Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp3782402imm; Mon, 18 Jun 2018 04:05:54 -0700 (PDT) X-Google-Smtp-Source: ADUXVKLgg57htVfCTOj5VUAZ8YQRASK8sifawjpqyDUaoDjEvbthOpwUWyHLYKnW23066uh1sfFJ X-Received: by 2002:a65:5106:: with SMTP id f6-v6mr10500710pgq.122.1529319954037; Mon, 18 Jun 2018 04:05:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1529319954; cv=none; d=google.com; s=arc-20160816; b=br7/TJWJJKzxj9x4w3991s0/sty6FIeoxVY7+XnWhWcLNOQZB0Z+70001QEpCWry90 maK9WBQyFEekm0HaJXL4D33p/KaZn62kst4n9OoVvwm5ZTd7UzENGPCCuG1sadCUKi7c M5IwyUNm6R4TDidgLUJKmwmIZF76IZ0gGhUvh4VokrCzX6FrPDbVAWq1lsdQAVkIwwZQ r/CNh6lY4jt2vqa3QbHLjzALElUgw7ZCcrJ7cVsDh6ormaL6mMibPmQqe+/CZTGc5A9I Q2Xf9HL5fI5lO2jLs2M8TWGFNxBQWzOhtmNqFbdB8so2UZ1Jcyp3qCYKBsSe+R3tZpQZ yyMw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :arc-authentication-results; bh=EfGu4zSLlvAIigmff+NQSTHIo7/M+XxD6ryCO2p1z9M=; b=EdAQBOTY8RO+2Xf460zEVXq6iTWZ2n3TNq0H7qMaeFsSHwDFhNd5Yq9fpVyouLO0vH QouhTKgOSiZCazFpYnqJ7Ct1bQhMXxMLOtx+DkDtydMAyCphyzN8/35/wwmGY0haDrbQ PxhC5oepaK1jFfabi21dOJbLbqqZdw6bmj9iiXp2Bz+LIHJEpRNFCwBq46SlUcyui7tY XYgDAqLIrn0KNQsPaT5cG0jDivqnyP9UlRVfE2oPYMtTRocro9i8o2MnFCMejlf6SUB/ BYkeVlzKKzrB9ZUSiz53ezqQcziBYxyMjOXCBeyW7+z3xKNcvl+vrHii36DOOUb1wOj4 peCQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p8-v6si13741352pfh.249.2018.06.18.04.05.40; Mon, 18 Jun 2018 04:05:53 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S936916AbeFRK2v (ORCPT + 99 others); Mon, 18 Jun 2018 06:28:51 -0400 Received: from mx1.redhat.com ([209.132.183.28]:56366 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933600AbeFRK2r (ORCPT ); Mon, 18 Jun 2018 06:28:47 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 472813086252; Mon, 18 Jun 2018 10:28:47 +0000 (UTC) Received: from llong.com (ovpn-116-106.phx2.redhat.com [10.3.116.106]) by smtp.corp.redhat.com (Postfix) with ESMTP id 108D25C257; Mon, 18 Jun 2018 10:28:40 +0000 (UTC) From: Waiman Long To: "Luis R. Rodriguez" , Kees Cook , Andrew Morton , Jonathan Corbet Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-doc@vger.kernel.org, Al Viro , Matthew Wilcox , "Eric W. Biederman" , Takashi Iwai , Davidlohr Bueso , Waiman Long Subject: [PATCH v8 0/5] ipc: IPCMNI limit check for *mni & increase that limit Date: Mon, 18 Jun 2018 18:28:13 +0800 Message-Id: <1529317698-16575-1-git-send-email-longman@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.49]); Mon, 18 Jun 2018 10:28:47 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org v7->v8: - Remove the __read_mostly tag for ipc_mni and related variables as their accesses are not really in performance critical path. - Add a new ipcmni_compat sysctl parameter that can be set to restore old range check behavior if desired. v6->v7: - Drop the range clamping code and just return error instead for now until there is user request for clamping support. - Fix compilation error when CONFIG_SYSVIPC_SYSCTL isn't defined. v5->v6: - Consolidate the 3 ctl_table flags into 2. - Make similar changes to proc_doulongvec_minmax() and its associates to complete the clamping change. - Remove the sysctl registration failure test patch for now for later consideration. - Add extra braces to patch 1 to reduce code diff in a later patch. v4->v5: - Revert the flags back to 16-bit so that there will be no change to the size of ctl_table. - Enhance the sysctl_check_flags() as requested by Luis to perform more checks to spot incorrect ctl_table entries. - Change the sysctl selftest to use dummy sysctls instead of production ones & enhance it to do more checks. - Add one more sysctl selftest for registration failure. - Add 2 ipc patches to add an extended mode to increase IPCMNI from 32k to 2M. - Miscellaneous change to incorporate feedback comments from reviewers. v3->v4: - Remove v3 patches 1 & 2 as they have been merged into the mm tree. - Change flags from uint16_t to unsigned int. - Remove CTL_FLAGS_OOR_WARNED and use pr_warn_ratelimited() instead. - Simplify the warning message code. - Add a new patch to fail the ctl_table registration with invalid flag. - Add a test case for range clamping in sysctl selftest. v2->v3: - Fix kdoc comment errors. - Incorporate comments and suggestions from Luis R. Rodriguez. - Add a patch to fix a typo error in fs/proc/proc_sysctl.c. v1->v2: - Add kdoc comments to the do_proc_do{u}intvec_minmax_conv_param structures. - Add a new flags field to the ctl_table structure for specifying whether range clamping should be activated instead of adding new sysctl parameter handlers. - Clamp the semmni value embedded in the multi-values sem parameter. v5 patch: https://lkml.org/lkml/2018/3/16/1106 v6 patch: https://lkml.org/lkml/2018/4/27/1094 v7 patch: https://lkml.org/lkml/2018/5/7/666 The sysctl parameters msgmni, shmmni and semmni have an inherent limit of IPC_MNI (32k). However, users may not be aware of that because they can write a value much higher than that without getting any error or notification. Reading the parameters back will show the newly written values which are not real. The real IPCMNI limit is now enforced to make sure that users won't put in an unrealistic value. The first 2 patches enforce the limits. There are also users out there requesting increase in the IPCMNI value. The last 2 patches attempt to do that by using a boot kernel parameter "ipcmni_extend" to increase the IPCMNI limit from 32k to 2M if the users really want the extended value. Enforcing the range limit check may cause some existing applications to break if they unwittingly set a value higher than 32k. To allow system administrators to work around this issue, a new ipcmni_compat sysctl parameter can now be set to restore the old behavior. This compatibility mode can only be set if the ipcmni_extend boot parameter is not specified. Patch 5 implements this new sysctl parameter. Waiman Long (5): ipc: IPCMNI limit check for msgmni and shmmni ipc: IPCMNI limit check for semmni ipc: Allow boot time extension of IPCMNI from 32k to 2M ipc: Conserve sequence numbers in extended IPCMNI mode ipc: Add a new ipcmni_compat sysctl to fall back to old behavior Documentation/admin-guide/kernel-parameters.txt | 3 + Documentation/sysctl/kernel.txt | 15 +++++ include/linux/ipc_namespace.h | 1 + ipc/ipc_sysctl.c | 78 ++++++++++++++++++++++++- ipc/util.c | 41 ++++++++----- ipc/util.h | 50 +++++++++++++--- 6 files changed, 164 insertions(+), 24 deletions(-) -- 1.8.3.1