From: ebiederm@xmission.com (Eric W. Biederman)
To: Alexey Gladkov <gladkov.alexey@gmail.com>
Cc: LKML <linux-kernel@vger.kernel.org>,
Kernel Hardening <kernel-hardening@lists.openwall.com>,
Linux Containers <containers@lists.linux-foundation.org>,
linux-mm@kvack.org, Alexey Gladkov <legion@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Christian Brauner <christian.brauner@ubuntu.com>,
Jann Horn <jannh@google.com>, Jens Axboe <axboe@kernel.dk>,
Kees Cook <keescook@chromium.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Oleg Nesterov <oleg@redhat.com>
Subject: Re: [PATCH v9 6/8] Reimplement RLIMIT_SIGPENDING on top of ucounts
Date: Mon, 05 Apr 2021 11:58:51 -0500 [thread overview]
Message-ID: <m1r1jollbo.fsf@fess.ebiederm.org> (raw)
In-Reply-To: <9c8b24db40a030347652ee58f44028ca1081acfa.1616533074.git.gladkov.alexey@gmail.com> (Alexey Gladkov's message of "Tue, 23 Mar 2021 21:59:15 +0100")
A small bug below.
Eric
> diff --git a/kernel/signal.c b/kernel/signal.c
> index f2a1b898da29..1b537d9de447 100644
> --- a/kernel/signal.c
> +++ b/kernel/signal.c
> @@ -413,49 +413,44 @@ void task_join_group_stop(struct task_struct *task)
> static struct sigqueue *
> __sigqueue_alloc(int sig, struct task_struct *t, gfp_t flags, int override_rlimit)
> {
> - struct sigqueue *q = NULL;
> - struct user_struct *user;
> - int sigpending;
> + struct sigqueue *q = kmem_cache_alloc(sigqueue_cachep, flags);
>
> - /*
> - * Protect access to @t credentials. This can go away when all
> - * callers hold rcu read lock.
> - *
> - * NOTE! A pending signal will hold on to the user refcount,
> - * and we get/put the refcount only when the sigpending count
> - * changes from/to zero.
> - */
> - rcu_read_lock();
> - user = __task_cred(t)->user;
> - sigpending = atomic_inc_return(&user->sigpending);
> - if (sigpending == 1)
> - get_uid(user);
> - rcu_read_unlock();
> + if (likely(q != NULL)) {
> + bool overlimit;
>
> - if (override_rlimit || likely(sigpending <= task_rlimit(t, RLIMIT_SIGPENDING))) {
> - q = kmem_cache_alloc(sigqueue_cachep, flags);
> - } else {
> - print_dropped_signal(sig);
> - }
> -
> - if (unlikely(q == NULL)) {
> - if (atomic_dec_and_test(&user->sigpending))
> - free_uid(user);
> - } else {
> INIT_LIST_HEAD(&q->list);
> q->flags = 0;
> - q->user = user;
> +
> + /*
> + * Protect access to @t credentials. This can go away when all
> + * callers hold rcu read lock.
> + */
> + rcu_read_lock();
> + q->ucounts = get_ucounts(task_ucounts(t));
> + if (q->ucounts) {
> + overlimit = inc_rlimit_ucounts_and_test(q->ucounts, UCOUNT_RLIMIT_SIGPENDING,
> + 1, task_rlimit(t, RLIMIT_SIGPENDING));
> +
> + if (override_rlimit || likely(!overlimit)) {
> + rcu_read_unlock();
> + return q;
> + }
> + }
> + rcu_read_unlock();
I believe you need to call __sigqueue_free here.
> }
>
> - return q;
> + print_dropped_signal(sig);
> + return NULL;
> }
>
> static void __sigqueue_free(struct sigqueue *q)
> {
> if (q->flags & SIGQUEUE_PREALLOC)
> return;
> - if (atomic_dec_and_test(&q->user->sigpending))
> - free_uid(q->user);
> + if (q->ucounts) {
> + dec_rlimit_ucounts(q->ucounts, UCOUNT_RLIMIT_SIGPENDING, 1);
> + put_ucounts(q->ucounts);
> + }
> kmem_cache_free(sigqueue_cachep, q);
> }
>
Eric
next prev parent reply other threads:[~2021-04-05 16:59 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-23 20:59 [PATCH v9 0/8] Count rlimits in each user namespace Alexey Gladkov
2021-03-23 20:59 ` [PATCH v9 1/8] Increase size of ucounts to atomic_long_t Alexey Gladkov
2021-03-23 20:59 ` [PATCH v9 2/8] Add a reference to ucounts for each cred Alexey Gladkov
2021-03-23 20:59 ` [PATCH v9 3/8] Use atomic_t for ucounts reference counting Alexey Gladkov
2021-04-05 17:01 ` Eric W. Biederman
2021-03-23 20:59 ` [PATCH v9 4/8] Reimplement RLIMIT_NPROC on top of ucounts Alexey Gladkov
2021-04-05 16:56 ` Eric W. Biederman
2021-04-06 15:44 ` Alexey Gladkov
2021-04-07 16:56 ` Eric W. Biederman
2021-03-23 20:59 ` [PATCH v9 5/8] Reimplement RLIMIT_MSGQUEUE " Alexey Gladkov
2021-03-23 20:59 ` [PATCH v9 6/8] Reimplement RLIMIT_SIGPENDING " Alexey Gladkov
2021-04-05 16:58 ` Eric W. Biederman [this message]
2021-03-23 20:59 ` [PATCH v9 7/8] Reimplement RLIMIT_MEMLOCK " Alexey Gladkov
2021-03-23 20:59 ` [PATCH v9 8/8] kselftests: Add test to check for rlimit changes in different user namespaces Alexey Gladkov
2021-04-05 17:03 ` [PATCH v9 0/8] Count rlimits in each user namespace Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m1r1jollbo.fsf@fess.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=akpm@linux-foundation.org \
--cc=axboe@kernel.dk \
--cc=christian.brauner@ubuntu.com \
--cc=containers@lists.linux-foundation.org \
--cc=gladkov.alexey@gmail.com \
--cc=jannh@google.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=legion@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=oleg@redhat.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).