From patchwork Mon Mar 28 23:52:43 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Eric W. Biederman" X-Patchwork-Id: 12794332 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9902FC433EF for ; Mon, 28 Mar 2022 23:53:24 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D5C778D0002; Mon, 28 Mar 2022 19:53:23 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D0B3D8D0001; Mon, 28 Mar 2022 19:53:23 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BACAB8D0002; Mon, 28 Mar 2022 19:53:23 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (relay.hostedemail.com [64.99.140.28]) by kanga.kvack.org (Postfix) with ESMTP id A886A8D0001 for ; Mon, 28 Mar 2022 19:53:23 -0400 (EDT) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 6A74522CA1 for ; Mon, 28 Mar 2022 23:53:23 +0000 (UTC) X-FDA: 79295449086.15.3734F2F Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232]) by imf07.hostedemail.com (Postfix) with ESMTP id BBBE240038 for ; Mon, 28 Mar 2022 23:53:22 +0000 (UTC) Received: from in01.mta.xmission.com ([166.70.13.51]:48432) by out02.mta.xmission.com with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from ) id 1nYzAm-00FuPV-4Y; Mon, 28 Mar 2022 17:53:20 -0600 Received: from ip68-227-174-4.om.om.cox.net ([68.227.174.4]:41522 helo=email.froward.int.ebiederm.org.xmission.com) by in01.mta.xmission.com with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from ) id 1nYzAk-000IZk-5q; Mon, 28 Mar 2022 17:53:19 -0600 From: "Eric W. Biederman" To: Linus Torvalds Cc: , , , , , Miaohe Lin References: <20220322080918.59861-1-linmiaohe@huawei.com> Date: Mon, 28 Mar 2022 18:52:43 -0500 In-Reply-To: <20220322080918.59861-1-linmiaohe@huawei.com> (Miaohe Lin's message of "Tue, 22 Mar 2022 16:09:18 +0800") Message-ID: <87ilrxprck.fsf@email.froward.int.ebiederm.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 X-XM-SPF: eid=1nYzAk-000IZk-5q;;;mid=<87ilrxprck.fsf@email.froward.int.ebiederm.org>;;;hst=in01.mta.xmission.com;;;ip=68.227.174.4;;;frm=ebiederm@xmission.com;;;spf=neutral X-XM-AID: U2FsdGVkX18Nb6UePjBpVKyMHCsWjDtNwSqTFKHXX5Q= X-SA-Exim-Connect-IP: 68.227.174.4 X-SA-Exim-Mail-From: ebiederm@xmission.com Subject: [GIT PULL] ucounts: Fix shm ucounts for v5.18 X-SA-Exim-Version: 4.2.1 (built Sat, 08 Feb 2020 21:53:50 +0000) X-SA-Exim-Scanned: Yes (on in01.mta.xmission.com) X-Stat-Signature: 3u7fiaewamnztcr93bf3khp53mqy5ads Authentication-Results: imf07.hostedemail.com; dkim=none; spf=pass (imf07.hostedemail.com: domain of ebiederm@xmission.com designates 166.70.13.232 as permitted sender) smtp.mailfrom=ebiederm@xmission.com; dmarc=pass (policy=none) header.from=xmission.com X-Rspam-User: X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: BBBE240038 X-HE-Tag: 1648511602-990053 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Linus, Please pull the ucount-rlimit-for-v5.18 tag from the git tree: git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git ucount-rlimit-for-v5.18 HEAD: e97824ff663ce3509fe040431c713182c2f058b1 mm/mlock: fix two bugs in user_shm_lock() From: Miaohe Lin Date: Tue, 22 Mar 2022 16:09:18 +0800 Subject: [PATCH] mm/mlock: fix two bugs in user_shm_lock() user_shm_lock forgets to set allowed to 0 when get_ucounts fails. So the later user_shm_unlock might do the extra dec_rlimit_ucounts. Also in the RLIM_INFINITY case, user_shm_lock will success regardless of the value of memlock where memblock == LONG_MAX && !capable(CAP_IPC_LOCK) should fail. Fix all of these by changing the code to leave lock_limit at ULONG_MAX aka RLIM_INFINITY, leave "allowed" initialized to 0 and remove the special case of RLIM_INFINITY as nothing can be greater than ULONG_MAX. Credit goes to Eric W. Biederman for proposing simplifying the code and thus catching the later bug. Fixes: d7c9e99aee48 ("Reimplement RLIMIT_MEMLOCK on top of ucounts") Signed-off-by: Miaohe Lin Cc: stable@vger.kernel.org v1: https://lkml.kernel.org/r/20220310132417.41189-1-linmiaohe@huawei.com v2: https://lkml.kernel.org/r/20220314064039.62972-1-linmiaohe@huawei.com Link: https://lkml.kernel.org/r/20220322080918.59861-1-linmiaohe@huawei.com Signed-off-by: Eric W. Biederman --- mm/mlock.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/mm/mlock.c b/mm/mlock.c index 25934e7db3e1..37f969ec68fa 100644 --- a/mm/mlock.c +++ b/mm/mlock.c @@ -827,13 +827,12 @@ int user_shm_lock(size_t size, struct ucounts *ucounts) locked = (size + PAGE_SIZE - 1) >> PAGE_SHIFT; lock_limit = rlimit(RLIMIT_MEMLOCK); - if (lock_limit == RLIM_INFINITY) - allowed = 1; - lock_limit >>= PAGE_SHIFT; + if (lock_limit != RLIM_INFINITY) + lock_limit >>= PAGE_SHIFT; spin_lock(&shmlock_user_lock); memlock = inc_rlimit_ucounts(ucounts, UCOUNT_RLIMIT_MEMLOCK, locked); - if (!allowed && (memlock == LONG_MAX || memlock > lock_limit) && !capable(CAP_IPC_LOCK)) { + if ((memlock == LONG_MAX || memlock > lock_limit) && !capable(CAP_IPC_LOCK)) { dec_rlimit_ucounts(ucounts, UCOUNT_RLIMIT_MEMLOCK, locked); goto out; }