Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S969495AbdIZOVk (ORCPT ); Tue, 26 Sep 2017 10:21:40 -0400 Received: from mx1.redhat.com ([209.132.183.28]:12110 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S965142AbdIZOVj (ORCPT ); Tue, 26 Sep 2017 10:21:39 -0400 DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com B82C6883A2 Authentication-Results: ext-mx02.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx02.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=joe.lawrence@redhat.com From: Joe Lawrence To: linux-kernel@vger.kernel.org Cc: Mikulas Patocka , Michael Kerrisk , Randy Dunlap Subject: [PATCH 0/3] A few round_pipe_size() and pipe-max-size fixups Date: Tue, 26 Sep 2017 10:21:21 -0400 Message-Id: <1506435684-3163-1-git-send-email-joe.lawrence@redhat.com> X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Tue, 26 Sep 2017 14:21:39 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2635 Lines: 89 While backporting Michael's "pipe: fix limit handling" patchset to a distro-kernel, Mikulas noticed that current upstream pipe limit handling contains a few problems: 1 - procfs signed wrap: echo'ing a large number into /proc/sys/fs/pipe-max-size and then cat'ing it back out shows a negative value. 2 - round_pipe_size() nr_pages overflow on 32bit: this would subsequently try roundup_pow_of_two(0), which is undefined. 3 - visible non-rounded pipe-max-size value: there is no mutual exclusion or protection between the time pipe_max_size is assigned a raw value from proc_dointvec_minmax() and when it is rounded. v1 (differences from initial rfc): - Re-arrange patchset order, push smaller fixes to the front - Add a check so that round_pipe_size(size < pipe_min_size) will round up to round_pipe_size(pipe_min_size) as per man page [RD] - Add new procfs proc_dopipe_max_size() and helpers to consolidate user space read / type validation / rounding / assignment [MP] Testing ======= Tests run on both 32 and 64-bit kernels. Patch 1 - procfs signed wrap ---------------------------- Before: % echo 2147483647 >/proc/sys/fs/pipe-max-size % cat /proc/sys/fs/pipe-max-size -2147483648 After: % echo 2147483647 >/proc/sys/fs/pipe-max-size % cat /proc/sys/fs/pipe-max-size 2147483648 Patch 2 - 32bit overflow ------------------------ >From userspace: fcntl(fd, F_SETPIPE_SZ, 0xffffffff); - Before: return value was 4096 (due to overflow) and was set to 4096 - After: returns -1 and sets errno EINVAL, pipe size remains untouched Patch 3 - non-rounded pipe-max-size value ----------------------------------------- Keep plugging in values that need to be rounded: while (true); do echo 1048570 > /proc/sys/fs/pipe-max-size; done and in another terminal, loop around reading the value: time (while (true); do SIZE=$(cat /proc/sys/fs/pipe-max-size); [[ $(( $SIZE % 4096 )) -ne 0 ]] && break; done; echo "$SIZE") 1048570 real 0m46.213s user 0m29.688s sys 0m20.042s - Before: found a non-rounded value within a few minutes - After: never encountered a non-page-rounded value Joe Lawrence (3): pipe: match pipe_max_size data type with procfs pipe: avoid round_pipe_size() nr_pages overflow on 32-bit pipe: add proc_dopipe_max_size() to safely assign pipe_max_size fs/pipe.c | 21 +++++++++++---------- include/linux/pipe_fs_i.h | 1 + include/linux/sysctl.h | 3 +++ kernel/sysctl.c | 45 ++++++++++++++++++++++++++++++++++++++++++++- 4 files changed, 59 insertions(+), 11 deletions(-) -- 1.8.3.1