Received: by 10.223.164.221 with SMTP id h29csp386847wrb;
        Fri, 3 Nov 2017 16:59:39 -0700 (PDT)
X-Google-Smtp-Source: ABhQp+Qr2fbfqnngeie1JYm33FlmjhskB4/u9mqUqTm1cJ28L/cwbgndqDoBvtPAWXG69VC08Vo4
X-Received: by 10.99.160.86 with SMTP id u22mr8514684pgn.283.1509753579072;
        Fri, 03 Nov 2017 16:59:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1509753579; cv=none;
        d=google.com; s=arc-20160816;
        b=MTsyLCFbDYk+dsAN874i/Na4ARhtS6FFnzycrST8M3qIIqIaodsGLY686Yq8LhIdh0
         ReKntsXvjPv/RTFTR7nBHBQAwTL/hR7yK43EHIYFyrLxg6WGruqOtaVSViWVUwe4gfPv
         x3U65qZ6euRzNuJpELTt+KNsknQFXy2cS5An/RI6AkJY99mpHTYEzsedvtju29pIM0wI
         IN/QNZkUeAWz9IfthFJ2t2FQ1PNBaVyssjCpnM/VSR91XZjxIkfbFhkBzuw5ziFVUVk3
         CNhMhxkxiVX2JBJygKdWOUq10TNVvkE8q6p2XHGOp+b6+759Vyc7JjiKxy+BHQdyzbHD
         aMqA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject:dkim-signature
         :arc-authentication-results;
        bh=PgcBNN6oRbbXm8Mt2JOjwhZOyhavtQsbFitWQZMkjVE=;
        b=OOVsNbO9CFrdn8Wh4eHzpQXFgeBPRn6Vmqv9i3e6yBPMUzYgNcqX6kZ0NHVTsSmrrA
         lhqd8jOVXmLjFAg+es9zVwsSfp83pvLrHLMJO/lZn+VKFFn1l2zhdH+Kd9TYuMwCpvRT
         b6pZfXR3NvTIPTGbxWtuHs/5zyMQ1ciQ+gE4s0i6A3tNKV1CgrlYt53DVU2jmceER44y
         CcNaoyh+F2FoJxy1DSq7aQzetjhzZJ3tjC/79Kf0bXAehb1TyFi+RjiiXjbr4iOpzmIU
         RKFhrkIM47gssf+7FxToUWafrP9w62gQkCZPEi2keA1zTdKfif0eLyVps1uocM1tEXt0
         I37w==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@landley-net.20150623.gappssmtp.com header.s=20150623 header.b=0Am3Lxjx;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id t184si7541175pfd.381.2017.11.03.16.59.26;
        Fri, 03 Nov 2017 16:59:39 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@landley-net.20150623.gappssmtp.com header.s=20150623 header.b=0Am3Lxjx;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1756247AbdKCX6k (ORCPT <rfc822;chaneybenjamini@gmail.com>
        + 92 others); Fri, 3 Nov 2017 19:58:40 -0400
Received: from mail-pg0-f47.google.com ([74.125.83.47]:49432 "EHLO
        mail-pg0-f47.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751968AbdKCX6j (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 3 Nov 2017 19:58:39 -0400
Received: by mail-pg0-f47.google.com with SMTP id g6so3728116pgn.6
        for <linux-kernel@vger.kernel.org>; Fri, 03 Nov 2017 16:58:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=landley-net.20150623.gappssmtp.com; s=20150623;
        h=subject:to:cc:references:from:message-id:date:user-agent
         :mime-version:in-reply-to:content-language:content-transfer-encoding;
        bh=PgcBNN6oRbbXm8Mt2JOjwhZOyhavtQsbFitWQZMkjVE=;
        b=0Am3LxjxteqOFVzhQOoc5mF8SgiaWa/pEZpb2dkHhXH07yndAJ4XfbvfnpMzJn7ica
         3/OyWKobHTIA0LRGi8YOtRR3gHNvGx8ricMt8nt9T1oTRpcMjjrb1brmeEtkV53VHL32
         gxNnVPZfwKcXcVgs135jO1ykhUnZtqYsGutBt/LYxyNGoolqBxz5wQouZ9kDdissbQNy
         6YkzLlD02Jextixe5QqZ4vS/LPRnzA8EptOITT1xQFaZqRKrAJJVCW3UzFrEVcsKh8P/
         QStu7ScBDqPmVNf/9xNY82b5uzqebUC+pjrdyuAKAZrFRuieWtt/4M9JA+A7VAzEFsUG
         oBYg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:cc:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=PgcBNN6oRbbXm8Mt2JOjwhZOyhavtQsbFitWQZMkjVE=;
        b=tjztY3ij23egW1qVRSpfA8ZSUaSwUDVrOh2HeK20h1WkaRwcwh9byeex0b2EsOJEQ2
         Rikg6WJHoTx7NOvqj6njx2WA+7Be8bAlHBtQJJJfRVNrnK7yZny9fGC/ZSZ+w7htPa/B
         c6TRLQkfSOPVRhuaJHANAuK6SaupSgK98dsANQaO5dHI/XoZE0piHxkcvgKj8by0r86E
         4r6QvYl7QbJf4cbp/sFW/4YgwBpdBw8Zu/OPcfYT60mwsuIzNuPgw6ylErRB0s69DBQ+
         wyMLKNSxLbssNks1obR41Gbx/K7E1WVHIiuC3ZplxjkTddzVLXOxUmbnFfJ5JXmoeWrH
         qs0w==
X-Gm-Message-State: AMCzsaWR25RBd9gpK4UrXRr0tPr0rs9TVS/q01DLf8GN0rTBqGEBek9l
        HPZSqwXho9DPtqY2SgazmpgeLwKD
X-Received: by 10.84.128.195 with SMTP id a61mr8158993pla.283.1509753518759;
        Fri, 03 Nov 2017 16:58:38 -0700 (PDT)
Received: from [10.0.4.203] (aa041158.ppp.asahi-net.or.jp. [110.5.41.158])
        by smtp.googlemail.com with ESMTPSA id p17sm11035197pgc.66.2017.11.03.16.58.36
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 03 Nov 2017 16:58:38 -0700 (PDT)
Subject: Re: Regression: commit da029c11e6b1 broke toybox xargs.
To:     Linus Torvalds <torvalds@linux-foundation.org>
Cc:     Kees Cook <keescook@chromium.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        toybox@lists.landley.net, enh@gmail.com
References: <b33da177-a836-40eb-25c8-8134da83c63d@landley.net>
 <CA+55aFyw74DcPygS=SB0d-Fufz3j73zTVp2UXUUOUt4=1_He=Q@mail.gmail.com>
 <CA+55aFyWWMipF2sLdcUbz2JwMQ0YRK5YAHTy8HrUPevMF+6XZA@mail.gmail.com>
From:   Rob Landley <rob@landley.net>
Message-ID: <0b3a9bd0-3046-cdab-cfee-0ca45ee64e8d@landley.net>
Date:   Fri, 3 Nov 2017 18:58:34 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <CA+55aFyWWMipF2sLdcUbz2JwMQ0YRK5YAHTy8HrUPevMF+6XZA@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 11/02/2017 10:40 AM, Linus Torvalds wrote:
> On Wed, Nov 1, 2017 at 9:28 PM, Linus Torvalds
> <torvalds@linux-foundation.org> wrote:
>>
>> Behavior changed. Things that test particular limits will get different
>> results. That's not breakage.
>>
>> Did an actual user application or script break?

Only due to getting the limit wrong. The actual failure's in the android
internal bugzilla I've never been able to read:

http://lists.landley.net/pipermail/toybox-landley.net/2017-September/009167.html

But it boils down to "got the limit wrong, the exec failed after the
fork(), dynamic recovery from which is awkward so I'm trying to figure
out the right limit".

> Ahh. I should have read that email more carefully. If xargs broke,
> that _will_ break actual scripts, yes. Do you actually set the stack
> limit to insane values? Anybody using toybox really shouldn't be doing
> 32MB stacks.

Toybox is the default command line of android since M, which went 64 bit
in L, and the Pixel 2 phone has 4 gigs of ram. My goal with toybox is to
turn android into a self-hosting development environment no longer
cross-compiled from a PC (http://landley.net/talks/celf-2013.txt) so I'm
trying to implement a command line that can run the entire AOSP build.

I.E. I have no idea what people will do with it, and try not to get in
their way.

My problem here is it's hard to figure out what exec size the limit
_is_. There's a sysconf(_SC_ARG_MAX) which bionic and glibc are
currently returning as stack_limit/4, which is now too big and exec()
will error out after the fork. Musl is returning the 131072 limit from
2011-ish, meaning "/bin/echo $(printf '%0*d' 131071)" works but
"printf '%0*d' 131071 | xargs" fails, an inconsistency I was trying to
avoid. Maybe I don't have that luxury...

Each argument has its own limit separate from the argv+envp total limit,
but there's only one "size" you can query through sysconf, so the
querying API is insufficient at the design level.

Meanwhile under bash you can allocate and dirty 256 megabytes from the
command line with:

  echo $(printf '%0*d' $((1<<28)))

Because it's a shell builtin so there's no actual exec. (And if
https://sourceware.org/bugzilla/show_bug.cgi?id=17829 ever gets fixed
it'll go back to allowing INT_MAX.)

Posix is its usual helpful self, read conservatively
http://pubs.opengroup.org/onlinepubs/9699919799/utilities/xargs.html
says to break the line at 2048 bytes.

> So I still do wonder if this actually breaks anything real, or just a
> test-suite or something?

I've cc'd Elliott, who would know. (He's the Android base os userspace
maintainer, he knows everything. Or can at least decode
http://b/65818597 .)

But this just broke my _fix_, not the earlier deployed stuff. I removed
the size measuring code when the 131072 limit went away, the bug was
there's a new limit I need to not hit, I tried to figure out what the
limit is now, confirmed that the various libc implementations don't
agree, then the actual kernel limit changed again while I was looking at it.

>                    Linus

Should I just go back to hardwiring in 131072? It's no _less_ arbitrary
than 10 megs, and it sounds like getting it _right_ is unachievable.

Thanks,

Rob



From 1582969489810082387@xxx Thu Nov 02 15:42:26 +0000 2017
X-GM-THRID: 1582908659593594930
X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread