From: Nikolay Borisov <kernel@kyup.com>
To: john@johnmccutchan.com, eparis@redhat.com, ebiederm@xmission.com
Cc: jack@suse.cz, linux-kernel@vger.kernel.org, gorcunov@openvz.org,
avagin@openvz.org, netdev@vger.kernel.org,
operations@siteground.com, Nikolay Borisov <kernel@kyup.com>
Subject: [PATCH 2/4] inotify: Convert inotify limits to be accounted per-realuser/per-namespace
Date: Wed, 1 Jun 2016 10:52:58 +0300 [thread overview]
Message-ID: <1464767580-22732-3-git-send-email-kernel@kyup.com> (raw)
In-Reply-To: <1464767580-22732-1-git-send-email-kernel@kyup.com>
Signed-off-by: Nikolay Borisov <kernel@kyup.com>
---
fs/notify/inotify/inotify_fsnotify.c | 14 +++++++++++++-
fs/notify/inotify/inotify_user.c | 23 +++++++++++++++--------
include/linux/sched.h | 2 --
3 files changed, 28 insertions(+), 11 deletions(-)
diff --git a/fs/notify/inotify/inotify_fsnotify.c b/fs/notify/inotify/inotify_fsnotify.c
index 2cd900c2c737..efaeec3f2e26 100644
--- a/fs/notify/inotify/inotify_fsnotify.c
+++ b/fs/notify/inotify/inotify_fsnotify.c
@@ -166,7 +166,19 @@ static void inotify_free_group_priv(struct fsnotify_group *group)
idr_for_each(&group->inotify_data.idr, idr_callback, group);
idr_destroy(&group->inotify_data.idr);
if (group->inotify_data.user) {
- atomic_dec(&group->inotify_data.user->inotify_devs);
+ struct user_struct *user = group->inotify_data.user;
+ void *key = group->inotify_data.userns_ptr;
+ struct inotify_state *state;
+
+ spin_lock(&user->inotify_lock);
+ state = __find_inotify_state(user, key);
+ if (--state->inotify_devs == 0)
+ hash_del(&state->node);
+ spin_unlock(&user->inotify_lock);
+
+ if (state->inotify_devs == 0)
+ kfree(state);
+
free_uid(group->inotify_data.user);
}
}
diff --git a/fs/notify/inotify/inotify_user.c b/fs/notify/inotify/inotify_user.c
index ae7ec2414252..e7cc4eaa838f 100644
--- a/fs/notify/inotify/inotify_user.c
+++ b/fs/notify/inotify/inotify_user.c
@@ -94,7 +94,7 @@ static int inotify_init_state(struct user_struct *user,
int ret = 0;
spin_lock(&user->inotify_lock);
- state = __find_inotify_count(user, key);
+ state = __find_inotify_state(user, key);
if (!state) {
spin_unlock(&user->inotify_lock);
@@ -536,7 +536,8 @@ void inotify_ignored_and_remove_idr(struct fsnotify_mark *fsn_mark,
/* remove this mark from the idr */
inotify_remove_from_idr(group, i_mark);
- atomic_dec(&group->inotify_data.user->inotify_watches);
+ inotify_dec_watches(group->inotify_data.user,
+ group->inotify_data.userns_ptr);
}
/* ding dong the mark is dead */
@@ -609,6 +610,8 @@ static int inotify_new_watch(struct fsnotify_group *group,
int ret;
struct idr *idr = &group->inotify_data.idr;
spinlock_t *idr_lock = &group->inotify_data.idr_lock;
+ struct user_struct *user = group->inotify_data.user;
+ void *key = group->inotify_data.userns_ptr;
mask = inotify_arg_to_mask(arg);
@@ -621,7 +624,7 @@ static int inotify_new_watch(struct fsnotify_group *group,
tmp_i_mark->wd = -1;
ret = -ENOSPC;
- if (atomic_read(&group->inotify_data.user->inotify_watches) >= inotify_max_user_watches)
+ if (inotify_read_watches(user, key) >= inotify_max_user_watches)
goto out_err;
ret = inotify_add_to_idr(idr, idr_lock, tmp_i_mark);
@@ -638,7 +641,7 @@ static int inotify_new_watch(struct fsnotify_group *group,
}
/* increment the number of watches the user has */
- atomic_inc(&group->inotify_data.user->inotify_watches);
+ inotify_inc_watches(user, key);
/* return the watch descriptor for this new mark */
ret = tmp_i_mark->wd;
@@ -669,6 +672,9 @@ static struct fsnotify_group *inotify_new_group(unsigned int max_events)
{
struct fsnotify_group *group;
struct inotify_event_info *oevent;
+ struct user_struct *user = get_current_user();
+ void *key = current_user_ns();
+ int ret;
group = fsnotify_alloc_group(&inotify_fsnotify_ops);
if (IS_ERR(group))
@@ -689,12 +695,13 @@ static struct fsnotify_group *inotify_new_group(unsigned int max_events)
spin_lock_init(&group->inotify_data.idr_lock);
idr_init(&group->inotify_data.idr);
- group->inotify_data.user = get_current_user();
+ group->inotify_data.user = user;
+ group->inotify_data.userns_ptr = key;
- if (atomic_inc_return(&group->inotify_data.user->inotify_devs) >
- inotify_max_user_instances) {
+ ret = inotify_init_state(user, key);
+ if (ret < 0) {
fsnotify_destroy_group(group);
- return ERR_PTR(-EMFILE);
+ return ERR_PTR(ret);
}
return group;
diff --git a/include/linux/sched.h b/include/linux/sched.h
index 0c55d951d0bb..8f589b32ed15 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -842,8 +842,6 @@ struct user_struct {
#ifdef CONFIG_INOTIFY_USER
spinlock_t inotify_lock;
DECLARE_HASHTABLE(inotify_tbl, 6);
- atomic_t inotify_watches; /* How many inotify watches does this user have? */
- atomic_t inotify_devs; /* How many inotify devs does this user have opened? */
#endif
#ifdef CONFIG_FANOTIFY
atomic_t fanotify_listeners;
--
2.5.0
next prev parent reply other threads:[~2016-06-01 7:54 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-01 7:52 [RFC PATCH 0/4] Make inotify instance/watches be accounted per userns Nikolay Borisov
2016-06-01 7:52 ` [PATCH 1/4] inotify: Add infrastructure to account inotify limits per-namespace Nikolay Borisov
2016-06-06 8:05 ` Cyrill Gorcunov
2016-06-06 9:26 ` Nikolay Borisov
2016-06-01 7:52 ` Nikolay Borisov [this message]
2016-06-01 7:52 ` [PATCH 3/4] misc: Rename the HASH_SIZE macro Nikolay Borisov
2016-06-01 18:13 ` David Miller
2016-06-01 7:53 ` [PATCH 4/4] inotify: Don't include inotify.h when !CONFIG_INOTIFY_USER Nikolay Borisov
[not found] ` <1464767580-22732-1-git-send-email-kernel-6AxghH7DbtA@public.gmane.org>
2016-06-01 16:00 ` [RFC PATCH 0/4] Make inotify instance/watches be accounted per userns Eric W. Biederman
2016-06-01 16:00 ` Eric W. Biederman
[not found] ` <8737ow7vcp.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2016-06-02 6:27 ` Nikolay Borisov
2016-06-02 6:27 ` Nikolay Borisov
2016-06-02 16:19 ` Eric W. Biederman
[not found] ` <574FD1E4.8090109-6AxghH7DbtA@public.gmane.org>
2016-06-02 16:19 ` Eric W. Biederman
2016-06-02 7:49 ` Jan Kara
2016-06-02 7:49 ` Jan Kara
[not found] ` <20160602074920.GG19636-4I4JzKEfoa/jFM9bn6wA6Q@public.gmane.org>
2016-06-02 16:58 ` Eric W. Biederman
2016-06-02 16:58 ` Eric W. Biederman
[not found] ` <87bn3jy1cd.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2016-06-03 11:14 ` Nikolay Borisov
2016-06-03 11:14 ` Nikolay Borisov
[not found] ` <5751667D.7010207-6AxghH7DbtA@public.gmane.org>
2016-06-03 20:41 ` Eric W. Biederman
2016-06-03 20:41 ` Eric W. Biederman
[not found] ` <87inxqovho.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2016-06-06 6:41 ` Nikolay Borisov
2016-06-06 6:41 ` Nikolay Borisov
2016-06-06 20:00 ` Eric W. Biederman
[not found] ` <57551B10.6080505-6AxghH7DbtA@public.gmane.org>
2016-06-06 20:00 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1464767580-22732-3-git-send-email-kernel@kyup.com \
--to=kernel@kyup.com \
--cc=avagin@openvz.org \
--cc=ebiederm@xmission.com \
--cc=eparis@redhat.com \
--cc=gorcunov@openvz.org \
--cc=jack@suse.cz \
--cc=john@johnmccutchan.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=operations@siteground.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.