From: ebiederm@xmission.com (Eric W. Biederman)
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: <linux-kernel@vger.kernel.org>,
Alexey Gladkov <legion@kernel.org>,
Rune Kleveland <rune.kleveland@infomedia.dk>,
Yu Zhao <yuzhao@google.com>,
Jordan Glover <Golden_Miller83@protonmail.ch>,
Antoine Martin <antoine@nagafix.co.uk>,
David Howells <dhowells@redhat.com>,
Jarkko Sakkinen <jarkko@kernel.org>
Subject: [GIT PULL] ucount fixes for v5.15
Date: Thu, 21 Oct 2021 11:02:14 -0500 [thread overview]
Message-ID: <877de6e589.fsf@disp2133> (raw)
Linus,
Please pull the ucount-fixes-for-v5.15 branch from the git tree:
git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git ucount-fixes-for-v5.15
HEAD: 5ebcbe342b1c12fae44b4f83cbeae1520e09857e ucounts: Move get_ucounts from cred_alloc_blank to key_change_session_keyring
There has been one very hard to track down bug in the ucount code that
we have been tracking since roughly v5.14 was released. Alex managed to
find a reliable reproducer a few days ago and then I was able to
instrument the code and figure out what the issue was.
It turns out the sigqueue_alloc single atomic operation optimization did
not play nicely with ucounts multiple level rlimits. It turned out that
either sigqueue_alloc or sigqueue_free could be operating on multiple
levels and trigger the conditions for the optimization on more than one
level at the same time.
To deal with that situation I have introduced inc_rlimit_get_ucounts
and dec_rlimit_put_ucounts that just focuses on the optimization and
the rlimit and ucount changes.
While looking into the big bug I found I couple of other little issues
so I am including those fixes here as well.
When I have time I would very much like to dig into process ownership of
the shared signal queue and see if we could pick a single owner for the
entire queue so that all of the rlimits can count to that owner. Which
should entirely remove the need to call get_ucounts and put_ucounts
in sigqueue_alloc and sigqueue_free. It is difficult because Linux
unlike POSIX supports setuid that works on a single thread.
Eric W. Biederman (4):
ucounts: Fix signal ucount refcounting
ucounts: Pair inc_rlimit_ucounts with dec_rlimit_ucoutns in commit_creds
ucounts: Proper error handling in set_cred_ucounts
ucounts: Move get_ucounts from cred_alloc_blank to key_change_session_keyring
kernel/cred.c | 9 ++++-----
security/keys/process_keys.c | 8 ++++++++
2 files changed, 12 insertions(+), 5 deletions(-)
Eric
next reply other threads:[~2021-10-21 16:04 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-21 16:02 Eric W. Biederman [this message]
2021-10-22 3:35 ` [GIT PULL] ucount fixes for v5.15 Linus Torvalds
2021-10-22 14:59 ` Eric W. Biederman
2021-10-22 5:10 ` pr-tracker-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=877de6e589.fsf@disp2133 \
--to=ebiederm@xmission.com \
--cc=Golden_Miller83@protonmail.ch \
--cc=antoine@nagafix.co.uk \
--cc=dhowells@redhat.com \
--cc=jarkko@kernel.org \
--cc=legion@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rune.kleveland@infomedia.dk \
--cc=torvalds@linux-foundation.org \
--cc=yuzhao@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.