Received: by 10.223.176.5 with SMTP id f5csp2341430wra; Thu, 8 Feb 2018 12:22:04 -0800 (PST) X-Google-Smtp-Source: AH8x226aAZ3FTQlBQ64tW4mNu3PqBI8xVrYtZhxOZerpcdgHsC9E/ampubgje7tKZd0QNRuF+zOB X-Received: by 2002:a17:902:82cb:: with SMTP id u11-v6mr207171plz.391.1518121324868; Thu, 08 Feb 2018 12:22:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518121324; cv=none; d=google.com; s=arc-20160816; b=EGrGaHa9LPm2RSzfhQJH5DOlB7K17+kN5xqyyxZTcKm+Waba+0joIwtdFNfKjR4YdB jnu516PoLV1mgFy0s3syeKRo89bV0PC56UsgzibWmcpNJVHU236bGXMkNyRQntNEvU25 5ty6eo/ihf0SFAJZ3EN5E/3uBxVB2NVvTIwn3TnbFgE61dikJiS3Vunr7cP+Pb6+UCup GLL2OzMTmJP/FusEpDNLbcNs2LRrw1oAs0qJa7d/NDQEZ3+VMdkwyY8awmZvLw6rLldC KhwBucDI4zE5BzMw3mzt8+4kMg6Aqj6XRIWHqfd9KObgQwD1/anOxhCsnQNI6+bDQi4q OAIg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=bweFLzcMqzMpY0xszSwGYT3pq+51QYYxSnfev6xSBp4=; b=cSRufKPnVw4Ct3sLwKGgkfZ7bXnCC5MLbcyT8l75D+5vU9lk+hmQHcHCg2caGcE8hR eiE9iLIz13Umbi+Rd7sdg5Jsqq0GnjaFh2wXxsz3tC58xHmoN9zyZ7iNMYkAe/o181az zleNvUA88AXv66ixkx8QQc/KmdWWkgDaXaDNQE/3i27iPwdNp2lzvgvqRXP/ilWyT7Um 3kFTAU8yBtU1w1kpuJY/QoIRei4kN0Avyj1S//5Cva21e8bnFKmyB6FWKJBPzuPVr/nq dLAXCrq7piXQgMRMcZy6s08pFZbWzhBGt7KZjVV2MM62LorLWNeTR5CZBoWndCuq+7i3 XSsQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@infradead.org header.s=bombadil.20170209 header.b=pPe0SWS6; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 5-v6si427562plx.742.2018.02.08.12.21.49; Thu, 08 Feb 2018 12:22:04 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@infradead.org header.s=bombadil.20170209 header.b=pPe0SWS6; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752403AbeBHUVE (ORCPT + 99 others); Thu, 8 Feb 2018 15:21:04 -0500 Received: from bombadil.infradead.org ([65.50.211.133]:38725 "EHLO bombadil.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752205AbeBHUVC (ORCPT ); Thu, 8 Feb 2018 15:21:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=In-Reply-To:Content-Type:MIME-Version :References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=bweFLzcMqzMpY0xszSwGYT3pq+51QYYxSnfev6xSBp4=; b=pPe0SWS6j2wSDskGwcFd8qzrp /0MxmXMHlhxrPecUluli3L80/g+W/i+0gfcf5Jdk2ZU04Uwj1LpVBcrNlw761Te+l4tK9UCX7S2WO t5/BIVnxZg9iHuir0iln2wxYPtOOuHMUtpSS+BVsBYjKKLAIg25LiGZFWxi0skaC4i7hBnYxLKWSt 8pyALEM+gxuCLmS9M3sQsNYhAOR2hBb8FGjyATXUKbmBgdLUK3VQXiKxmuEl7TD7decruS9I+Bg1C J64/aCeXB17b8WxBp0NpB8/Xv1pVJHlaeU8Mn7sokCQ3jFXUyohq8RA7aHSfPAYqqbH6p6ojP13gI SgE4gak6g==; Received: from willy by bombadil.infradead.org with local (Exim 4.89 #1 (Red Hat Linux)) id 1ejsgn-0004Qa-3v; Thu, 08 Feb 2018 20:21:01 +0000 Date: Thu, 8 Feb 2018 12:21:00 -0800 From: Matthew Wilcox To: Daniel Micay Cc: Jann Horn , linux-mm@kvack.org, Kernel Hardening , kernel list , "Kirill A. Shutemov" Subject: Re: [RFC] Warn the user when they could overflow mapcount Message-ID: <20180208202100.GB3424@bombadil.infradead.org> References: <20180208021112.GB14918@bombadil.infradead.org> <20180208185648.GB9524@bombadil.infradead.org> <20180208194235.GA3424@bombadil.infradead.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.1 (2017-09-22) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Feb 08, 2018 at 02:48:52PM -0500, Daniel Micay wrote: > I guess it could saturate and then switch to tracking the count via an > object pointer -> count mapping with a global lock? Whatever the > solution is should probably be a generic one since it's a recurring > issue. I was thinking of saturating _mapcount at 2 billion (allowing _refcount the extra space to go into the 2-3 billion range). Once saturated, disallow all attempts at mapping it until _mapcount has gone below 2 billion again. We can walk the page->mapping->i_mmap tree and find tasks with more than, say, 10 mappings each, and kill them. Now that I think about it, though, perhaps the simplest solution is not to worry about checking whether _mapcount has saturated, and instead when adding a new mmap, check whether this task already has it mapped 10 times. If so, refuse the mapping. Now we can argue that since pid_max is smaller than 400 million that _mapcount will never overflow, and so we don't need to check it. Convincing argument?