Re: [PATCHv3] inotify: Convert to using per-namespace limits

[ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman)]

Nikolay Borisov <n.borisov.lkml-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> writes:

> This patchset converts inotify to using the newly introduced
> per-userns sysctl infrastructure.
>
> Currently the inotify instances/watches are being accounted in the
> user_struct structure. This means that in setups where multiple
> users in unprivileged containers map to the same underlying
> real user (i.e. pointing to the same user_struct) the inotify limits
> are going to be shared as well, allowing one user(or application) to exhaust
> all others limits.
>
> Fix this by switching the inotify sysctls to using the
> per-namespace/per-user limits. This will allow the server admin to
> set sensible global limits, which can further be tuned inside every
> individual user namespace. Additionally, in order to preserve the
> sysctl ABI make the existing inotify instances/watches sysctls
> modify the values of the initial user namespace.
>
> Signed-off-by: Nikolay Borisov <n.borisov.lkml-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
> Acked-by: Jan Kara <jack-AlSwsSmVLrQ@public.gmane.org>
> Acked-by: Serge Hallyn <serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org>
> ---
>
> Okay, so here is another version, which should 
> hopefully be free of slab corruptions. There was an issue
> where in ucount.c the ifdef was checking the CONFIG_INOTIFY_USER_
> (pay attention to the trailing _, this was clearly a mistake). This 
> led to the user_table (and all duplicated from it tables) to not 
> contain the inotify-related members. In my local testing I got 
> kasan splats even during kernel boot, due to out-of-bound writes. 
> Let's see how this version fares.

Thank you I will place this in my for-testing branch shortly and see how
it fares.

Eric