Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp42430pxb; Mon, 2 Nov 2020 13:27:38 -0800 (PST) X-Google-Smtp-Source: ABdhPJx3C/HUrMIyTSCnCYk3dQ+dgOCYfLdItD/VK60bZHDVDvfe0xB4WPr3IRG/F0W91OaSM/9r X-Received: by 2002:a50:c40c:: with SMTP id v12mr18602975edf.233.1604352458128; Mon, 02 Nov 2020 13:27:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1604352458; cv=none; d=google.com; s=arc-20160816; b=vvvSqTyIpqDw5Mm+3awxAwuS+KFEe7r9Ph46k0mM1YKdweEIMrKNN6mSxBd4pOtSVa jdbXkkgjx2vhNKz+grWgsXwmTB1WXv2mBr7IJpamNWfbdk0wwnfXNysQlM0hIcbwQv/o MGcN3fxjoINs0nYugyCEJYYoGdpmGr6pV0J22FMFBjri0hOJYI4TD3G47FcSmxzjw0jX 2SJKVv7P/lWN5uupdB6+Ug1tSnMa9hUAaRrNNDWrBJmMteHRGMeggtAaoHNC/Jud7Bx1 kgXrDc6MDb49HPE/PS/e53YQLRMH9sxIo03A7OQvRC/oGWEaiwxXFiplZBgX0Z1SUIKb ulHA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=Ivkoi8yVc65qQ28XQiSgVz9bf/+CPrc7tnAXrZK2AlE=; b=u1WDUS6QWiSs0Vkue0pcwUROvJQtXw6xXT+GtWBuXULElFtU2ZegKUK2ddFnUgDF+f AK68B9jz1mNG/qeZbyJd/cFkCDTKRSiIwZfHomfikJT4exUkRpWRFyOnrIvC27JQ0tIf 95qCnLaHDSjqvc4tqjAg7UFXyzDz6fdscUmoS1it+UMpJwf09uyWQvXHI+tpeEPt1YWN h0NGvSNtgVfZkfUiEan6uJ06S58uI2YFnU0wDzCtr9pJh8UqaMkhE6whityIp+dB0B5U mUOmVe3bP/tkvD/zxEiJIKxHDg+uynbflD51L73Bpcx9e2MYfDJQ6YdsnkabmbUSmde3 Ys6Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c93si11776174edf.452.2020.11.02.13.27.15; Mon, 02 Nov 2020 13:27:38 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725956AbgKBVXj (ORCPT + 99 others); Mon, 2 Nov 2020 16:23:39 -0500 Received: from raptor.unsafe.ru ([5.9.43.93]:39096 "EHLO raptor.unsafe.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725833AbgKBVXj (ORCPT ); Mon, 2 Nov 2020 16:23:39 -0500 Received: from comp-core-i7-2640m-0182e6 (ip-89-103-122-167.net.upcbroadband.cz [89.103.122.167]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by raptor.unsafe.ru (Postfix) with ESMTPSA id B766F209AF; Mon, 2 Nov 2020 21:23:36 +0000 (UTC) Date: Mon, 2 Nov 2020 22:23:32 +0100 From: Alexey Gladkov To: Christian Brauner Cc: LKML , Linux Containers , Kernel Hardening , "Eric W . Biederman" , Kees Cook , Christian Brauner Subject: Re: [RFC PATCH v1 1/4] Increase size of ucounts to atomic_long_t Message-ID: <20201102212332.zsdi2xcx6vxdh5ui@comp-core-i7-2640m-0182e6> References: <20201102180301.dup2cmbqdyrexp22@wittgenstein> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20201102180301.dup2cmbqdyrexp22@wittgenstein> X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.1 (raptor.unsafe.ru [5.9.43.93]); Mon, 02 Nov 2020 21:23:37 +0000 (UTC) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Nov 02, 2020 at 07:03:01PM +0100, Christian Brauner wrote: > On Mon, Nov 02, 2020 at 05:50:30PM +0100, Alexey Gladkov wrote: > > In order to be able to use ucounts for rlimits, the size must be increased. > > For example user_struct.mq_bytes (RLIMIT_MSGQUEUE) is unsigned long. > > I don't have any issues with this change I just wonder what the exact > reason is. It's not immediately obvious to me. Right now user_struct.mq_bytes that is currently used for checking RLIMIT_MSGQUEUE is unsigned log, but ucounts is signed int. The rlimit is also unsigned long. If I migrate RLIMIT_MSGQUEUE to ucounts I will decrease counter and possibly break backward compatibility. Technically, it can be violated anyway. linux/ipc/mqueue.c:376: mq_bytes += mq_treesize; spin_lock(&mq_lock); if (u->mq_bytes + mq_bytes < u->mq_bytes || u->mq_bytes + mq_bytes > rlimit(RLIMIT_MSGQUEUE)) { spin_unlock(&mq_lock); /* mqueue_evict_inode() releases info->messages */ ret = -EMFILE; goto out_inode; } u->mq_bytes += mq_bytes; spin_unlock(&mq_lock); > > > > Signed-off-by: Alexey Gladkov > > --- > > include/linux/user_namespace.h | 4 ++-- > > kernel/ucount.c | 14 +++++++------- > > 2 files changed, 9 insertions(+), 9 deletions(-) > > > > diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h > > index 6ef1c7109fc4..fc75af812d73 100644 > > --- a/include/linux/user_namespace.h > > +++ b/include/linux/user_namespace.h > > @@ -86,7 +86,7 @@ struct user_namespace { > > struct ctl_table_header *sysctls; > > #endif > > struct ucounts *ucounts; > > - int ucount_max[UCOUNT_COUNTS]; > > + long ucount_max[UCOUNT_COUNTS]; > > } __randomize_layout; > > > > struct ucounts { > > @@ -94,7 +94,7 @@ struct ucounts { > > struct user_namespace *ns; > > kuid_t uid; > > int count; > > - atomic_t ucount[UCOUNT_COUNTS]; > > + atomic_long_t ucount[UCOUNT_COUNTS]; > > }; > > > > extern struct user_namespace init_user_ns; > > diff --git a/kernel/ucount.c b/kernel/ucount.c > > index 11b1596e2542..7b2bca8582ef 100644 > > --- a/kernel/ucount.c > > +++ b/kernel/ucount.c > > @@ -175,14 +175,14 @@ static void put_ucounts(struct ucounts *ucounts) > > kfree(ucounts); > > } > > > > -static inline bool atomic_inc_below(atomic_t *v, int u) > > +static inline bool atomic_long_inc_below(atomic_long_t *v, int u) > > { > > - int c, old; > > - c = atomic_read(v); > > + long c, old; > > + c = atomic_long_read(v); > > for (;;) { > > if (unlikely(c >= u)) > > return false; > > - old = atomic_cmpxchg(v, c, c+1); > > + old = atomic_long_cmpxchg(v, c, c+1); > > if (likely(old == c)) > > return true; > > c = old; > > @@ -199,14 +199,14 @@ struct ucounts *inc_ucount(struct user_namespace *ns, kuid_t uid, > > int max; > > tns = iter->ns; > > max = READ_ONCE(tns->ucount_max[type]); > > - if (!atomic_inc_below(&iter->ucount[type], max)) > > + if (!atomic_long_inc_below(&iter->ucount[type], max)) > > goto fail; > > } > > return ucounts; > > fail: > > bad = iter; > > for (iter = ucounts; iter != bad; iter = iter->ns->ucounts) > > - atomic_dec(&iter->ucount[type]); > > + atomic_long_dec(&iter->ucount[type]); > > > > put_ucounts(ucounts); > > return NULL; > > @@ -216,7 +216,7 @@ void dec_ucount(struct ucounts *ucounts, enum ucount_type type) > > { > > struct ucounts *iter; > > for (iter = ucounts; iter; iter = iter->ns->ucounts) { > > - int dec = atomic_dec_if_positive(&iter->ucount[type]); > > + int dec = atomic_long_dec_if_positive(&iter->ucount[type]); > > WARN_ON_ONCE(dec < 0); > > } > > put_ucounts(ucounts); > > -- > > 2.25.4 > > > -- Rgrds, legion