Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp965821pxp;
        Wed, 16 Mar 2022 22:53:13 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzVu2w3e0W+GPHgp+y9hkD3q5FM+BCckwuwW1frfjtz9LddklwwDsE7FLlPCwsdq1ZvFr/e
X-Received: by 2002:a17:902:8210:b0:153:bcf2:8bc9 with SMTP id x16-20020a170902821000b00153bcf28bc9mr3457756pln.6.1647496393301;
        Wed, 16 Mar 2022 22:53:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1647496393; cv=none;
        d=google.com; s=arc-20160816;
        b=FCuVuyftJWstVBIW5ssoQuofWGx7UF4GtvcvzRNgeStZM85tDGQ228EG8AfR1jFV9c
         uYIXRD0SgQUx0wMclZX10IuP8DKPbO0tO2wITNZSL4glOPuJ/OTq4cRZjFdA1VOcX1kd
         85pxHwnV4G2SMrW2/Bms2tZDeMSlH95ca3LvbvIUiveuk3RRCGLz5vkuTFuqKVHNPSm3
         PfGlQg6eJeITaldg0QTVzJKFrLg5bLshQ/jLuL0wDyMrkJL0hZcUK6acXCPBuBpGBrUk
         8err5CfR246HiAxNp8eiYJAsEIHQoANGSXLVwld3sMGYMBhJg6qjUclcG+RXm0SgGMRn
         gPKQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:content-language
         :in-reply-to:mime-version:user-agent:date:message-id:from:references
         :cc:to:subject;
        bh=SX8tq7KnRlP2uFfmO7YlzIjpi5M4M2vqZElCM+TlSWs=;
        b=aZBX2CoUB36ykeqZRe8x7lnjtv+AJDs9Y75Y7TbnNKFAyFztQOdph4CLPz/krY2ccV
         3rstmbU/TjK9/BDHqXOP8NEtY5g4pgCpcEOnq3AabRx0iMQ3GllrIYQH7UyX1VXsPdNr
         4J+qMOiWK8jFblz7q3qboLFvw6ZoGEug/JaAZHaSt8LKCpcYvSqzu1Jaew94ltZJzP7C
         Sn3quVKXZf20RLQvNHVL0g+A7f6lqt8P5KvkDIvah2Bl/vHy6tqxdm6+w3wNLMzO4NMt
         eRZNocUMxal4YycaC5/YHYSik9Zp4q83lEF9x0wuXGlzPxH7E5SElFBz0lzR3taXeYO9
         AKAw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19])
        by mx.google.com with ESMTPS id g30-20020a63521e000000b003816043f158si1187913pgb.845.2022.03.16.22.53.12
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 16 Mar 2022 22:53:13 -0700 (PDT)
Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19;
Authentication-Results: mx.google.com;
       spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by lindbergh.monkeyblade.net (Postfix) with ESMTP id C73D116CE50;
	Wed, 16 Mar 2022 21:47:58 -0700 (PDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1348174AbiCOMTP (ORCPT <rfc822;stevenley.huang@gmail.com>
        + 99 others); Tue, 15 Mar 2022 08:19:15 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33732 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S241910AbiCOMTN (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 15 Mar 2022 08:19:13 -0400
Received: from szxga01-in.huawei.com (szxga01-in.huawei.com [45.249.212.187])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9976512AE9
        for <linux-kernel@vger.kernel.org>; Tue, 15 Mar 2022 05:17:59 -0700 (PDT)
Received: from canpemm500002.china.huawei.com (unknown [172.30.72.56])
        by szxga01-in.huawei.com (SkyGuard) with ESMTP id 4KHsp71FW2zfYtJ;
        Tue, 15 Mar 2022 20:16:31 +0800 (CST)
Received: from [10.174.177.76] (10.174.177.76) by
 canpemm500002.china.huawei.com (7.192.104.244) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2308.21; Tue, 15 Mar 2022 20:17:57 +0800
Subject: Re: [PATCH v2] mm/mlock: fix potential imbalanced rlimit ucounts
 adjustment
To:     "Eric W. Biederman" <ebiederm@xmission.com>
CC:     <akpm@linux-foundation.org>, <hughd@google.com>,
        <linux-mm@kvack.org>, <linux-kernel@vger.kernel.org>,
        Alexey Gladkov <legion@kernel.org>
References: <20220314064039.62972-1-linmiaohe@huawei.com>
 <87h78036hl.fsf@email.froward.int.ebiederm.org>
From:   Miaohe Lin <linmiaohe@huawei.com>
Message-ID: <82cf5aa8-a721-3ff3-7b09-54a66da0d506@huawei.com>
Date:   Tue, 15 Mar 2022 20:17:57 +0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
 Thunderbird/78.6.0
MIME-Version: 1.0
In-Reply-To: <87h78036hl.fsf@email.froward.int.ebiederm.org>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.174.177.76]
X-ClientProxiedBy: dggems704-chm.china.huawei.com (10.3.19.181) To
 canpemm500002.china.huawei.com (7.192.104.244)
X-CFilter-Loop: Reflected
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A,
	RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no
	autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 2022/3/14 23:21, Eric W. Biederman wrote:
> Miaohe Lin <linmiaohe@huawei.com> writes:
> 
>> user_shm_lock forgets to set allowed to 0 when get_ucounts fails. So
>> the later user_shm_unlock might do the extra dec_rlimit_ucounts. Fix
>> this by resetting allowed to 0.
> 
> This fix looks correct.  But the ability for people to follow and read
> the code seems questionable.  I saw in v1 of this patch Hugh originally
> misread the logic.
> 
> Could we instead change the code to leave lock_limit at ULONG_MAX aka
> RLIM_INFINITY, leave initialized to 0, and not even need a special case
> of RLIM_INFINITY as nothing can be greater that ULONG_MAX?
> 

Many thanks for your advice. This looks good but it seems this results in different
behavior: When (memlock == LONG_MAX) && !capable(CAP_IPC_LOCK), we would fail now
while it will always success without this change. We should avoid this difference.
Or am I miss something? Maybe the origin patch is more suitable and simple?

Thanks.

> Something like this?
> 
> diff --git a/mm/mlock.c b/mm/mlock.c
> index 8f584eddd305..e7eabf5193ab 100644
> --- a/mm/mlock.c
> +++ b/mm/mlock.c
> @@ -827,13 +827,12 @@ int user_shm_lock(size_t size, struct ucounts *ucounts)
>  
>  	locked = (size + PAGE_SIZE - 1) >> PAGE_SHIFT;
>  	lock_limit = rlimit(RLIMIT_MEMLOCK);
> -	if (lock_limit == RLIM_INFINITY)
> -		allowed = 1;
> -	lock_limit >>= PAGE_SHIFT;
> +	if (lock_limit != RLIM_INFINITY)
> +		lock_limit >>= PAGE_SHIFT;
>  	spin_lock(&shmlock_user_lock);
>  	memlock = inc_rlimit_ucounts(ucounts, UCOUNT_RLIMIT_MEMLOCK, locked);
>  
> -	if (!allowed && (memlock == LONG_MAX || memlock > lock_limit) && !capable(CAP_IPC_LOCK)) {
> +	if ((memlock == LONG_MAX || memlock > lock_limit) && !capable(CAP_IPC_LOCK)) {
>  		dec_rlimit_ucounts(ucounts, UCOUNT_RLIMIT_MEMLOCK, locked);
>  		goto out;
>  	}
> 
>>
>> Fixes: d7c9e99aee48 ("Reimplement RLIMIT_MEMLOCK on top of ucounts")
>> Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
>> Acked-by: Hugh Dickins <hughd@google.com>
>> ---
>> v1->v2:
>>   correct Fixes tag and collect Acked-by tag
>>   Thanks Hugh for review!
>> ---
>>  mm/mlock.c | 1 +
>>  1 file changed, 1 insertion(+)
>>
>> diff --git a/mm/mlock.c b/mm/mlock.c
>> index 29372c0eebe5..efd2dd2943de 100644
>> --- a/mm/mlock.c
>> +++ b/mm/mlock.c
>> @@ -733,6 +733,7 @@ int user_shm_lock(size_t size, struct ucounts *ucounts)
>>  	}
>>  	if (!get_ucounts(ucounts)) {
>>  		dec_rlimit_ucounts(ucounts, UCOUNT_RLIMIT_MEMLOCK, locked);
>> +		allowed = 0;
>>  		goto out;
>>  	}
>>  	allowed = 1;
> 
> Eric
> .
>