jonathan Corbet,
Andrew Morton, Al Viro, Matthew Wilcox, Eric W. Biederman,
Waiman Long
Even with clamped sysctl parameters, it is still not that straight
forward to figure out the exact range of those parameters. One may
try to write extreme parameter values to see if they get clamped.
To make it easier, a warning with the expected range will now be
printed into the kernel ring buffer when a clamped sysctl parameter
receives an out of range value.
The pr_warn_ratelimited() macro is used to limit the number of warning
messages that can be printed within a given period of time.
Signed-off-by: Waiman Long <longman@redhat.com>
---
kernel/sysctl.c | 44 ++++++++++++++++++++++++++++++++++++--------
1 file changed, 36 insertions(+), 8 deletions(-)
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index af351ed..a9e3ed4 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -17,6 +17,7 @@
* The list_for_each() macro wasn't appropriate for the sysctl loop.
* Removed it and replaced it with older style, 03/23/00, Bill Wendling
*/
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h>
#include <linux/aio.h>
@@ -2505,6 +2506,7 @@ static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write,
* @min: pointer to minimum allowable value
* @max: pointer to maximum allowable value
* @flags: pointer to flags
+ * @name: sysctl parameter name
*
* The do_proc_dointvec_minmax_conv_param structure provides the
* minimum and maximum values for doing range checking for those sysctl
@@ -2514,6 +2516,7 @@ struct do_proc_dointvec_minmax_conv_param {
int *min;
int *max;
uint16_t *flags;
+ const char *name;
};
static int do_proc_dointvec_minmax_conv(bool *negp, unsigned long *lvalp,
@@ -2521,24 +2524,35 @@ static int do_proc_dointvec_minmax_conv(bool *negp, unsigned long *lvalp,
int write, void *data)
{
struct do_proc_dointvec_minmax_conv_param *param = data;
+
if (write) {
int val = *negp ? -*lvalp : *lvalp;
+ bool clamped = false;
bool clamp = param->flags &&
(*param->flags & CTL_FLAGS_CLAMP_RANGE);
if (param->min && *param->min > val) {
- if (clamp)
+ if (clamp) {
val = *param->min;
- else
+ clamped = true;
+ } else {
return -EINVAL;
+ }
}
if (param->max && *param->max < val) {
- if (clamp)
+ if (clamp) {
val = *param->max;
- else
+ clamped = true;
+ } else {
return -EINVAL;
+ }
}
*valp = val;
+ if (clamped && param->name)
+ pr_warn_ratelimited("\"%s\" was set out of range [%d, %d], clamped to %d.\n",
+ param->name,
+ param->min ? *param->min : -INT_MAX,
+ param->max ? *param->max : INT_MAX, val);
} else {
int val = *valp;
if (val < 0) {
@@ -2576,6 +2590,7 @@ int proc_dointvec_minmax(struct ctl_table *table, int write,
.min = (int *) table->extra1,
.max = (int *) table->extra2,
.flags = &table->flags,
+ .name = table->procname,
};
return do_proc_dointvec(table, write, buffer, lenp, ppos,
do_proc_dointvec_minmax_conv, ¶m);
@@ -2586,6 +2601,7 @@ int proc_dointvec_minmax(struct ctl_table *table, int write,
* @min: pointer to minimum allowable value
* @max: pointer to maximum allowable value
* @flags: pointer to flags
+ * @name: sysctl parameter name
*
* The do_proc_douintvec_minmax_conv_param structure provides the
* minimum and maximum values for doing range checking for those sysctl
@@ -2595,6 +2611,7 @@ struct do_proc_douintvec_minmax_conv_param {
unsigned int *min;
unsigned int *max;
uint16_t *flags;
+ const char *name;
};
static int do_proc_douintvec_minmax_conv(unsigned long *lvalp,
@@ -2605,6 +2622,7 @@ static int do_proc_douintvec_minmax_conv(unsigned long *lvalp,
if (write) {
unsigned int val = *lvalp;
+ bool clamped = false;
bool clamp = param->flags &&
(*param->flags & CTL_FLAGS_CLAMP_RANGE);
@@ -2612,18 +2630,27 @@ static int do_proc_douintvec_minmax_conv(unsigned long *lvalp,
return -EINVAL;
if (param->min && *param->min > val) {
- if (clamp)
+ if (clamp) {
val = *param->min;
- else
+ clamped = true;
+ } else {
return -ERANGE;
+ }
}
if (param->max && *param->max < val) {
- if (clamp)
+ if (clamp) {
val = *param->max;
- else
+ clamped = true;
+ } else {
return -ERANGE;
+ }
}
*valp = val;
+ if (clamped && param->name)
+ pr_warn_ratelimited("\"%s\" was set out of range [%u, %u], clamped to %u.\n",
+ param->name,
+ param->min ? *param->min : 0,
+ param->max ? *param->max : UINT_MAX, val);
} else {
unsigned int val = *valp;
*lvalp = (unsigned long) val;
@@ -2659,6 +2686,7 @@ int proc_douintvec_minmax(struct ctl_table *table, int write,
.min = (unsigned int *) table->extra1,
.max = (unsigned int *) table->extra2,
.flags = &table->flags,
+ .name = table->procname,
};
return do_proc_douintvec(table, write, buffer, lenp, ppos,
do_proc_douintvec_minmax_conv, ¶m);
--
1.8.3.1
^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH v5 4/9] ipc: Clamp msgmni and shmmni to the real IPCMNI limit
2018-03-16 18:13 [PATCH v5 0/9] ipc: Clamp *mni to the real IPCMNI limit & increase that limit Waiman Long
` (2 preceding siblings ...)
2018-03-16 18:13 ` [PATCH v5 3/9] sysctl: Warn when a clamped sysctl parameter is set out of range Waiman Long
@ 2018-03-16 18:13 ` Waiman Long
2018-03-16 18:13 ` [PATCH v5 5/9] ipc: Clamp semmni " Waiman Long
` (5 subsequent siblings)
9 siblings, 0 replies; 20+ messages in thread
From: Waiman Long @ 2018-03-16 18:13 UTC (permalink / raw)
To: Luis R. Rodriguez, Kees Cook
Cc: linux-kernel, linux-fsdevel, linux-doc, Jonathan Corbet,
Andrew Morton, Al Viro, Matthew Wilcox, Eric W. Biederman,
Waiman Long
A user can write arbitrary integer values to msgmni and shmmni sysctl
parameters without getting error, but the actual limit is really
IPCMNI (32k). This can mislead users as they think they can get a
value that is not real.
Enforcing the limit by failing the sysctl parameter write, however,
can break existing user applications. Instead, the range clamping flag
is set to enforce the limit without failing existing user code. Users
can easily figure out if the sysctl parameter value is out of range
by either reading back the parameter value or checking the kernel
ring buffer for warning.
Signed-off-by: Waiman Long <longman@redhat.com>
---
ipc/ipc_sysctl.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/ipc/ipc_sysctl.c b/ipc/ipc_sysctl.c
index 8ad93c2..088721e 100644
--- a/ipc/ipc_sysctl.c
+++ b/ipc/ipc_sysctl.c
@@ -99,6 +99,7 @@ static int proc_ipc_auto_msgmni(struct ctl_table *table, int write,
static int zero;
static int one = 1;
static int int_max = INT_MAX;
+static int ipc_mni = IPCMNI;
static struct ctl_table ipc_kern_table[] = {
{
@@ -120,7 +121,10 @@ static int proc_ipc_auto_msgmni(struct ctl_table *table, int write,
.data = &init_ipc_ns.shm_ctlmni,
.maxlen = sizeof(init_ipc_ns.shm_ctlmni),
.mode = 0644,
- .proc_handler = proc_ipc_dointvec,
+ .proc_handler = proc_ipc_dointvec_minmax,
+ .extra1 = &zero,
+ .extra2 = &ipc_mni,
+ .flags = CTL_FLAGS_CLAMP_RANGE_SIGNED,
},
{
.procname = "shm_rmid_forced",
@@ -147,7 +151,8 @@ static int proc_ipc_auto_msgmni(struct ctl_table *table, int write,
.mode = 0644,
.proc_handler = proc_ipc_dointvec_minmax,
.extra1 = &zero,
- .extra2 = &int_max,
+ .extra2 = &ipc_mni,
+ .flags = CTL_FLAGS_CLAMP_RANGE_SIGNED,
},
{
.procname = "auto_msgmni",
--
1.8.3.1
^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH v5 5/9] ipc: Clamp semmni to the real IPCMNI limit
2018-03-16 18:13 [PATCH v5 0/9] ipc: Clamp *mni to the real IPCMNI limit & increase that limit Waiman Long
` (3 preceding siblings ...)
2018-03-16 18:13 ` [PATCH v5 4/9] ipc: Clamp msgmni and shmmni to the real IPCMNI limit Waiman Long
@ 2018-03-16 18:13 ` Waiman Long
2018-03-16 18:13 ` [PATCH v5 6/9] test_sysctl: Add range clamping test Waiman Long
` (4 subsequent siblings)
9 siblings, 0 replies; 20+ messages in thread
From: Waiman Long @ 2018-03-16 18:13 UTC (permalink / raw)
To: Luis R. Rodriguez, Kees Cook
Cc: linux-kernel, linux-fsdevel, linux-doc, Jonathan Corbet,
Andrew Morton, Al Viro, Matthew Wilcox, Eric W. Biederman,
Waiman Long
For SysV semaphores, the semmni value is the last part of the 4-element
sem number array. To make semmni behave in a similar way to msgmni
and shmmni, we can't directly use the _minmax handler. Instead,
a special sem specific handler is added to check the last argument
to make sure that it is clamped to the [0, IPCMNI] range and prints
a warning message once when an out-of-range value is being written.
This does require duplicating some of the code in the _minmax handlers.
Signed-off-by: Waiman Long <longman@redhat.com>
---
ipc/ipc_sysctl.c | 12 +++++++++++-
ipc/sem.c | 25 +++++++++++++++++++++++++
ipc/util.h | 4 ++++
3 files changed, 40 insertions(+), 1 deletion(-)
diff --git a/ipc/ipc_sysctl.c b/ipc/ipc_sysctl.c
index 088721e..0ad7088 100644
--- a/ipc/ipc_sysctl.c
+++ b/ipc/ipc_sysctl.c
@@ -88,12 +88,22 @@ static int proc_ipc_auto_msgmni(struct ctl_table *table, int write,
return proc_dointvec_minmax(&ipc_table, write, buffer, lenp, ppos);
}
+static int proc_ipc_sem_dointvec(struct ctl_table *table, int write,
+ void __user *buffer, size_t *lenp, loff_t *ppos)
+{
+ int ret = proc_ipc_dointvec(table, write, buffer, lenp, ppos);
+
+ sem_check_semmni(table, current->nsproxy->ipc_ns);
+ return ret;
+}
+
#else
#define proc_ipc_doulongvec_minmax NULL
#define proc_ipc_dointvec NULL
#define proc_ipc_dointvec_minmax NULL
#define proc_ipc_dointvec_minmax_orphans NULL
#define proc_ipc_auto_msgmni NULL
+#define proc_ipc_sem_dointvec NULL
#endif
static int zero;
@@ -177,7 +187,7 @@ static int proc_ipc_auto_msgmni(struct ctl_table *table, int write,
.data = &init_ipc_ns.sem_ctls,
.maxlen = 4*sizeof(int),
.mode = 0644,
- .proc_handler = proc_ipc_dointvec,
+ .proc_handler = proc_ipc_sem_dointvec,
},
#ifdef CONFIG_CHECKPOINT_RESTORE
{
diff --git a/ipc/sem.c b/ipc/sem.c
index a4af049..faf2caa 100644
--- a/ipc/sem.c
+++ b/ipc/sem.c
@@ -2337,3 +2337,28 @@ static int sysvipc_sem_proc_show(struct seq_file *s, void *it)
return 0;
}
#endif
+
+#ifdef CONFIG_PROC_SYSCTL
+/*
+ * Check to see if semmni is out of range and clamp it if necessary.
+ */
+void sem_check_semmni(struct ctl_table *table, struct ipc_namespace *ns)
+{
+ bool clamped = false;
+
+ /*
+ * Clamp semmni to the range [0, IPCMNI].
+ */
+ if (ns->sc_semmni < 0) {
+ ns->sc_semmni = 0;
+ clamped = true;
+ }
+ if (ns->sc_semmni > IPCMNI) {
+ ns->sc_semmni = IPCMNI;
+ clamped = true;
+ }
+ if (clamped)
+ pr_warn_ratelimited("sysctl: \"sem[3]\" was set out of range [%d, %d], clamped to %d.\n",
+ 0, IPCMNI, ns->sc_semmni);
+}
+#endif
diff --git a/ipc/util.h b/ipc/util.h
index 89b8ec1..af57394 100644
--- a/ipc/util.h
+++ b/ipc/util.h
@@ -206,6 +206,10 @@ int ipcget(struct ipc_namespace *ns, struct ipc_ids *ids,
void free_ipcs(struct ipc_namespace *ns, struct ipc_ids *ids,
void (*free)(struct ipc_namespace *, struct kern_ipc_perm *));
+#ifdef CONFIG_PROC_SYSCTL
+extern void sem_check_semmni(struct ctl_table *table, struct ipc_namespace *ns);
+#endif
+
#ifdef CONFIG_COMPAT
#include <linux/compat.h>
struct compat_ipc_perm {
--
1.8.3.1
^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH v5 6/9] test_sysctl: Add range clamping test
2018-03-16 18:13 [PATCH v5 0/9] ipc: Clamp *mni to the real IPCMNI limit & increase that limit Waiman Long
` (4 preceding siblings ...)
2018-03-16 18:13 ` [PATCH v5 5/9] ipc: Clamp semmni " Waiman Long
@ 2018-03-16 18:13 ` Waiman Long
2018-03-16 18:13 ` [PATCH v5 7/9] test_sysctl: Add ctl_table registration failure test Waiman Long
` (3 subsequent siblings)
9 siblings, 0 replies; 20+ messages in thread
From: Waiman Long @ 2018-03-16 18:13 UTC (permalink / raw)
To: Luis R. Rodriguez, Kees Cook
Cc: linux-kernel, linux-fsdevel, linux-doc, Jonathan Corbet,
Andrew Morton, Al Viro, Matthew Wilcox, Eric W. Biederman,
Waiman Long
Add a range clamping test to verify that the input value will be
clamped if it exceeds the builtin maximum or minimum value.
Below is the expected test run result:
Running test: sysctl_test_0006 - run #0
Checking range minimum clamping ... ok
Checking range maximum clamping ... ok
Checking range minimum clamping ... ok
Checking range maximum clamping ... ok
Signed-off-by: Waiman Long <longman@redhat.com>
---
lib/test_sysctl.c | 29 ++++++++++++++++++
tools/testing/selftests/sysctl/sysctl.sh | 52 ++++++++++++++++++++++++++++++++
2 files changed, 81 insertions(+)
diff --git a/lib/test_sysctl.c b/lib/test_sysctl.c
index 3dd801c..7bb4cf7 100644
--- a/lib/test_sysctl.c
+++ b/lib/test_sysctl.c
@@ -38,12 +38,18 @@
static int i_zero;
static int i_one_hundred = 100;
+static int signed_min = -10;
+static int signed_max = 10;
+static unsigned int unsigned_min = 10;
+static unsigned int unsigned_max = 30;
struct test_sysctl_data {
int int_0001;
int int_0002;
int int_0003[4];
+ int range_0001;
+ unsigned int urange_0001;
unsigned int uint_0001;
char string_0001[65];
@@ -58,6 +64,9 @@ struct test_sysctl_data {
.int_0003[2] = 2,
.int_0003[3] = 3,
+ .range_0001 = 0,
+ .urange_0001 = 20,
+
.uint_0001 = 314,
.string_0001 = "(none)",
@@ -102,6 +111,26 @@ struct test_sysctl_data {
.mode = 0644,
.proc_handler = proc_dostring,
},
+ {
+ .procname = "range_0001",
+ .data = &test_data.range_0001,
+ .maxlen = sizeof(test_data.range_0001),
+ .mode = 0644,
+ .proc_handler = proc_dointvec_minmax,
+ .flags = CTL_FLAGS_CLAMP_RANGE_SIGNED,
+ .extra1 = &signed_min,
+ .extra2 = &signed_max,
+ },
+ {
+ .procname = "urange_0001",
+ .data = &test_data.urange_0001,
+ .maxlen = sizeof(test_data.urange_0001),
+ .mode = 0644,
+ .proc_handler = proc_douintvec_minmax,
+ .flags = CTL_FLAGS_CLAMP_RANGE_UNSIGNED,
+ .extra1 = &unsigned_min,
+ .extra2 = &unsigned_max,
+ },
{ }
};
diff --git a/tools/testing/selftests/sysctl/sysctl.sh b/tools/testing/selftests/sysctl/sysctl.sh
index ec232c3..1aa1bba 100755
--- a/tools/testing/selftests/sysctl/sysctl.sh
+++ b/tools/testing/selftests/sysctl/sysctl.sh
@@ -34,6 +34,7 @@ ALL_TESTS="$ALL_TESTS 0002:1:1"
ALL_TESTS="$ALL_TESTS 0003:1:1"
ALL_TESTS="$ALL_TESTS 0004:1:1"
ALL_TESTS="$ALL_TESTS 0005:3:1"
+ALL_TESTS="$ALL_TESTS 0006:1:1"
test_modprobe()
{
@@ -543,6 +544,38 @@ run_stringtests()
test_rc
}
+# TARGET, RANGE_MIN & RANGE_MAX need to be defined before running test.
+run_range_clamping_test()
+{
+ rc=0
+
+ echo -n "Checking range minimum clamping ... "
+ VAL=$((RANGE_MIN - 1))
+ echo -n $VAL > "${TARGET}" 2> /dev/null
+ EXITVAL=$?
+ NEWVAL=$(cat "${TARGET}")
+ if [[ $EXITVAL -ne 0 || $NEWVAL -ne $RANGE_MIN ]]; then
+ echo "FAIL" >&2
+ rc=1
+ else
+ echo "ok"
+ fi
+
+ echo -n "Checking range maximum clamping ... "
+ VAL=$((RANGE_MAX + 1))
+ echo -n $VAL > "${TARGET}" 2> /dev/null
+ EXITVAL=$?
+ NEWVAL=$(cat "${TARGET}")
+ if [[ $EXITVAL -ne 0 || $NEWVAL -ne $RANGE_MAX ]]; then
+ echo "FAIL" >&2
+ rc=1
+ else
+ echo "ok"
+ fi
+
+ test_rc
+}
+
sysctl_test_0001()
{
TARGET="${SYSCTL}/int_0001"
@@ -600,6 +633,25 @@ sysctl_test_0005()
run_limit_digit_int_array
}
+sysctl_test_0006()
+{
+ TARGET="${SYSCTL}/range_0001"
+ ORIG=$(cat "${TARGET}")
+ RANGE_MIN=-10
+ RANGE_MAX=10
+
+ run_range_clamping_test
+ set_orig
+
+ TARGET="${SYSCTL}/urange_0001"
+ ORIG=$(cat "${TARGET}")
+ RANGE_MIN=10
+ RANGE_MAX=30
+
+ run_range_clamping_test
+ set_orig
+}
+
list_tests()
{
echo "Test ID list:"
--
1.8.3.1
^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH v5 7/9] test_sysctl: Add ctl_table registration failure test
2018-03-16 18:13 [PATCH v5 0/9] ipc: Clamp *mni to the real IPCMNI limit & increase that limit Waiman Long
` (5 preceding siblings ...)
2018-03-16 18:13 ` [PATCH v5 6/9] test_sysctl: Add range clamping test Waiman Long
@ 2018-03-16 18:13 ` Waiman Long
2018-03-16 18:13 ` [PATCH v5 8/9] ipc: Allow boot time extension of IPCMNI from 32k to 2M Waiman Long
` (2 subsequent siblings)
9 siblings, 0 replies; 20+ messages in thread
From: Waiman Long @ 2018-03-16 18:13 UTC (permalink / raw)
To: Luis R. Rodriguez, Kees Cook
Cc: linux-kernel, linux-fsdevel, linux-doc, Jonathan Corbet,
Andrew Morton, Al Viro, Matthew Wilcox, Eric W. Biederman,
Waiman Long
Incorrect sysctl tables are constructed and fed to the
register_sysctl_table() function in the test_sysctl kernel module.
The function is supposed to fail the registration of those tables or
an error will be printed if no failure is returned.
The registration failures will cause other warning and error messages
to be printed into the dmesg log, though.
A new test is also added to the sysctl.sh to look for those failure
messages in the dmesg log to see if anything unexpeced happens.
Signed-off-by: Waiman Long <longman@redhat.com>
---
lib/test_sysctl.c | 41 ++++++++++++++++++++++++++++++++
tools/testing/selftests/sysctl/sysctl.sh | 15 ++++++++++++
2 files changed, 56 insertions(+)
diff --git a/lib/test_sysctl.c b/lib/test_sysctl.c
index 7bb4cf7..14853d5 100644
--- a/lib/test_sysctl.c
+++ b/lib/test_sysctl.c
@@ -154,13 +154,54 @@ struct test_sysctl_data {
{ }
};
+static struct ctl_table fail_sysctl_table0[] = {
+ {
+ .procname = "failed_sysctl0",
+ .data = &test_data.range_0001,
+ .maxlen = sizeof(test_data.range_0001),
+ .mode = 0644,
+ .proc_handler = proc_dointvec_minmax,
+ .flags = CTL_FLAGS_CLAMP_RANGE_SIGNED,
+ .extra1 = &signed_max,
+ .extra2 = &signed_min,
+ },
+ { }
+};
+
+static struct ctl_table fail_sysctl_root_table[] = {
+ {
+ .procname = "debug",
+ .maxlen = 0,
+ .mode = 0555,
+ },
+ { }
+};
+
+static struct ctl_table *fail_tables[] = {
+ fail_sysctl_table0, NULL,
+};
+
static struct ctl_table_header *test_sysctl_header;
static int __init test_sysctl_init(void)
{
+ struct ctl_table_header *fail_sysctl_header;
+ int i;
+
test_sysctl_header = register_sysctl_table(test_sysctl_root_table);
if (!test_sysctl_header)
return -ENOMEM;
+
+ for (i = 0; fail_tables[i]; i++) {
+ fail_sysctl_root_table[0].child = fail_tables[i];
+ fail_sysctl_header = register_sysctl_table(fail_sysctl_root_table);
+ if (fail_sysctl_header) {
+ pr_err("fail_tables[%d] registration check failed!\n", i);
+ unregister_sysctl_table(fail_sysctl_header);
+ break;
+ }
+ }
+
return 0;
}
late_initcall(test_sysctl_init);
diff --git a/tools/testing/selftests/sysctl/sysctl.sh b/tools/testing/selftests/sysctl/sysctl.sh
index 1aa1bba..23acdee 100755
--- a/tools/testing/selftests/sysctl/sysctl.sh
+++ b/tools/testing/selftests/sysctl/sysctl.sh
@@ -35,6 +35,7 @@ ALL_TESTS="$ALL_TESTS 0003:1:1"
ALL_TESTS="$ALL_TESTS 0004:1:1"
ALL_TESTS="$ALL_TESTS 0005:3:1"
ALL_TESTS="$ALL_TESTS 0006:1:1"
+ALL_TESTS="$ALL_TESTS 0007:1:1"
test_modprobe()
{
@@ -652,6 +653,20 @@ sysctl_test_0006()
set_orig
}
+sysctl_test_0007()
+{
+ echo "Checking test_sysctl module registration failure test ..."
+ dmesg | grep "sysctl.*fail_tables.*failed"
+ if [[ $? -eq 0 ]]; then
+ echo "FAIL" >&2
+ rc=1
+ else
+ echo "ok"
+ fi
+
+ test_rc
+}
+
list_tests()
{
echo "Test ID list:"
--
1.8.3.1
^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH v5 8/9] ipc: Allow boot time extension of IPCMNI from 32k to 2M
2018-03-16 18:13 [PATCH v5 0/9] ipc: Clamp *mni to the real IPCMNI limit & increase that limit Waiman Long
` (6 preceding siblings ...)
2018-03-16 18:13 ` [PATCH v5 7/9] test_sysctl: Add ctl_table registration failure test Waiman Long
@ 2018-03-16 18:13 ` Waiman Long
2018-03-16 18:13 ` [PATCH v5 9/9] ipc: Conserve sequence numbers in extended IPCMNI mode Waiman Long
2018-03-29 18:19 ` [PATCH v5 0/9] ipc: Clamp *mni to the real IPCMNI limit & increase that limit Luis R. Rodriguez
9 siblings, 0 replies; 20+ messages in thread
From: Waiman Long @ 2018-03-16 18:13 UTC (permalink / raw)
To: Luis R. Rodriguez, Kees Cook
Cc: linux-kernel, linux-fsdevel, linux-doc, Jonathan Corbet,
Andrew Morton, Al Viro, Matthew Wilcox, Eric W. Biederman,
Waiman Long
The maximum number of unique System V IPC identifiers was limited to
32k. That limit should be big enough for most use cases.
However, there are some users out there requesting for more. To satisfy
the need of those users, a new boot time kernel option "ipcmni_extend"
is added to extend the IPCMNI value to 2M. This is a 64X increase which
hopefully is big enough for them.
This new option does have the side effect of reducing the maximum
number of unique sequence numbers from 64k down to 1k. So it is
a trade-off.
Signed-off-by: Waiman Long <longman@redhat.com>
---
Documentation/admin-guide/kernel-parameters.txt | 3 +++
include/linux/ipc.h | 11 ++++++++++-
ipc/ipc_sysctl.c | 12 +++++++++++-
ipc/util.c | 12 ++++++------
ipc/util.h | 18 +++++++++++-------
5 files changed, 41 insertions(+), 15 deletions(-)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 1d1d53f..2be35a4 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -1733,6 +1733,9 @@
ip= [IP_PNP]
See Documentation/filesystems/nfs/nfsroot.txt.
+ ipcmni_extend [KNL] Extend the maximum number of unique System V
+ IPC identifiers from 32768 to 2097152.
+
irqaffinity= [SMP] Set the default irq affinity mask
The argument is a cpu list, as described above.
diff --git a/include/linux/ipc.h b/include/linux/ipc.h
index 821b2f2..3ecd869 100644
--- a/include/linux/ipc.h
+++ b/include/linux/ipc.h
@@ -8,7 +8,16 @@
#include <uapi/linux/ipc.h>
#include <linux/refcount.h>
-#define IPCMNI 32768 /* <= MAX_INT limit for ipc arrays (including sysctl changes) */
+/*
+ * By default, the ipc arrays can have up to 32k (15 bits) entries.
+ * When IPCMNI extension mode is turned on, the ipc arrays can have up
+ * to 2M (21 bits) entries. However, the space for sequence number will
+ * be shrunk from 16 bits to 10 bits.
+ */
+#define IPCMNI_SHIFT 15
+#define IPCMNI_EXTEND_SHIFT 21
+#define IPCMNI (1 << IPCMNI_SHIFT)
+#define IPCMNI_EXTEND (1 << IPCMNI_EXTEND_SHIFT)
/* used by in-kernel data structures */
struct kern_ipc_perm {
diff --git a/ipc/ipc_sysctl.c b/ipc/ipc_sysctl.c
index 0ad7088..5f7cfae 100644
--- a/ipc/ipc_sysctl.c
+++ b/ipc/ipc_sysctl.c
@@ -109,7 +109,8 @@ static int proc_ipc_sem_dointvec(struct ctl_table *table, int write,
static int zero;
static int one = 1;
static int int_max = INT_MAX;
-static int ipc_mni = IPCMNI;
+int ipc_mni __read_mostly = IPCMNI;
+int ipc_mni_shift __read_mostly = IPCMNI_SHIFT;
static struct ctl_table ipc_kern_table[] = {
{
@@ -237,3 +238,12 @@ static int __init ipc_sysctl_init(void)
}
device_initcall(ipc_sysctl_init);
+
+static int __init ipc_mni_extend(char *str)
+{
+ ipc_mni = IPCMNI_EXTEND;
+ ipc_mni_shift = IPCMNI_EXTEND_SHIFT;
+ pr_info("IPCMNI extended to %d.\n", ipc_mni);
+ return 0;
+}
+early_param("ipcmni_extend", ipc_mni_extend);
diff --git a/ipc/util.c b/ipc/util.c
index 4ed5a17..daee305 100644
--- a/ipc/util.c
+++ b/ipc/util.c
@@ -112,7 +112,7 @@ static int __init ipc_init(void)
* @ids: ipc identifier set
*
* Set up the sequence range to use for the ipc identifier range (limited
- * below IPCMNI) then initialise the keys hashtable and ids idr.
+ * below ipc_mni) then initialise the keys hashtable and ids idr.
*/
int ipc_init_ids(struct ipc_ids *ids)
{
@@ -213,7 +213,7 @@ static inline int ipc_buildid(int id, struct ipc_ids *ids,
ids->next_id = -1;
}
- return SEQ_MULTIPLIER * new->seq + id;
+ return (new->seq << SEQ_SHIFT) + id;
}
#else
@@ -227,7 +227,7 @@ static inline int ipc_buildid(int id, struct ipc_ids *ids,
if (ids->seq > IPCID_SEQ_MAX)
ids->seq = 0;
- return SEQ_MULTIPLIER * new->seq + id;
+ return (new->seq << SEQ_SHIFT) + id;
}
#endif /* CONFIG_CHECKPOINT_RESTORE */
@@ -251,8 +251,8 @@ int ipc_addid(struct ipc_ids *ids, struct kern_ipc_perm *new, int limit)
kgid_t egid;
int id, err;
- if (limit > IPCMNI)
- limit = IPCMNI;
+ if (limit > ipc_mni)
+ limit = ipc_mni;
if (!ids->tables_initialized || ids->in_use >= limit)
return -ENOSPC;
@@ -769,7 +769,7 @@ static struct kern_ipc_perm *sysvipc_find_ipc(struct ipc_ids *ids, loff_t pos,
if (total >= ids->in_use)
return NULL;
- for (; pos < IPCMNI; pos++) {
+ for (; pos < ipc_mni; pos++) {
ipc = idr_find(&ids->ipcs_idr, pos);
if (ipc != NULL) {
*new_pos = pos + 1;
diff --git a/ipc/util.h b/ipc/util.h
index af57394..6871ca9 100644
--- a/ipc/util.h
+++ b/ipc/util.h
@@ -15,7 +15,11 @@
#include <linux/err.h>
#include <linux/ipc_namespace.h>
-#define SEQ_MULTIPLIER (IPCMNI)
+extern int ipc_mni;
+extern int ipc_mni_shift;
+
+#define SEQ_SHIFT ipc_mni_shift
+#define SEQ_MASK ((1 << ipc_mni_shift) - 1)
int sem_init(void);
int msg_init(void);
@@ -93,9 +97,9 @@ void __init ipc_init_proc_interface(const char *path, const char *header,
#define IPC_MSG_IDS 1
#define IPC_SHM_IDS 2
-#define ipcid_to_idx(id) ((id) % SEQ_MULTIPLIER)
-#define ipcid_to_seqx(id) ((id) / SEQ_MULTIPLIER)
-#define IPCID_SEQ_MAX min_t(int, INT_MAX/SEQ_MULTIPLIER, USHRT_MAX)
+#define ipcid_to_idx(id) ((id) & SEQ_MASK)
+#define ipcid_to_seqx(id) ((id) >> SEQ_SHIFT)
+#define IPCID_SEQ_MAX (INT_MAX >> SEQ_SHIFT)
/* must be called with ids->rwsem acquired for writing */
int ipc_addid(struct ipc_ids *, struct kern_ipc_perm *, int);
@@ -120,8 +124,8 @@ static inline int ipc_get_maxid(struct ipc_ids *ids)
if (ids->in_use == 0)
return -1;
- if (ids->in_use == IPCMNI)
- return IPCMNI - 1;
+ if (ids->in_use == ipc_mni)
+ return ipc_mni - 1;
return ids->max_id;
}
@@ -163,7 +167,7 @@ struct kern_ipc_perm *ipcctl_pre_down_nolock(struct ipc_namespace *ns,
static inline int ipc_checkid(struct kern_ipc_perm *ipcp, int uid)
{
- return uid / SEQ_MULTIPLIER != ipcp->seq;
+ return (uid >> SEQ_SHIFT) != ipcp->seq;
}
static inline void ipc_lock_object(struct kern_ipc_perm *perm)
--
1.8.3.1
^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH v5 9/9] ipc: Conserve sequence numbers in extended IPCMNI mode
2018-03-16 18:13 [PATCH v5 0/9] ipc: Clamp *mni to the real IPCMNI limit & increase that limit Waiman Long
` (7 preceding siblings ...)
2018-03-16 18:13 ` [PATCH v5 8/9] ipc: Allow boot time extension of IPCMNI from 32k to 2M Waiman Long
@ 2018-03-16 18:13 ` Waiman Long
2018-03-29 18:19 ` [PATCH v5 0/9] ipc: Clamp *mni to the real IPCMNI limit & increase that limit Luis R. Rodriguez
9 siblings, 0 replies; 20+ messages in thread
From: Waiman Long @ 2018-03-16 18:13 UTC (permalink / raw)
To: Luis R. Rodriguez, Kees Cook
Cc: linux-kernel, linux-fsdevel, linux-doc, Jonathan Corbet,
Andrew Morton, Al Viro, Matthew Wilcox, Eric W. Biederman,
Waiman Long
The mixing in of a sequence number into the IPC IDs is probably to
avoid ID reuse in userspace as much as possible. With extended IPCMNI
mode, the number of usable sequecne numbers is greatly reduced leading
to higher chance of ID reuse.
To address this issue, we need to conserve the sequence number space
as much as possible. Right now, the sequence number is incremented
for every new ID created. In reality, we only need to increment the
sequence number when one or more IDs have been removed previously to
make sure that those IDs will not be reused when a new one is built.
This is being done in the extended IPCMNI mode,
Signed-off-by: Waiman Long <longman@redhat.com>
---
include/linux/ipc_namespace.h | 1 +
ipc/ipc_sysctl.c | 2 ++
ipc/util.c | 29 ++++++++++++++++++++++-------
ipc/util.h | 1 +
4 files changed, 26 insertions(+), 7 deletions(-)
diff --git a/include/linux/ipc_namespace.h b/include/linux/ipc_namespace.h
index b5630c8..9c86fd9 100644
--- a/include/linux/ipc_namespace.h
+++ b/include/linux/ipc_namespace.h
@@ -16,6 +16,7 @@
struct ipc_ids {
int in_use;
unsigned short seq;
+ unsigned short deleted;
bool tables_initialized;
struct rw_semaphore rwsem;
struct idr ipcs_idr;
diff --git a/ipc/ipc_sysctl.c b/ipc/ipc_sysctl.c
index 5f7cfae..61a832d 100644
--- a/ipc/ipc_sysctl.c
+++ b/ipc/ipc_sysctl.c
@@ -111,6 +111,7 @@ static int proc_ipc_sem_dointvec(struct ctl_table *table, int write,
static int int_max = INT_MAX;
int ipc_mni __read_mostly = IPCMNI;
int ipc_mni_shift __read_mostly = IPCMNI_SHIFT;
+bool ipc_mni_extended __read_mostly;
static struct ctl_table ipc_kern_table[] = {
{
@@ -243,6 +244,7 @@ static int __init ipc_mni_extend(char *str)
{
ipc_mni = IPCMNI_EXTEND;
ipc_mni_shift = IPCMNI_EXTEND_SHIFT;
+ ipc_mni_extended = true;
pr_info("IPCMNI extended to %d.\n", ipc_mni);
return 0;
}
diff --git a/ipc/util.c b/ipc/util.c
index daee305..8b38a6f 100644
--- a/ipc/util.c
+++ b/ipc/util.c
@@ -118,7 +118,8 @@ int ipc_init_ids(struct ipc_ids *ids)
{
int err;
ids->in_use = 0;
- ids->seq = 0;
+ ids->deleted = false;
+ ids->seq = ipc_mni_extended ? 0 : -1; /* seq # is pre-incremented */
init_rwsem(&ids->rwsem);
err = rhashtable_init(&ids->key_ht, &ipc_kht_params);
if (err)
@@ -192,6 +193,11 @@ static struct kern_ipc_perm *ipc_findkey(struct ipc_ids *ids, key_t key)
return NULL;
}
+/*
+ * To conserve sequence number space with extended ipc_mni when new ID
+ * is built, the sequence number is incremented only when one or more
+ * IDs have been removed previously.
+ */
#ifdef CONFIG_CHECKPOINT_RESTORE
/*
* Specify desired id for next allocated IPC object.
@@ -205,9 +211,13 @@ static inline int ipc_buildid(int id, struct ipc_ids *ids,
struct kern_ipc_perm *new)
{
if (ids->next_id < 0) { /* default, behave as !CHECKPOINT_RESTORE */
- new->seq = ids->seq++;
- if (ids->seq > IPCID_SEQ_MAX)
- ids->seq = 0;
+ if (!ipc_mni_extended || ids->deleted) {
+ ids->seq++;
+ if (ids->seq > IPCID_SEQ_MAX)
+ ids->seq = 0;
+ ids->deleted = false;
+ }
+ new->seq = ids->seq;
} else {
new->seq = ipcid_to_seqx(ids->next_id);
ids->next_id = -1;
@@ -223,9 +233,13 @@ static inline int ipc_buildid(int id, struct ipc_ids *ids,
static inline int ipc_buildid(int id, struct ipc_ids *ids,
struct kern_ipc_perm *new)
{
- new->seq = ids->seq++;
- if (ids->seq > IPCID_SEQ_MAX)
- ids->seq = 0;
+ if (!ipc_mni_extended || ids->deleted) {
+ ids->seq++;
+ if (ids->seq > IPCID_SEQ_MAX)
+ ids->seq = 0;
+ ids->deleted = false;
+ }
+ new->seq = ids->seq;
return (new->seq << SEQ_SHIFT) + id;
}
@@ -435,6 +449,7 @@ void ipc_rmid(struct ipc_ids *ids, struct kern_ipc_perm *ipcp)
idr_remove(&ids->ipcs_idr, lid);
ipc_kht_remove(ids, ipcp);
ids->in_use--;
+ ids->deleted = true;
ipcp->deleted = true;
if (unlikely(lid == ids->max_id)) {
diff --git a/ipc/util.h b/ipc/util.h
index 6871ca9..e6c2055 100644
--- a/ipc/util.h
+++ b/ipc/util.h
@@ -17,6 +17,7 @@
extern int ipc_mni;
extern int ipc_mni_shift;
+extern bool ipc_mni_extended;
#define SEQ_SHIFT ipc_mni_shift
#define SEQ_MASK ((1 << ipc_mni_shift) - 1)
--
1.8.3.1
^ permalink raw reply related [flat|nested] 20+ messages in thread
* Re: [PATCH v5 0/9] ipc: Clamp *mni to the real IPCMNI limit & increase that limit
2018-03-16 18:13 [PATCH v5 0/9] ipc: Clamp *mni to the real IPCMNI limit & increase that limit Waiman Long
` (8 preceding siblings ...)
2018-03-16 18:13 ` [PATCH v5 9/9] ipc: Conserve sequence numbers in extended IPCMNI mode Waiman Long
@ 2018-03-29 18:19 ` Luis R. Rodriguez
2018-03-29 18:53 ` Luis R. Rodriguez
9 siblings, 1 reply; 20+ messages in thread
From: Luis R. Rodriguez @ 2018-03-29 18:19 UTC (permalink / raw)
To: Andrew Morton
Cc: Luis R. Rodriguez, Waiman Long, Kees Cook, linux-kernel,
linux-fsdevel, linux-doc, Jonathan Corbet, Al Viro,
Matthew Wilcox, Eric W. Biederman
Andrew,
please drop these patches until further notice. I would recommend we avoid merging
these patches until we get proper Acked-by for the entire set. Waiman has a bit more
work to do and even after the 5th iteration this is not right yet.
Luis
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH v5 0/9] ipc: Clamp *mni to the real IPCMNI limit & increase that limit
2018-03-29 18:19 ` [PATCH v5 0/9] ipc: Clamp *mni to the real IPCMNI limit & increase that limit Luis R. Rodriguez
@ 2018-03-29 18:53 ` Luis R. Rodriguez
0 siblings, 0 replies; 20+ messages in thread
From: Luis R. Rodriguez @ 2018-03-29 18:53 UTC (permalink / raw)
To: Luis R. Rodriguez
Cc: Andrew Morton, Waiman Long, Kees Cook, linux-kernel,
linux-fsdevel, linux-doc, Jonathan Corbet, Al Viro,
Matthew Wilcox, Eric W. Biederman
On Thu, Mar 29, 2018 at 06:19:35PM +0000, Luis R. Rodriguez wrote:
> Andrew,
>
> please drop these patches until further notice. I would recommend we avoid merging
> these patches until we get proper Acked-by for the entire set. Waiman has a bit more
> work to do and even after the 5th iteration this is not right yet.
Sorry or the noise, I see they are not merged.
Luis
^ permalink raw reply [flat|nested] 20+ messages in thread