From: Alexey Gladkov <gladkov.alexey@gmail.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Jens Axboe <axboe@kernel.dk>, Kees Cook <keescook@chromium.org>,
Kernel Hardening <kernel-hardening@lists.openwall.com>,
Linux Containers <containers@lists.linux-foundation.org>,
Jann Horn <jannh@google.com>, LKML <linux-kernel@vger.kernel.org>,
Oleg Nesterov <oleg@redhat.com>, Linux-MM <linux-mm@kvack.org>,
Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
io-uring <io-uring@vger.kernel.org>
Subject: Re: [RFC PATCH v3 1/8] Use refcount_t for ucounts reference counting
Date: Thu, 21 Jan 2021 17:07:42 +0100 [thread overview]
Message-ID: <20210121160742.evd3632lepfytlxb@example.org> (raw)
In-Reply-To: <87ft2u2ss5.fsf@x220.int.ebiederm.org>
On Thu, Jan 21, 2021 at 09:50:34AM -0600, Eric W. Biederman wrote:
> >> The current ucount code does check for overflow and fails the increment
> >> in every case.
> >>
> >> So arguably it will be a regression and inferior error handling behavior
> >> if the code switches to the ``better'' refcount_t data structure.
> >>
> >> I originally didn't use refcount_t because silently saturating and not
> >> bothering to handle the error makes me uncomfortable.
> >>
> >> Not having to acquire the ucounts_lock every time seems nice. Perhaps
> >> the path forward would be to start with stupid/correct code that always
> >> takes the ucounts_lock for every increment of ucounts->count, that is
> >> later replaced with something more optimal.
> >>
> >> Not impacting performance in the non-namespace cases and having good
> >> performance in the other cases is a fundamental requirement of merging
> >> code like this.
> >
> > Did I understand your suggestion correctly that you suggest to use
> > spin_lock for atomic_read and atomic_inc ?
> >
> > If so, then we are already incrementing the counter under ucounts_lock.
> >
> > ...
> > if (atomic_read(&ucounts->count) == INT_MAX)
> > ucounts = NULL;
> > else
> > atomic_inc(&ucounts->count);
> > spin_unlock_irq(&ucounts_lock);
> > return ucounts;
> >
> > something like this ?
>
> Yes. But without atomics. Something a bit more like:
> > ...
> > if (ucounts->count == INT_MAX)
> > ucounts = NULL;
> > else
> > ucounts->count++;
> > spin_unlock_irq(&ucounts_lock);
> > return ucounts;
This is the original code.
> I do believe at some point we will want to say using the spin_lock for
> ucounts->count is cumbersome, and suboptimal and we want to change it to
> get a better performing implementation.
>
> Just for getting the semantics correct we should be able to use just
> ucounts_lock for locking. Then when everything is working we can
> profile and optimize the code.
>
> I just don't want figuring out what is needed to get hung up over little
> details that we can change later.
OK. So I will drop this my change for now.
--
Rgrds, legion
_______________________________________________
Containers mailing list
Containers@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/containers
WARNING: multiple messages have this Message-ID (diff)
From: Alexey Gladkov <gladkov.alexey@gmail.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
LKML <linux-kernel@vger.kernel.org>,
io-uring <io-uring@vger.kernel.org>,
Kernel Hardening <kernel-hardening@lists.openwall.com>,
Linux Containers <containers@lists.linux-foundation.org>,
Linux-MM <linux-mm@kvack.org>,
Andrew Morton <akpm@linux-foundation.org>,
Christian Brauner <christian.brauner@ubuntu.com>,
Jann Horn <jannh@google.com>, Jens Axboe <axboe@kernel.dk>,
Kees Cook <keescook@chromium.org>,
Oleg Nesterov <oleg@redhat.com>
Subject: Re: [RFC PATCH v3 1/8] Use refcount_t for ucounts reference counting
Date: Thu, 21 Jan 2021 17:07:42 +0100 [thread overview]
Message-ID: <20210121160742.evd3632lepfytlxb@example.org> (raw)
In-Reply-To: <87ft2u2ss5.fsf@x220.int.ebiederm.org>
On Thu, Jan 21, 2021 at 09:50:34AM -0600, Eric W. Biederman wrote:
> >> The current ucount code does check for overflow and fails the increment
> >> in every case.
> >>
> >> So arguably it will be a regression and inferior error handling behavior
> >> if the code switches to the ``better'' refcount_t data structure.
> >>
> >> I originally didn't use refcount_t because silently saturating and not
> >> bothering to handle the error makes me uncomfortable.
> >>
> >> Not having to acquire the ucounts_lock every time seems nice. Perhaps
> >> the path forward would be to start with stupid/correct code that always
> >> takes the ucounts_lock for every increment of ucounts->count, that is
> >> later replaced with something more optimal.
> >>
> >> Not impacting performance in the non-namespace cases and having good
> >> performance in the other cases is a fundamental requirement of merging
> >> code like this.
> >
> > Did I understand your suggestion correctly that you suggest to use
> > spin_lock for atomic_read and atomic_inc ?
> >
> > If so, then we are already incrementing the counter under ucounts_lock.
> >
> > ...
> > if (atomic_read(&ucounts->count) == INT_MAX)
> > ucounts = NULL;
> > else
> > atomic_inc(&ucounts->count);
> > spin_unlock_irq(&ucounts_lock);
> > return ucounts;
> >
> > something like this ?
>
> Yes. But without atomics. Something a bit more like:
> > ...
> > if (ucounts->count == INT_MAX)
> > ucounts = NULL;
> > else
> > ucounts->count++;
> > spin_unlock_irq(&ucounts_lock);
> > return ucounts;
This is the original code.
> I do believe at some point we will want to say using the spin_lock for
> ucounts->count is cumbersome, and suboptimal and we want to change it to
> get a better performing implementation.
>
> Just for getting the semantics correct we should be able to use just
> ucounts_lock for locking. Then when everything is working we can
> profile and optimize the code.
>
> I just don't want figuring out what is needed to get hung up over little
> details that we can change later.
OK. So I will drop this my change for now.
--
Rgrds, legion
next prev parent reply other threads:[~2021-01-21 16:08 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-15 14:57 [RFC PATCH v3 0/8] Count rlimits in each user namespace Alexey Gladkov
2021-01-15 14:57 ` Alexey Gladkov
2021-01-15 14:57 ` [RFC PATCH v3 1/8] Use refcount_t for ucounts reference counting Alexey Gladkov
2021-01-15 14:57 ` Alexey Gladkov
2021-01-18 6:06 ` c25050162e: WARNING:at_lib/refcount.c:#refcount_warn_saturate kernel test robot
2021-01-18 6:06 ` kernel test robot
2021-01-18 6:06 ` kernel test robot
2021-01-18 19:14 ` [RFC PATCH v3 1/8] Use refcount_t for ucounts reference counting Linus Torvalds
2021-01-18 19:14 ` Linus Torvalds
2021-01-18 19:45 ` Alexey Gladkov
2021-01-18 19:45 ` Alexey Gladkov
2021-01-18 20:34 ` Linus Torvalds
2021-01-18 20:34 ` Linus Torvalds
2021-01-18 20:56 ` Alexey Gladkov
2021-01-18 20:56 ` Alexey Gladkov
2021-01-19 4:35 ` Kaiwan N Billimoria
2021-01-19 4:35 ` Kaiwan N Billimoria
2021-01-20 1:57 ` Eric W. Biederman
2021-01-20 1:57 ` Eric W. Biederman
2021-01-20 1:58 ` Eric W. Biederman
2021-01-20 1:58 ` Eric W. Biederman
2021-01-21 12:04 ` Alexey Gladkov
2021-01-21 12:04 ` Alexey Gladkov
2021-01-21 15:50 ` Eric W. Biederman
2021-01-21 15:50 ` Eric W. Biederman
2021-01-21 16:07 ` Alexey Gladkov [this message]
2021-01-21 16:07 ` Alexey Gladkov
2021-01-15 14:57 ` [RFC PATCH v3 2/8] Add a reference to ucounts for each cred Alexey Gladkov
2021-01-15 14:57 ` Alexey Gladkov
2021-01-15 22:15 ` kernel test robot
2021-01-16 2:29 ` kernel test robot
2021-01-18 6:47 ` 14c3c8a27f: kernel_BUG_at_kernel/cred.c kernel test robot
2021-01-18 6:47 ` kernel test robot
2021-01-18 6:47 ` kernel test robot
2021-01-18 8:31 ` [PATCH v4 2/8] Add a reference to ucounts for each cred Alexey Gladkov
2021-01-18 8:31 ` Alexey Gladkov
2021-01-15 14:57 ` [RFC PATCH v3 3/8] Move RLIMIT_NPROC counter to ucounts Alexey Gladkov
2021-01-15 14:57 ` Alexey Gladkov
2021-01-15 14:57 ` [RFC PATCH v3 4/8] Move RLIMIT_MSGQUEUE " Alexey Gladkov
2021-01-15 14:57 ` Alexey Gladkov
2021-01-15 14:57 ` [RFC PATCH v3 5/8] Move RLIMIT_SIGPENDING " Alexey Gladkov
2021-01-15 14:57 ` Alexey Gladkov
2021-01-15 14:57 ` [RFC PATCH v3 6/8] Move RLIMIT_MEMLOCK " Alexey Gladkov
2021-01-15 14:57 ` Alexey Gladkov
2021-01-15 14:57 ` [RFC PATCH v3 7/8] Move RLIMIT_NPROC check to the place where we increment the counter Alexey Gladkov
2021-01-15 14:57 ` Alexey Gladkov
2021-01-15 14:57 ` [RFC PATCH v3 8/8] kselftests: Add test to check for rlimit changes in different user namespaces Alexey Gladkov
2021-01-15 14:57 ` Alexey Gladkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210121160742.evd3632lepfytlxb@example.org \
--to=gladkov.alexey@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=axboe@kernel.dk \
--cc=containers@lists.linux-foundation.org \
--cc=ebiederm@xmission.com \
--cc=io-uring@vger.kernel.org \
--cc=jannh@google.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=oleg@redhat.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.