[PATCH 0/4] ipc/shm.c: increase the limits for SHMMAX, SHMALL
From: Manfred Spraul
Date: Sat Apr 19 2014 - 07:44:51 EST
Hi all,
the increase of SHMMAX/SHMALL is now a 4 patch series, and still
not ready for merging (see at the end, TASK_SIZE and s390).
If we increase the default limits for SHMMAX and SHMALL,
integer overflows could happen:
SHMMAX:
- shmmem_file_setup places a hard limit on the segment size:
MAX_LFS_FILESIZE.
on 32-bit, the limit is > 1 TB.
--> 32-bit: 4 GB-1 segments are possible.
Rounded up to full pages the actual allocated size
is 0.
--> patch 3
on 64-bit, this is 0x7fff ffff ffff ffff
--> no chance for an overflow.
- shmat:
- find_vma_intersection does not handle overflows properly
--> patch 1.
- do_mmap_pgoff limits mappings to TASK_SIZE
3 GB on 32-bit (assuming x86)
47 bits on 64-bit (assuming x86)
- do_mmap_pgoff checks for overflows:
map 2 GB, starting from addr=2.5GB fails.
SHMALL:
- after creating 8192 segments size (1L<<63)-1, shm_tot
overflows and returns 0.
--> patch 2.
And finally:
Patch 4, increase the limits to ULONG_MAX
Open points:
- Better ideas to handle uapi: Is it worth the effort to get
access to TASK_SIZE? I would say no.
- Better ideas with regards to SHMALL? The values are probably
large enough, but still arbitrary.
- The TASK_SIZE definition for e.g. S390 differs: It's not
a constant, instead it is the current task size for current.
And it seems that the task size can change based on
(virtual) memory pressure (s390_mmap_check()).
For new namespaces, this might have interesting effects, i.e.
this must be fixed.
--
Manfred
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/