From: ebiederm@xmission.com (Eric W. Biederman)
To: Alexey Gladkov <gladkov.alexey@gmail.com>
Cc: Jens Axboe <axboe@kernel.dk>, Kees Cook <keescook@chromium.org>,
Kernel Hardening <kernel-hardening@lists.openwall.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Linux Containers <containers@lists.linux-foundation.org>,
Jann Horn <jannh@google.com>, LKML <linux-kernel@vger.kernel.org>,
Oleg Nesterov <oleg@redhat.com>,
linux-mm@kvack.org, Andrew Morton <akpm@linux-foundation.org>,
Alexey Gladkov <legion@kernel.org>
Subject: Re: [PATCH v9 6/8] Reimplement RLIMIT_SIGPENDING on top of ucounts
Date: Mon, 05 Apr 2021 11:58:51 -0500 [thread overview]
Message-ID: <m1r1jollbo.fsf@fess.ebiederm.org> (raw)
In-Reply-To: <9c8b24db40a030347652ee58f44028ca1081acfa.1616533074.git.gladkov.alexey@gmail.com> (Alexey Gladkov's message of "Tue, 23 Mar 2021 21:59:15 +0100")
A small bug below.
Eric
> diff --git a/kernel/signal.c b/kernel/signal.c
> index f2a1b898da29..1b537d9de447 100644
> --- a/kernel/signal.c
> +++ b/kernel/signal.c
> @@ -413,49 +413,44 @@ void task_join_group_stop(struct task_struct *task)
> static struct sigqueue *
> __sigqueue_alloc(int sig, struct task_struct *t, gfp_t flags, int override_rlimit)
> {
> - struct sigqueue *q = NULL;
> - struct user_struct *user;
> - int sigpending;
> + struct sigqueue *q = kmem_cache_alloc(sigqueue_cachep, flags);
>
> - /*
> - * Protect access to @t credentials. This can go away when all
> - * callers hold rcu read lock.
> - *
> - * NOTE! A pending signal will hold on to the user refcount,
> - * and we get/put the refcount only when the sigpending count
> - * changes from/to zero.
> - */
> - rcu_read_lock();
> - user = __task_cred(t)->user;
> - sigpending = atomic_inc_return(&user->sigpending);
> - if (sigpending == 1)
> - get_uid(user);
> - rcu_read_unlock();
> + if (likely(q != NULL)) {
> + bool overlimit;
>
> - if (override_rlimit || likely(sigpending <= task_rlimit(t, RLIMIT_SIGPENDING))) {
> - q = kmem_cache_alloc(sigqueue_cachep, flags);
> - } else {
> - print_dropped_signal(sig);
> - }
> -
> - if (unlikely(q == NULL)) {
> - if (atomic_dec_and_test(&user->sigpending))
> - free_uid(user);
> - } else {
> INIT_LIST_HEAD(&q->list);
> q->flags = 0;
> - q->user = user;
> +
> + /*
> + * Protect access to @t credentials. This can go away when all
> + * callers hold rcu read lock.
> + */
> + rcu_read_lock();
> + q->ucounts = get_ucounts(task_ucounts(t));
> + if (q->ucounts) {
> + overlimit = inc_rlimit_ucounts_and_test(q->ucounts, UCOUNT_RLIMIT_SIGPENDING,
> + 1, task_rlimit(t, RLIMIT_SIGPENDING));
> +
> + if (override_rlimit || likely(!overlimit)) {
> + rcu_read_unlock();
> + return q;
> + }
> + }
> + rcu_read_unlock();
I believe you need to call __sigqueue_free here.
> }
>
> - return q;
> + print_dropped_signal(sig);
> + return NULL;
> }
>
> static void __sigqueue_free(struct sigqueue *q)
> {
> if (q->flags & SIGQUEUE_PREALLOC)
> return;
> - if (atomic_dec_and_test(&q->user->sigpending))
> - free_uid(q->user);
> + if (q->ucounts) {
> + dec_rlimit_ucounts(q->ucounts, UCOUNT_RLIMIT_SIGPENDING, 1);
> + put_ucounts(q->ucounts);
> + }
> kmem_cache_free(sigqueue_cachep, q);
> }
>
Eric
_______________________________________________
Containers mailing list
Containers@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/containers
WARNING: multiple messages have this Message-ID (diff)
From: ebiederm@xmission.com (Eric W. Biederman)
To: Alexey Gladkov <gladkov.alexey@gmail.com>
Cc: LKML <linux-kernel@vger.kernel.org>,
Kernel Hardening <kernel-hardening@lists.openwall.com>,
Linux Containers <containers@lists.linux-foundation.org>,
linux-mm@kvack.org, Alexey Gladkov <legion@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Christian Brauner <christian.brauner@ubuntu.com>,
Jann Horn <jannh@google.com>, Jens Axboe <axboe@kernel.dk>,
Kees Cook <keescook@chromium.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Oleg Nesterov <oleg@redhat.com>
Subject: Re: [PATCH v9 6/8] Reimplement RLIMIT_SIGPENDING on top of ucounts
Date: Mon, 05 Apr 2021 11:58:51 -0500 [thread overview]
Message-ID: <m1r1jollbo.fsf@fess.ebiederm.org> (raw)
In-Reply-To: <9c8b24db40a030347652ee58f44028ca1081acfa.1616533074.git.gladkov.alexey@gmail.com> (Alexey Gladkov's message of "Tue, 23 Mar 2021 21:59:15 +0100")
A small bug below.
Eric
> diff --git a/kernel/signal.c b/kernel/signal.c
> index f2a1b898da29..1b537d9de447 100644
> --- a/kernel/signal.c
> +++ b/kernel/signal.c
> @@ -413,49 +413,44 @@ void task_join_group_stop(struct task_struct *task)
> static struct sigqueue *
> __sigqueue_alloc(int sig, struct task_struct *t, gfp_t flags, int override_rlimit)
> {
> - struct sigqueue *q = NULL;
> - struct user_struct *user;
> - int sigpending;
> + struct sigqueue *q = kmem_cache_alloc(sigqueue_cachep, flags);
>
> - /*
> - * Protect access to @t credentials. This can go away when all
> - * callers hold rcu read lock.
> - *
> - * NOTE! A pending signal will hold on to the user refcount,
> - * and we get/put the refcount only when the sigpending count
> - * changes from/to zero.
> - */
> - rcu_read_lock();
> - user = __task_cred(t)->user;
> - sigpending = atomic_inc_return(&user->sigpending);
> - if (sigpending == 1)
> - get_uid(user);
> - rcu_read_unlock();
> + if (likely(q != NULL)) {
> + bool overlimit;
>
> - if (override_rlimit || likely(sigpending <= task_rlimit(t, RLIMIT_SIGPENDING))) {
> - q = kmem_cache_alloc(sigqueue_cachep, flags);
> - } else {
> - print_dropped_signal(sig);
> - }
> -
> - if (unlikely(q == NULL)) {
> - if (atomic_dec_and_test(&user->sigpending))
> - free_uid(user);
> - } else {
> INIT_LIST_HEAD(&q->list);
> q->flags = 0;
> - q->user = user;
> +
> + /*
> + * Protect access to @t credentials. This can go away when all
> + * callers hold rcu read lock.
> + */
> + rcu_read_lock();
> + q->ucounts = get_ucounts(task_ucounts(t));
> + if (q->ucounts) {
> + overlimit = inc_rlimit_ucounts_and_test(q->ucounts, UCOUNT_RLIMIT_SIGPENDING,
> + 1, task_rlimit(t, RLIMIT_SIGPENDING));
> +
> + if (override_rlimit || likely(!overlimit)) {
> + rcu_read_unlock();
> + return q;
> + }
> + }
> + rcu_read_unlock();
I believe you need to call __sigqueue_free here.
> }
>
> - return q;
> + print_dropped_signal(sig);
> + return NULL;
> }
>
> static void __sigqueue_free(struct sigqueue *q)
> {
> if (q->flags & SIGQUEUE_PREALLOC)
> return;
> - if (atomic_dec_and_test(&q->user->sigpending))
> - free_uid(q->user);
> + if (q->ucounts) {
> + dec_rlimit_ucounts(q->ucounts, UCOUNT_RLIMIT_SIGPENDING, 1);
> + put_ucounts(q->ucounts);
> + }
> kmem_cache_free(sigqueue_cachep, q);
> }
>
Eric
WARNING: multiple messages have this Message-ID (diff)
From: ebiederm@xmission.com (Eric W. Biederman)
To: Alexey Gladkov <gladkov.alexey@gmail.com>
Cc: LKML <linux-kernel@vger.kernel.org>,
Kernel Hardening <kernel-hardening@lists.openwall.com>,
Linux Containers <containers@lists.linux-foundation.org>,
linux-mm@kvack.org, Alexey Gladkov <legion@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Christian Brauner <christian.brauner@ubuntu.com>,
Jann Horn <jannh@google.com>, Jens Axboe <axboe@kernel.dk>,
Kees Cook <keescook@chromium.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Oleg Nesterov <oleg@redhat.com>
Subject: Re: [PATCH v9 6/8] Reimplement RLIMIT_SIGPENDING on top of ucounts
Date: Mon, 05 Apr 2021 11:58:51 -0500 [thread overview]
Message-ID: <m1r1jollbo.fsf@fess.ebiederm.org> (raw)
In-Reply-To: <9c8b24db40a030347652ee58f44028ca1081acfa.1616533074.git.gladkov.alexey@gmail.com> (Alexey Gladkov's message of "Tue, 23 Mar 2021 21:59:15 +0100")
A small bug below.
Eric
> diff --git a/kernel/signal.c b/kernel/signal.c
> index f2a1b898da29..1b537d9de447 100644
> --- a/kernel/signal.c
> +++ b/kernel/signal.c
> @@ -413,49 +413,44 @@ void task_join_group_stop(struct task_struct *task)
> static struct sigqueue *
> __sigqueue_alloc(int sig, struct task_struct *t, gfp_t flags, int override_rlimit)
> {
> - struct sigqueue *q = NULL;
> - struct user_struct *user;
> - int sigpending;
> + struct sigqueue *q = kmem_cache_alloc(sigqueue_cachep, flags);
>
> - /*
> - * Protect access to @t credentials. This can go away when all
> - * callers hold rcu read lock.
> - *
> - * NOTE! A pending signal will hold on to the user refcount,
> - * and we get/put the refcount only when the sigpending count
> - * changes from/to zero.
> - */
> - rcu_read_lock();
> - user = __task_cred(t)->user;
> - sigpending = atomic_inc_return(&user->sigpending);
> - if (sigpending == 1)
> - get_uid(user);
> - rcu_read_unlock();
> + if (likely(q != NULL)) {
> + bool overlimit;
>
> - if (override_rlimit || likely(sigpending <= task_rlimit(t, RLIMIT_SIGPENDING))) {
> - q = kmem_cache_alloc(sigqueue_cachep, flags);
> - } else {
> - print_dropped_signal(sig);
> - }
> -
> - if (unlikely(q == NULL)) {
> - if (atomic_dec_and_test(&user->sigpending))
> - free_uid(user);
> - } else {
> INIT_LIST_HEAD(&q->list);
> q->flags = 0;
> - q->user = user;
> +
> + /*
> + * Protect access to @t credentials. This can go away when all
> + * callers hold rcu read lock.
> + */
> + rcu_read_lock();
> + q->ucounts = get_ucounts(task_ucounts(t));
> + if (q->ucounts) {
> + overlimit = inc_rlimit_ucounts_and_test(q->ucounts, UCOUNT_RLIMIT_SIGPENDING,
> + 1, task_rlimit(t, RLIMIT_SIGPENDING));
> +
> + if (override_rlimit || likely(!overlimit)) {
> + rcu_read_unlock();
> + return q;
> + }
> + }
> + rcu_read_unlock();
I believe you need to call __sigqueue_free here.
> }
>
> - return q;
> + print_dropped_signal(sig);
> + return NULL;
> }
>
> static void __sigqueue_free(struct sigqueue *q)
> {
> if (q->flags & SIGQUEUE_PREALLOC)
> return;
> - if (atomic_dec_and_test(&q->user->sigpending))
> - free_uid(q->user);
> + if (q->ucounts) {
> + dec_rlimit_ucounts(q->ucounts, UCOUNT_RLIMIT_SIGPENDING, 1);
> + put_ucounts(q->ucounts);
> + }
> kmem_cache_free(sigqueue_cachep, q);
> }
>
Eric
next prev parent reply other threads:[~2021-04-05 16:59 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-23 20:59 [PATCH v9 0/8] Count rlimits in each user namespace Alexey Gladkov
2021-03-23 20:59 ` Alexey Gladkov
2021-03-23 20:59 ` [PATCH v9 1/8] Increase size of ucounts to atomic_long_t Alexey Gladkov
2021-03-23 20:59 ` Alexey Gladkov
2021-03-23 20:59 ` [PATCH v9 2/8] Add a reference to ucounts for each cred Alexey Gladkov
2021-03-23 20:59 ` Alexey Gladkov
2021-03-23 20:59 ` [PATCH v9 3/8] Use atomic_t for ucounts reference counting Alexey Gladkov
2021-03-23 20:59 ` Alexey Gladkov
2021-04-05 17:01 ` Eric W. Biederman
2021-04-05 17:01 ` Eric W. Biederman
2021-04-05 17:01 ` Eric W. Biederman
2021-03-23 20:59 ` [PATCH v9 4/8] Reimplement RLIMIT_NPROC on top of ucounts Alexey Gladkov
2021-03-23 20:59 ` Alexey Gladkov
2021-04-05 16:56 ` Eric W. Biederman
2021-04-05 16:56 ` Eric W. Biederman
2021-04-05 16:56 ` Eric W. Biederman
2021-04-06 15:44 ` Alexey Gladkov
2021-04-06 15:44 ` Alexey Gladkov
2021-04-07 16:56 ` Eric W. Biederman
2021-04-07 16:56 ` Eric W. Biederman
2021-04-07 16:56 ` Eric W. Biederman
2021-03-23 20:59 ` [PATCH v9 5/8] Reimplement RLIMIT_MSGQUEUE " Alexey Gladkov
2021-03-23 20:59 ` Alexey Gladkov
2021-03-23 20:59 ` [PATCH v9 6/8] Reimplement RLIMIT_SIGPENDING " Alexey Gladkov
2021-03-23 20:59 ` Alexey Gladkov
2021-04-05 16:58 ` Eric W. Biederman [this message]
2021-04-05 16:58 ` Eric W. Biederman
2021-04-05 16:58 ` Eric W. Biederman
2021-03-23 20:59 ` [PATCH v9 7/8] Reimplement RLIMIT_MEMLOCK " Alexey Gladkov
2021-03-23 20:59 ` Alexey Gladkov
2021-03-23 20:59 ` [PATCH v9 8/8] kselftests: Add test to check for rlimit changes in different user namespaces Alexey Gladkov
2021-03-23 20:59 ` Alexey Gladkov
2021-04-05 17:03 ` [PATCH v9 0/8] Count rlimits in each user namespace Eric W. Biederman
2021-04-05 17:03 ` Eric W. Biederman
2021-04-05 17:03 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m1r1jollbo.fsf@fess.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=akpm@linux-foundation.org \
--cc=axboe@kernel.dk \
--cc=containers@lists.linux-foundation.org \
--cc=gladkov.alexey@gmail.com \
--cc=jannh@google.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=legion@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=oleg@redhat.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.