The sysctl parameters msgmni and shmmni have an inherent limit of
IPC_MNI (32k). However, users may not be aware of that because they
can write a value much higher than that without getting any error or
notification. Reading the parameters back will show the newly written
values which are not real.

Enforcing the limit by failing sysctl parameter write, however,
can break existing user applications. To address this delemma, the
following new sysctl range clamping APIs are added:
  - proc_dointvec_clamp_minmax()
  - proc_douintvec_clamp_minmax()

This new set of APIs is then used to set the real limit for msgmni and
shmmni without breaking existing applications. If any out of range
value is written to those sysctl parameters, the following warning
will be printed instead.

  Kernel parameter "shmmni" was set out of range [0, 32768], clamped to 32768.

Reading the values back will show 32768 instead of some fake values.

Waiman Long (3):
  sysctl: Add range clamping intvec helper functions
  sysctl: Warn when a clamped sysctl parameter is set out of range
  ipc: Clamp msgmni and shmmni to the real IPC_MNI limit

 include/linux/sysctl.h |   6 +++
 ipc/ipc_sysctl.c       |  10 ++--
 kernel/sysctl.c        | 123 ++++++++++++++++++++++++++++++++++++++++++++++---
 3 files changed, 129 insertions(+), 10 deletions(-)


Reply via email to