Received: by 2002:a05:6a10:7420:0:0:0:0 with SMTP id hk32csp79743pxb;
        Tue, 15 Feb 2022 08:49:16 -0800 (PST)
X-Google-Smtp-Source: ABdhPJw+7dQN9F+yUTSp7IWJUmZSbHygJR+QhFJkmplW5Kz2SQ2Lm9ri2Hb/iBkz6wo77YsVjuCt
X-Received: by 2002:aca:5f42:0:b0:2ce:6ee7:2cb1 with SMTP id t63-20020aca5f42000000b002ce6ee72cb1mr1956994oib.223.1644943756221;
        Tue, 15 Feb 2022 08:49:16 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1644943756; cv=none;
        d=google.com; s=arc-20160816;
        b=ok4MEVCD/2eWacy8nqZqQNb0cEOUglKq3spAIOJHntJSw7XVPCIdTGw+ZhYyb2frZP
         RtAEvLzu/GRiFoQ3CHNlhr0ENGlHeuYgRXQCkmUSAcovdedPuhWKTlQsuRg6LI3Le04G
         gOptRJbaSLZ4rvCsusYh1z911OUi7nXCA1N4EyBPgppXrgqHy1OH7CMP+MqmfWoo2OIa
         Mz7Qo304AvDFC+ZZG4v77bJlwzemj/jkpsY9zDe6KaMAUCj/Et1CLRKnesaR8ymTxcgS
         9sErBCm++OabJ1t62VNH7VsjWgFdMOkIHPaQjp5UYRf00Ga0ab+vKPIPqaq5lkPH5xkK
         Iqxg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:user-agent:in-reply-to:content-transfer-encoding
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:dkim-signature;
        bh=adJSoSE9Bupy5BHYL/QvO31gaCs5ojBBDPdNJcHiJrQ=;
        b=qomdR90MPIsflqbVhhpLlBM4k2AVtUyUoKC7wJBXXkbOGtEZKFuRuSl7QZ0Wfgy0U5
         wGldKlgkokWNdtRolLjiW9cv7WUND5fZrvgyHDw2HcjlbfhZaLLRRMmQR0E9OChxQOEQ
         hQVMoik3DLdNb8rHkZARngDzA6ETXtcylTjoaHtLSUBoMW0F+AHApq7Zut0xvzP8N00z
         0V36LldigCCk/SB6fuRk0nzQredsHIvkNPxcmFeEM7FnRLfkW3ctEvzIIbo+AwiakPcv
         Q32Ra8usrPlVw1+ntJPOnOqK2AIsvTYFLGtWYY46EalF/xf6YJBHp8a41rBD5ubHLZ/+
         h9gw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@suse.com header.s=susede1 header.b=psBJoPYR;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=suse.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id a3si10972905oao.377.2022.02.15.08.48.52;
        Tue, 15 Feb 2022 08:49:16 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@suse.com header.s=susede1 header.b=psBJoPYR;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=suse.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S237118AbiBOLZz (ORCPT <rfc822;andrey.bzh.r@gmail.com>
        + 99 others); Tue, 15 Feb 2022 06:25:55 -0500
Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:44514 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232446AbiBOLZy (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 15 Feb 2022 06:25:54 -0500
Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 947F5108555;
        Tue, 15 Feb 2022 03:25:44 -0800 (PST)
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
        (No client certificate requested)
        by smtp-out2.suse.de (Postfix) with ESMTPS id 506DE1F38A;
        Tue, 15 Feb 2022 11:25:43 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1;
        t=1644924343; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
         mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=adJSoSE9Bupy5BHYL/QvO31gaCs5ojBBDPdNJcHiJrQ=;
        b=psBJoPYRHChgfX/0VV6wYre7TS/KB2RBXIWyKQ1sKcimR/1GjTEIUyaENcV6wPdipToQPc
        6qv20oZz3tf8w4Kxop1MCTPFLUsNS60ahFLl9hapIfxHnjtvg8ItoEqCzmKqbxFiWW7aMA
        BIl+EnwPLiW5+nC+/yR56sjAkeUDZvg=
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
        (No client certificate requested)
        by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 2F8CF13C40;
        Tue, 15 Feb 2022 11:25:43 +0000 (UTC)
Received: from dovecot-director2.suse.de ([192.168.254.65])
        by imap2.suse-dmz.suse.de with ESMTPSA
        id t1z7CreNC2JGPQAAMHmgww
        (envelope-from <mkoutny@suse.com>); Tue, 15 Feb 2022 11:25:43 +0000
Date:   Tue, 15 Feb 2022 12:25:41 +0100
From:   Michal =?iso-8859-1?Q?Koutn=FD?= <mkoutny@suse.com>
To:     "Eric W. Biederman" <ebiederm@xmission.com>
Cc:     Solar Designer <solar@openwall.com>, linux-kernel@vger.kernel.org,
        Alexey Gladkov <legion@kernel.org>,
        Kees Cook <keescook@chromium.org>,
        Shuah Khan <shuah@kernel.org>,
        Christian Brauner <brauner@kernel.org>,
        Ran Xiaokai <ran.xiaokai@zte.com.cn>, stable@vger.kernel.org
Subject: Re: [PATCH 5/8] ucounts: Handle wrapping in is_ucounts_overlimit
Message-ID: <20220215112541.GH21589@blackbody.suse.cz>
References: <87o83e2mbu.fsf@email.froward.int.ebiederm.org>
 <20220211021324.4116773-5-ebiederm@xmission.com>
 <20220212223638.GB29214@openwall.com>
 <87k0dxv5eq.fsf@email.froward.int.ebiederm.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <87k0dxv5eq.fsf@email.froward.int.ebiederm.org>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_NONE,
        SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Feb 14, 2022 at 09:23:09AM -0600, "Eric W. Biederman" <ebiederm@xmission.com> wrote:
> Pretty much. The function essentially only exists so that we can
> handle the weirdness of RLIMIT_NPROC.
> Now that I have discovered the
> weirdness of RLIMIT_NPROC is old historical sloppiness I expect the
> proper solution is to rework how RLIMIT_NPROC operates and to remove
> is_ucounts_overlimit all together.

The fork path could make do with some kind of atomic add+check (similar
to inc_ucounts) and overflows would be sanitized by that. (Seems to
apply to other former RLIMIT_* per-user counters too.)

The is_ucounts_overlimit() and overflowable increment indeed appears
necessary only to satisfy the set*uid+execve pair.

For the sake of bug-fixing, both the patches 5/8 and 6/8 can have 
Reviewed-by: Michal Koutn? <mkoutny@suse.com>


Michal