Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp1543715imm; Tue, 2 Oct 2018 09:51:03 -0700 (PDT) X-Google-Smtp-Source: ACcGV60XClLvr1cCa6jUs2PR3Pz7R9hqceQHb3Blfo4k8SyjKI9m4VSDndvBKmqg87hR81M1e9TV X-Received: by 2002:a17:902:4225:: with SMTP id g34-v6mr17541069pld.161.1538499063920; Tue, 02 Oct 2018 09:51:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538499063; cv=none; d=google.com; s=arc-20160816; b=J6pCZURqGgMk0L4nVkg9auFA/j4SJqOStnw7/1WscSz8JZO9cp+LMMfT/uGut3XKfs VYAxu7twwZaxuT8M1RYe28UmczzweD+Pu1QZqXjlZfIrsIwn/HNjbBBW7UI4Cjry4Ttm nkJiz79Y0X71usGu+3yFYJxvzZZ7We8RtBVt2yKrye9QKAlmzgTZg+a42DyUf8Q9Va5C zx5VWFxdIx541fR34Au33NYBu9iewGxtt5WfDnMxOlh+xl67F4CsNsdePSMLB4rF03sz dN5jNzvaNCpu1E6m2DypxRHRhg0VD3BE0QM1L3P4c1ZMkugsJKRgr2kxI1lt2JwoTHG8 KFpg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature; bh=dVKmxQVrpJZvJn5/VP1CGLfRDCwvpj/jGRXVi3uRGZs=; b=X0JeDLkOYiYYsVfN7G8QiGm7RK0t9E5l8vkCF7YWDo6jrEBIQLJqHRpb+UCinsXkJr O/i5/dCuHVVDy5nA9VXEm5JWW9kmMol1pC2SGLtQHbOlDn5+4C5YQk4g5uJDC2Cq9uRB LxUI6PvoFTGjJkyiLTMxVUMJqXpo7/6oZEf8Ait3zVQ3eCh3RjkYcriAMlopjVTRy12J voJMMr7TW2tNAZZ0cABbHJcOFXhaHUu41jchKTJ/5KaA6bRlFxG7SuTf/6ypc3f73Htj FrbVWkmvzdLpOoTwJgqYxkMPnMHzKixLeTTwtVHYo4hpwsa/wz6YgDnjlghKOE+AzG8u lj0g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@colorfullife-com.20150623.gappssmtp.com header.s=20150623 header.b=QcoxN2VA; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e3-v6si16792702plk.114.2018.10.02.09.50.49; Tue, 02 Oct 2018 09:51:03 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@colorfullife-com.20150623.gappssmtp.com header.s=20150623 header.b=QcoxN2VA; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729533AbeJBXED (ORCPT + 99 others); Tue, 2 Oct 2018 19:04:03 -0400 Received: from mail-wr1-f68.google.com ([209.85.221.68]:45300 "EHLO mail-wr1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727351AbeJBXED (ORCPT ); Tue, 2 Oct 2018 19:04:03 -0400 Received: by mail-wr1-f68.google.com with SMTP id q5-v6so2892564wrw.12 for ; Tue, 02 Oct 2018 09:19:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=colorfullife-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id; bh=dVKmxQVrpJZvJn5/VP1CGLfRDCwvpj/jGRXVi3uRGZs=; b=QcoxN2VAs2N5Q1NYLKQxeewfB3zvI9XuMvNeu/znNJojq++3LNi1acunL6WGfNhfZn /ehQgUKwqgjbQlYS8cRct1pqLc4uXoIjGLW2Telb1bCXhs10YGIntGV10WDCpEKsBWmx 8AuNKSNzTD+S/VCfgMcHeU0MyLaAZUiMmYA+ijhdHNPXKbH5b35JebcU3Cz2ZoaO+0cS J2pVph2wUZlYYbWQBcpMqw8ohn62jaZpDXu7o62J3H+5x4+55bttBxLRnHSY5QHevavY udkS6QTi/U1LAtbfUMrln2PYxja5YnzXUasnVewVZSRFUEg2BxzzqP/bne6OOYEhP9SG 5BWQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=dVKmxQVrpJZvJn5/VP1CGLfRDCwvpj/jGRXVi3uRGZs=; b=oHuyTdy/gNxIpRoKkV3cTrhCQ6eczf+DjOrCgdF56Gu0vWwpqahuA6/FvaBktWLETL tCDZatrPxTLQtGzCLKyf1Y+YE6xmeF0BRR/82nHAmOjILRr4nDkaloTcgmLWNN9Zqq9M WIptwzGWvNmBsxR3dZLaqz/YzZgkYkNN4YgeodoH1RO4pHmjLX6oWy/nHrKjlokKmpVH 4tTFLXiis0uCXXFUPDjgxeB0MzqOOX3hLJaK6bZp+xFRX6A3SdkrzTVAyI7FNR4BMVAA ok2OI4gofHSj2jOqVQBehhP7Hs/uaGuigNE7gpx5Erl6tBeiGLfEw58HSx5GLJOzAt2/ oEZg== X-Gm-Message-State: ABuFfojK3lUxMG2gTyphFhwL8UEhf5EUWdYLz6B/z4KllR8BOa/Tvupa bHMedNWficF+/EsavUzclmfGrVulHM0= X-Received: by 2002:adf:8382:: with SMTP id 2-v6mr2938704wre.13.1538497192488; Tue, 02 Oct 2018 09:19:52 -0700 (PDT) Received: from localhost.localdomain (p200300D993C77B00B5EB8DB179490446.dip0.t-ipconnect.de. [2003:d9:93c7:7b00:b5eb:8db1:7949:446]) by smtp.googlemail.com with ESMTPSA id n14-v6sm9132139wmc.14.2018.10.02.09.19.51 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 02 Oct 2018 09:19:51 -0700 (PDT) From: Manfred Spraul To: LKML , Davidlohr Bueso , Waiman Long Cc: 1vier1@web.de, Andrew Morton , Kees Cook , "Luis R . Rodriguez" , Matthew Wilcox , Manfred Spraul Subject: [RFC, PATCH] ipc/util.c: use idr_alloc_cyclic() for ipc allocations Date: Tue, 2 Oct 2018 18:19:42 +0200 Message-Id: <20181002161942.1037-1-manfred@colorfullife.com> X-Mailer: git-send-email 2.17.1 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org A bit related to the patch series that increases IPC_MNI: (User space) id reuse create the risk of data corruption: Process A: calls ipc function Process A: sleeps just at the beginning of the syscall Process B: Frees the ipc object (i.e.: calls ...ctl(IPC_RMID) Process B: Creates a new ipc object (i.e.: calls ...get()) Process A: is woken up, and accesses the new object To reduce the probability that the new and the old object have the same id, the current implementation adds a sequence number to the index of the object in the idr tree. To further reduce the probability for a reuse, switch from idr_alloc to idr_alloc_cyclic. The patch cycles over at least RADIX_TREE_MAP_SIZE, i.e. if there is only a small number of objects, the accesses continue to be direct. As an option, this could be made dependent on the extended mode: In extended mode, cycle over e.g. at least 16k ids. Signed-off-by: Manfred Spraul --- Open questions: - Is there a significant performance advantage, especially there are many ipc ids? - Over how many ids should the code cycle always? - Further review remarks? ipc/util.c | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/ipc/util.c b/ipc/util.c index 0af05752969f..6f83841f6761 100644 --- a/ipc/util.c +++ b/ipc/util.c @@ -216,10 +216,30 @@ static inline int ipc_idr_alloc(struct ipc_ids *ids, struct kern_ipc_perm *new) */ if (next_id < 0) { /* !CHECKPOINT_RESTORE or next_id is unset */ + int idr_max; + new->seq = ids->seq++; if (ids->seq > IPCID_SEQ_MAX) ids->seq = 0; - idx = idr_alloc(&ids->ipcs_idr, new, 0, 0, GFP_NOWAIT); + + /* + * If a user space visible id is reused, then this creates a + * risk for data corruption. To reduce the probability that + * a number is reduced, two approaches are used: + * 1) the idr index is allocated cyclically. + * 2) the use space id is build by concatenating the + * internal idr index with a sequence number + * To avoid that both numbers have the same cycle time, try + * to set the size for the cyclic alloc to an odd number. + */ + idr_max = ids->in_use*2+1; + if (idr_max < RADIX_TREE_MAP_SIZE-1) + idr_max = RADIX_TREE_MAP_SIZE-1; + if (idr_max > IPCMNI) + idr_max = IPCMNI; + + idx = idr_alloc_cyclic(&ids->ipcs_idr, new, 0, idr_max, + GFP_NOWAIT); } else { new->seq = ipcid_to_seqx(next_id); idx = idr_alloc(&ids->ipcs_idr, new, ipcid_to_idx(next_id), -- 2.17.1