From: ebiederm@xmission.com (Eric W. Biederman)
To: Christian Brauner <christian.brauner@canonical.com>
Cc: Christian Brauner <christian.brauner@ubuntu.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Serge Hallyn <serge@hallyn.com>, Tycho Andersen <tycho@tycho.ws>,
Linux Containers <containers@lists.linux-foundation.org>
Subject: Re: [PATCH 0/5] userns: bump idmap limits, fixes & tweaks
Date: Wed, 01 Nov 2017 06:15:53 -0500 [thread overview]
Message-ID: <87tvyemeqe.fsf@xmission.com> (raw)
In-Reply-To: <CAPP7u0WDVv0pAAFEuzL2c9Y-wVg0xG36jyH-eok=GV-r6UewZg@mail.gmail.com> (Christian Brauner's message of "Wed, 1 Nov 2017 11:51:17 +0100")
Christian Brauner <christian.brauner@canonical.com> writes:
> On Tue, Oct 31, 2017 at 06:46:32PM -0500, Eric W. Biederman wrote:
>>
>> Christian I have looked through your code and I have found one real
>> issue and of things I want to twak
>
> Cool, thanks for taking a close look Eric.
>
>>
>> The real issue is reading nr_extents multiple times when reading a map.
>> That can introduce races that will allow walking past the end of the
>> array, if the first read is 0 but the second read is > 5.
>>
>> I have also found a couple of tweaks that look like they are worth
>> implementing.
>
> Yeah, I saw that you unified some of the functions. I was thinking about this
> but wanted to keep the cases distinct even with some amount of code duplication.
> But it seems very much worth it from a maintenance perspective. Thanks!
Yes. If we have a performance regression I am willing to remove the
unification of map_id_range_down and map_id_down. But I can't imagine
that will result in a measurable performance difference. If it does
make a measurable perforamnce difference we almost certainly need to split
the bsearch case as well.
>> As all of these are very small and very straight forward I have
>> tested these and applied them all to my for-next branch
>
> Thanks for the fixes Eric. Really appreciated. If you're too swamped for stuff
> like that I'm obviously happy to do such trivial fixes myself. :)
If you would test this some more in your setup I would appreciate it,
just in case I missed something.
Given where we are in the development cycle and the correctness concerns
I just applied these as without the fix for reading extents exactly once
the code is dangerously wrong.
Eric
> Christian
>
>>
>>
>> Eric W. Biederman (5):
>> userns: Don't special case a count of 0
>> userns: Simplify the user and group mapping functions
>> userns: Don't read extents twice in m_start
>> userns: Make map_id_down a wrapper for map_id_range_down
>> userns: Simplify insert_extent
>>
>> kernel/user_namespace.c | 159 ++++++++++++++++--------------------------------
>> 1 file changed, 51 insertions(+), 108 deletions(-)
>>
>>
>>
>>
next prev parent reply other threads:[~2017-11-01 11:16 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-24 22:04 [PATCH 1/2 v6] user namespace: use union in {g,u}idmap struct Christian Brauner
2017-10-24 22:04 ` [PATCH 2/2 v6] user namespaces: bump idmap limits to 340 Christian Brauner
[not found] ` <20171024220441.10235-2-christian.brauner-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org>
2017-10-31 23:46 ` [PATCH 0/5] userns: bump idmap limits, fixes & tweaks Eric W. Biederman
2017-10-31 23:46 ` Eric W. Biederman
2017-10-31 23:47 ` [PATCH 1/5] userns: Don't special case a count of 0 Eric W. Biederman
2017-10-31 23:47 ` [PATCH 2/5] userns: Simplify the user and group mapping functions Eric W. Biederman
2017-10-31 23:48 ` [PATCH 3/5] userns: Don't read extents twice in m_start Eric W. Biederman
[not found] ` <87k1zaswu6.fsf_-_-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2017-11-01 8:31 ` Nikolay Borisov
2017-11-01 8:31 ` Nikolay Borisov
2017-11-01 11:08 ` Eric W. Biederman
2017-11-01 13:05 ` Nikolay Borisov
2017-11-01 13:05 ` Peter Zijlstra
[not found] ` <20171101130539.j5bxmhs2trqurrr2-Nxj+rRp3nVydTX5a5knrm8zTDFooKrT+cvkQGrU6aU0@public.gmane.org>
2017-11-01 14:01 ` Christian Brauner
2017-11-01 14:01 ` Christian Brauner
[not found] ` <20171101140144.zwe7cq7iv2xudwp4-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-11-01 14:16 ` Peter Zijlstra
2017-11-01 14:16 ` Peter Zijlstra
[not found] ` <20171101141654.fr4rs2m5cygouktb-Nxj+rRp3nVydTX5a5knrm8zTDFooKrT+cvkQGrU6aU0@public.gmane.org>
2017-11-01 16:29 ` Christian Brauner
2017-11-01 16:29 ` Christian Brauner
2017-11-01 16:31 ` Christian Brauner
2017-11-01 16:31 ` Christian Brauner
[not found] ` <87a806ntn0.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2017-11-01 13:05 ` Nikolay Borisov
2017-11-01 13:05 ` Peter Zijlstra
2017-11-01 17:00 ` Joe Perches
2017-11-01 17:00 ` Joe Perches
2017-11-01 17:20 ` Eric W. Biederman
[not found] ` <87h8udj4p7.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2017-11-01 18:15 ` Peter Zijlstra
2017-11-01 18:15 ` Peter Zijlstra
[not found] ` <1509555601.31043.44.camel-6d6DIl74uiNBDgjK7y7TUQ@public.gmane.org>
2017-11-01 17:20 ` Eric W. Biederman
[not found] ` <143adb61-fb8e-fc1b-396b-b18836e68766-IBi9RG/b67k@public.gmane.org>
2017-11-01 11:08 ` Eric W. Biederman
2017-10-31 23:48 ` [PATCH 4/5] userns: Make map_id_down a wrapper for map_id_range_down Eric W. Biederman
[not found] ` <871sliubhj.fsf_-_-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2017-10-31 23:47 ` [PATCH 1/5] userns: Don't special case a count of 0 Eric W. Biederman
2017-10-31 23:47 ` [PATCH 2/5] userns: Simplify the user and group mapping functions Eric W. Biederman
2017-10-31 23:48 ` [PATCH 3/5] userns: Don't read extents twice in m_start Eric W. Biederman
2017-10-31 23:48 ` [PATCH 4/5] userns: Make map_id_down a wrapper for map_id_range_down Eric W. Biederman
2017-10-31 23:49 ` [PATCH 5/5] userns: Simplify insert_extent Eric W. Biederman
2017-11-01 10:51 ` [PATCH 0/5] userns: bump idmap limits, fixes & tweaks Christian Brauner
2017-10-31 23:49 ` [PATCH 5/5] userns: Simplify insert_extent Eric W. Biederman
2017-11-01 10:51 ` [PATCH 0/5] userns: bump idmap limits, fixes & tweaks Christian Brauner
2017-11-01 11:15 ` Eric W. Biederman [this message]
[not found] ` <87tvyemeqe.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2017-11-01 13:31 ` Christian Brauner
2017-11-01 13:31 ` Christian Brauner
[not found] ` <CAPP7u0WDVv0pAAFEuzL2c9Y-wVg0xG36jyH-eok=GV-r6UewZg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-11-01 11:15 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87tvyemeqe.fsf@xmission.com \
--to=ebiederm@xmission.com \
--cc=christian.brauner@canonical.com \
--cc=christian.brauner@ubuntu.com \
--cc=containers@lists.linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=tycho@tycho.ws \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.