Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20110629151436.9be479fb.akpm@linux-foundation.org>
Date: Wed, 29 Jun 2011 15:14:36 -0700
From: Andrew Morton <akpm@...ux-foundation.org>
To: Vasiliy Kulikov <segoon@...nwall.com>
Cc: kernel-hardening@...ts.openwall.com, Randy Dunlap
 <rdunlap@...otime.net>,
        "Eric W. Biederman" <ebiederm@...ssion.com>,
        "Serge E. Hallyn" <serge.hallyn@...onical.com>,
        Daniel Lezcano
 <daniel.lezcano@...e.fr>,
        Oleg Nesterov <oleg@...hat.com>, Tejun Heo
 <tj@...nel.org>,
        Ingo Molnar <mingo@...e.hu>, linux-doc@...r.kernel.org,
        linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org
Subject: Re: [RFC] ipc: introduce shm_rmid_forced sysctl

On Wed, 22 Jun 2011 19:25:14 +0400
Vasiliy Kulikov <segoon@...nwall.com> wrote:

> This patch adds support for shm_rmid_forced sysctl.  If set to 1, all
> shared memory objects in current ipc namespace will be automatically
> forced to use IPC_RMID.  POSIX way of handling shmem allows to create
> shm objects and call shmdt() leaving shm object associated with no
> process, thus consuming memory not counted via rlimits.  With
> shm_rmid_forced=1 the shared memory object is counted at least for one
> process, so OOM killer may effectively kill the fat process holding
> the shared memory.
> 
> It obviously breaks POSIX, some programs relying on the feature would
> stop working.  So, set shm_rmid_forced=1 only if you're sure nobody uses
> "orphaned" memory.  shm_rmid_forced=0 by default for compatability
> reasons.
> 
> The feature was previously impemented in -ow as a configure option.
> 

What a horrid patch.  But given the POSIX (mis?)feature I don't see a
better way, and the feature seems desirable.  Sigh.

What sort of users would want to turn this on, and why?

> --- a/include/linux/ipc_namespace.h
> +++ b/include/linux/ipc_namespace.h
> @@ -44,6 +44,7 @@ struct ipc_namespace {
>  	size_t		shm_ctlall;
>  	int		shm_ctlmni;
>  	int		shm_tot;
> +	int		shm_rmid_forced;
>  
>  	struct notifier_block ipcns_nb;

Please send a patch which adds a nice comment to this field.

Perhaps shm_rmid_forced should have had bool type.

> --- a/ipc/shm.c
> +++ b/ipc/shm.c
> @@ -74,6 +74,7 @@ void shm_init_ns(struct ipc_namespace *ns)
>  	ns->shm_ctlmax = SHMMAX;
>  	ns->shm_ctlall = SHMALL;
>  	ns->shm_ctlmni = SHMMNI;
> +	ns->shm_rmid_forced = 0;
>  	ns->shm_tot = 0;
>  	ipc_init_ids(&shm_ids(ns));
>  }

The problem is that nobody will test your feature.  So for testing
purposes, let's enable the feature by default.  I assume this:

--- a/ipc/shm.c~ipc-introduce-shm_rmid_forced-sysctl-ipc-introduce-shm_rmid_forced-sysctl-testing
+++ a/ipc/shm.c
@@ -74,7 +74,7 @@ void shm_init_ns(struct ipc_namespace *n
 	ns->shm_ctlmax = SHMMAX;
 	ns->shm_ctlall = SHMALL;
 	ns->shm_ctlmni = SHMMNI;
-	ns->shm_rmid_forced = 0;
+	ns->shm_rmid_forced = 1;
 	ns->shm_tot = 0;
 	ipc_init_ids(&shm_ids(ns));
 }

will do that?

> +static bool shm_may_destroy(struct ipc_namespace *ns, struct shmid_kernel *shp)
> +{
> +	return (shp->shm_nattch == 0) &&
> +	       (ns->shm_rmid_forced ||
> +		(shp->shm_perm.mode & SHM_DEST));
> +}

Just because the existing code is crappily documented doesn't mean that
we have to copy that ;)


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.