[PATCH 0/9] ns: rework common initialization

[PATCH 0/9] ns: rework common initialization

[Christian Brauner]

The current scheme still involves a lot of open-coding and copy-pasing
and bleeds a lot of unnecessary details into actual namespace
implementers. Encapsulate it in the common helpers and simplify it all.

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
Christian Brauner (9):
      uts: split namespace into separate header
      mnt: expose pointer to init_mnt_ns
      nscommon: move to separate file
      cgroup: split namespace into separate header
      nsfs: add inode number for anon namespace
      mnt: simplify ns_common_init() handling
      net: centralize ns_common initialization
      nscommon: simplify initialization
      ns: add ns_common_free()

 fs/namespace.c                   | 16 ++++++----
 include/linux/cgroup.h           | 51 +------------------------------
 include/linux/cgroup_namespace.h | 56 ++++++++++++++++++++++++++++++++++
 include/linux/mnt_namespace.h    |  2 ++
 include/linux/ns_common.h        | 43 ++++++++++++++++++++++++++
 include/linux/proc_ns.h          | 21 -------------
 include/linux/uts_namespace.h    | 65 ++++++++++++++++++++++++++++++++++++++++
 include/linux/utsname.h          | 58 +----------------------------------
 include/uapi/linux/nsfs.h        |  3 ++
 ipc/namespace.c                  |  6 ++--
 kernel/Makefile                  |  2 +-
 kernel/cgroup/namespace.c        |  4 +--
 kernel/nscommon.c                | 25 ++++++++++++++++
 kernel/pid_namespace.c           |  6 ++--
 kernel/time/namespace.c          |  4 +--
 kernel/user_namespace.c          |  6 ++--
 kernel/utsname.c                 |  4 +--
 net/core/net_namespace.c         | 23 ++------------
 18 files changed, 225 insertions(+), 170 deletions(-)
---
base-commit: bf56a464f4ad7143c6e4b581b411f682f345a344
change-id: 20250917-work-namespace-ns_common-5859468e4c55

[PATCH 1/9] uts: split namespace into separate header

[Christian Brauner]

We have dedicated headers for all namespace types. Add one for the uts
namespace as well. Now it's consistent for all namespace types.

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 include/linux/uts_namespace.h | 65 +++++++++++++++++++++++++++++++++++++++++++
 include/linux/utsname.h       | 58 +-------------------------------------
 2 files changed, 66 insertions(+), 57 deletions(-)

diff --git a/include/linux/uts_namespace.h b/include/linux/uts_namespace.h
new file mode 100644
index 000000000000..c2b619bb4e57
--- /dev/null
+++ b/include/linux/uts_namespace.h
@@ -0,0 +1,65 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef _LINUX_UTS_NAMESPACE_H
+#define _LINUX_UTS_NAMESPACE_H
+
+#include <linux/ns_common.h>
+#include <uapi/linux/utsname.h>
+
+struct user_namespace;
+extern struct user_namespace init_user_ns;
+
+struct uts_namespace {
+	struct new_utsname name;
+	struct user_namespace *user_ns;
+	struct ucounts *ucounts;
+	struct ns_common ns;
+} __randomize_layout;
+
+extern struct uts_namespace init_uts_ns;
+
+#ifdef CONFIG_UTS_NS
+static inline struct uts_namespace *to_uts_ns(struct ns_common *ns)
+{
+	return container_of(ns, struct uts_namespace, ns);
+}
+
+static inline void get_uts_ns(struct uts_namespace *ns)
+{
+	refcount_inc(&ns->ns.count);
+}
+
+extern struct uts_namespace *copy_utsname(unsigned long flags,
+	struct user_namespace *user_ns, struct uts_namespace *old_ns);
+extern void free_uts_ns(struct uts_namespace *ns);
+
+static inline void put_uts_ns(struct uts_namespace *ns)
+{
+	if (refcount_dec_and_test(&ns->ns.count))
+		free_uts_ns(ns);
+}
+
+void uts_ns_init(void);
+#else
+static inline void get_uts_ns(struct uts_namespace *ns)
+{
+}
+
+static inline void put_uts_ns(struct uts_namespace *ns)
+{
+}
+
+static inline struct uts_namespace *copy_utsname(unsigned long flags,
+	struct user_namespace *user_ns, struct uts_namespace *old_ns)
+{
+	if (flags & CLONE_NEWUTS)
+		return ERR_PTR(-EINVAL);
+
+	return old_ns;
+}
+
+static inline void uts_ns_init(void)
+{
+}
+#endif
+
+#endif /* _LINUX_UTS_NAMESPACE_H */
diff --git a/include/linux/utsname.h b/include/linux/utsname.h
index 5d34c4f0f945..547bd4439706 100644
--- a/include/linux/utsname.h
+++ b/include/linux/utsname.h
@@ -7,7 +7,7 @@
 #include <linux/nsproxy.h>
 #include <linux/ns_common.h>
 #include <linux/err.h>
-#include <uapi/linux/utsname.h>
+#include <linux/uts_namespace.h>
 
 enum uts_proc {
 	UTS_PROC_ARCH,
@@ -18,62 +18,6 @@ enum uts_proc {
 	UTS_PROC_DOMAINNAME,
 };
 
-struct user_namespace;
-extern struct user_namespace init_user_ns;
-
-struct uts_namespace {
-	struct new_utsname name;
-	struct user_namespace *user_ns;
-	struct ucounts *ucounts;
-	struct ns_common ns;
-} __randomize_layout;
-extern struct uts_namespace init_uts_ns;
-
-#ifdef CONFIG_UTS_NS
-static inline struct uts_namespace *to_uts_ns(struct ns_common *ns)
-{
-	return container_of(ns, struct uts_namespace, ns);
-}
-
-static inline void get_uts_ns(struct uts_namespace *ns)
-{
-	refcount_inc(&ns->ns.count);
-}
-
-extern struct uts_namespace *copy_utsname(unsigned long flags,
-	struct user_namespace *user_ns, struct uts_namespace *old_ns);
-extern void free_uts_ns(struct uts_namespace *ns);
-
-static inline void put_uts_ns(struct uts_namespace *ns)
-{
-	if (refcount_dec_and_test(&ns->ns.count))
-		free_uts_ns(ns);
-}
-
-void uts_ns_init(void);
-#else
-static inline void get_uts_ns(struct uts_namespace *ns)
-{
-}
-
-static inline void put_uts_ns(struct uts_namespace *ns)
-{
-}
-
-static inline struct uts_namespace *copy_utsname(unsigned long flags,
-	struct user_namespace *user_ns, struct uts_namespace *old_ns)
-{
-	if (flags & CLONE_NEWUTS)
-		return ERR_PTR(-EINVAL);
-
-	return old_ns;
-}
-
-static inline void uts_ns_init(void)
-{
-}
-#endif
-
 #ifdef CONFIG_PROC_SYSCTL
 extern void uts_proc_notify(enum uts_proc proc);
 #else

-- 
2.47.3

Re: [PATCH 1/9] uts: split namespace into separate header

[Jan Kara]

On Wed 17-09-25 12:28:00, Christian Brauner wrote:
> We have dedicated headers for all namespace types. Add one for the uts
> namespace as well. Now it's consistent for all namespace types.
> 
> Signed-off-by: Christian Brauner <brauner@kernel.org>

Fine by me. Feel free to add:

Reviewed-by: Jan Kara <jack@suse.cz>

								Honza

> ---
>  include/linux/uts_namespace.h | 65 +++++++++++++++++++++++++++++++++++++++++++
>  include/linux/utsname.h       | 58 +-------------------------------------
>  2 files changed, 66 insertions(+), 57 deletions(-)
> 
> diff --git a/include/linux/uts_namespace.h b/include/linux/uts_namespace.h
> new file mode 100644
> index 000000000000..c2b619bb4e57
> --- /dev/null
> +++ b/include/linux/uts_namespace.h
> @@ -0,0 +1,65 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +#ifndef _LINUX_UTS_NAMESPACE_H
> +#define _LINUX_UTS_NAMESPACE_H
> +
> +#include <linux/ns_common.h>
> +#include <uapi/linux/utsname.h>
> +
> +struct user_namespace;
> +extern struct user_namespace init_user_ns;
> +
> +struct uts_namespace {
> +	struct new_utsname name;
> +	struct user_namespace *user_ns;
> +	struct ucounts *ucounts;
> +	struct ns_common ns;
> +} __randomize_layout;
> +
> +extern struct uts_namespace init_uts_ns;
> +
> +#ifdef CONFIG_UTS_NS
> +static inline struct uts_namespace *to_uts_ns(struct ns_common *ns)
> +{
> +	return container_of(ns, struct uts_namespace, ns);
> +}
> +
> +static inline void get_uts_ns(struct uts_namespace *ns)
> +{
> +	refcount_inc(&ns->ns.count);
> +}
> +
> +extern struct uts_namespace *copy_utsname(unsigned long flags,
> +	struct user_namespace *user_ns, struct uts_namespace *old_ns);
> +extern void free_uts_ns(struct uts_namespace *ns);
> +
> +static inline void put_uts_ns(struct uts_namespace *ns)
> +{
> +	if (refcount_dec_and_test(&ns->ns.count))
> +		free_uts_ns(ns);
> +}
> +
> +void uts_ns_init(void);
> +#else
> +static inline void get_uts_ns(struct uts_namespace *ns)
> +{
> +}
> +
> +static inline void put_uts_ns(struct uts_namespace *ns)
> +{
> +}
> +
> +static inline struct uts_namespace *copy_utsname(unsigned long flags,
> +	struct user_namespace *user_ns, struct uts_namespace *old_ns)
> +{
> +	if (flags & CLONE_NEWUTS)
> +		return ERR_PTR(-EINVAL);
> +
> +	return old_ns;
> +}
> +
> +static inline void uts_ns_init(void)
> +{
> +}
> +#endif
> +
> +#endif /* _LINUX_UTS_NAMESPACE_H */
> diff --git a/include/linux/utsname.h b/include/linux/utsname.h
> index 5d34c4f0f945..547bd4439706 100644
> --- a/include/linux/utsname.h
> +++ b/include/linux/utsname.h
> @@ -7,7 +7,7 @@
>  #include <linux/nsproxy.h>
>  #include <linux/ns_common.h>
>  #include <linux/err.h>
> -#include <uapi/linux/utsname.h>
> +#include <linux/uts_namespace.h>
>  
>  enum uts_proc {
>  	UTS_PROC_ARCH,
> @@ -18,62 +18,6 @@ enum uts_proc {
>  	UTS_PROC_DOMAINNAME,
>  };
>  
> -struct user_namespace;
> -extern struct user_namespace init_user_ns;
> -
> -struct uts_namespace {
> -	struct new_utsname name;
> -	struct user_namespace *user_ns;
> -	struct ucounts *ucounts;
> -	struct ns_common ns;
> -} __randomize_layout;
> -extern struct uts_namespace init_uts_ns;
> -
> -#ifdef CONFIG_UTS_NS
> -static inline struct uts_namespace *to_uts_ns(struct ns_common *ns)
> -{
> -	return container_of(ns, struct uts_namespace, ns);
> -}
> -
> -static inline void get_uts_ns(struct uts_namespace *ns)
> -{
> -	refcount_inc(&ns->ns.count);
> -}
> -
> -extern struct uts_namespace *copy_utsname(unsigned long flags,
> -	struct user_namespace *user_ns, struct uts_namespace *old_ns);
> -extern void free_uts_ns(struct uts_namespace *ns);
> -
> -static inline void put_uts_ns(struct uts_namespace *ns)
> -{
> -	if (refcount_dec_and_test(&ns->ns.count))
> -		free_uts_ns(ns);
> -}
> -
> -void uts_ns_init(void);
> -#else
> -static inline void get_uts_ns(struct uts_namespace *ns)
> -{
> -}
> -
> -static inline void put_uts_ns(struct uts_namespace *ns)
> -{
> -}
> -
> -static inline struct uts_namespace *copy_utsname(unsigned long flags,
> -	struct user_namespace *user_ns, struct uts_namespace *old_ns)
> -{
> -	if (flags & CLONE_NEWUTS)
> -		return ERR_PTR(-EINVAL);
> -
> -	return old_ns;
> -}
> -
> -static inline void uts_ns_init(void)
> -{
> -}
> -#endif
> -
>  #ifdef CONFIG_PROC_SYSCTL
>  extern void uts_proc_notify(enum uts_proc proc);
>  #else
> 
> -- 
> 2.47.3
> 
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

[PATCH 2/9] mnt: expose pointer to init_mnt_ns

[Christian Brauner]

There's various scenarios where we need to know whether we are in the
initial set of namespaces or not to e.g., shortcut permission checking.
All namespaces expose that information. Let's do that too.

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 fs/namespace.c                | 2 ++
 include/linux/mnt_namespace.h | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/fs/namespace.c b/fs/namespace.c
index a68998449698..c8251545d57e 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -81,6 +81,7 @@ static DECLARE_RWSEM(namespace_sem);
 static HLIST_HEAD(unmounted);	/* protected by namespace_sem */
 static LIST_HEAD(ex_mountpoints); /* protected by namespace_sem */
 static struct mnt_namespace *emptied_ns; /* protected by namespace_sem */
+struct mnt_namespace *init_mnt_ns;
 
 #ifdef CONFIG_FSNOTIFY
 LIST_HEAD(notify_list); /* protected by namespace_sem */
@@ -6037,6 +6038,7 @@ static void __init init_mount_tree(void)
 	set_fs_root(current->fs, &root);
 
 	ns_tree_add(ns);
+	init_mnt_ns = ns;
 }
 
 void __init mnt_init(void)
diff --git a/include/linux/mnt_namespace.h b/include/linux/mnt_namespace.h
index 70b366b64816..7e23c8364a9c 100644
--- a/include/linux/mnt_namespace.h
+++ b/include/linux/mnt_namespace.h
@@ -11,6 +11,8 @@ struct fs_struct;
 struct user_namespace;
 struct ns_common;
 
+extern struct mnt_namespace *init_mnt_ns;
+
 extern struct mnt_namespace *copy_mnt_ns(unsigned long, struct mnt_namespace *,
 		struct user_namespace *, struct fs_struct *);
 extern void put_mnt_ns(struct mnt_namespace *ns);

-- 
2.47.3

Re: [PATCH 2/9] mnt: expose pointer to init_mnt_ns

[Jan Kara]

On Wed 17-09-25 12:28:01, Christian Brauner wrote:
> There's various scenarios where we need to know whether we are in the
> initial set of namespaces or not to e.g., shortcut permission checking.
> All namespaces expose that information. Let's do that too.
> 
> Signed-off-by: Christian Brauner <brauner@kernel.org>

Right. Feel free to add:

Reviewed-by: Jan Kara <jack@suse.cz>

								Honza

> ---
>  fs/namespace.c                | 2 ++
>  include/linux/mnt_namespace.h | 2 ++
>  2 files changed, 4 insertions(+)
> 
> diff --git a/fs/namespace.c b/fs/namespace.c
> index a68998449698..c8251545d57e 100644
> --- a/fs/namespace.c
> +++ b/fs/namespace.c
> @@ -81,6 +81,7 @@ static DECLARE_RWSEM(namespace_sem);
>  static HLIST_HEAD(unmounted);	/* protected by namespace_sem */
>  static LIST_HEAD(ex_mountpoints); /* protected by namespace_sem */
>  static struct mnt_namespace *emptied_ns; /* protected by namespace_sem */
> +struct mnt_namespace *init_mnt_ns;
>  
>  #ifdef CONFIG_FSNOTIFY
>  LIST_HEAD(notify_list); /* protected by namespace_sem */
> @@ -6037,6 +6038,7 @@ static void __init init_mount_tree(void)
>  	set_fs_root(current->fs, &root);
>  
>  	ns_tree_add(ns);
> +	init_mnt_ns = ns;
>  }
>  
>  void __init mnt_init(void)
> diff --git a/include/linux/mnt_namespace.h b/include/linux/mnt_namespace.h
> index 70b366b64816..7e23c8364a9c 100644
> --- a/include/linux/mnt_namespace.h
> +++ b/include/linux/mnt_namespace.h
> @@ -11,6 +11,8 @@ struct fs_struct;
>  struct user_namespace;
>  struct ns_common;
>  
> +extern struct mnt_namespace *init_mnt_ns;
> +
>  extern struct mnt_namespace *copy_mnt_ns(unsigned long, struct mnt_namespace *,
>  		struct user_namespace *, struct fs_struct *);
>  extern void put_mnt_ns(struct mnt_namespace *ns);
> 
> -- 
> 2.47.3
> 
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

Re: [PATCH 2/9] mnt: expose pointer to init_mnt_ns

[Christian Brauner]

[-- Attachment #1: Type: text/plain, Size: 478 bytes --]

On Wed, Sep 17, 2025 at 06:28:37PM +0200, Jan Kara wrote:
> On Wed 17-09-25 12:28:01, Christian Brauner wrote:
> > There's various scenarios where we need to know whether we are in the
> > initial set of namespaces or not to e.g., shortcut permission checking.
> > All namespaces expose that information. Let's do that too.
> > 
> > Signed-off-by: Christian Brauner <brauner@kernel.org>

I've changed this so it behaves exactly like all the other init
namespaces. See appended.

[-- Attachment #2: v2-0001-mnt-expose-pointer-to-init_mnt_ns.patch --]
[-- Type: text/x-diff, Size: 2639 bytes --]

From 1bf2ddb7bdd1f686d4e083380412e826a211c57d Mon Sep 17 00:00:00 2001
From: Christian Brauner <brauner@kernel.org>
Date: Wed, 17 Sep 2025 12:28:01 +0200
Subject: [PATCH v2] mnt: expose pointer to init_mnt_ns

There's various scenarios where we need to know whether we are in the
initial set of namespaces or not to e.g., shortcut permission checking.
All namespaces expose that information. Let's do that too.

Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 fs/namespace.c                | 27 ++++++++++++++++-----------
 include/linux/mnt_namespace.h |  2 ++
 2 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/fs/namespace.c b/fs/namespace.c
index a68998449698..f0bddc9cf2a6 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -6008,27 +6008,32 @@ SYSCALL_DEFINE4(listmount, const struct mnt_id_req __user *, req,
 	return ret;
 }
 
+struct mnt_namespace init_mnt_ns = {
+	.ns.inum	= PROC_MNT_INIT_INO,
+	.ns.ops		= &mntns_operations,
+	.user_ns	= &init_user_ns,
+	.ns.count	= REFCOUNT_INIT(1),
+	.passive	= REFCOUNT_INIT(1),
+	.mounts		= RB_ROOT,
+	.poll		= __WAIT_QUEUE_HEAD_INITIALIZER(init_mnt_ns.poll),
+};
+
 static void __init init_mount_tree(void)
 {
 	struct vfsmount *mnt;
 	struct mount *m;
-	struct mnt_namespace *ns;
 	struct path root;
 
 	mnt = vfs_kern_mount(&rootfs_fs_type, 0, "rootfs", NULL);
 	if (IS_ERR(mnt))
 		panic("Can't create rootfs");
 
-	ns = alloc_mnt_ns(&init_user_ns, true);
-	if (IS_ERR(ns))
-		panic("Can't allocate initial namespace");
-	ns->ns.inum = PROC_MNT_INIT_INO;
 	m = real_mount(mnt);
-	ns->root = m;
-	ns->nr_mounts = 1;
-	mnt_add_to_ns(ns, m);
-	init_task.nsproxy->mnt_ns = ns;
-	get_mnt_ns(ns);
+	init_mnt_ns.root = m;
+	init_mnt_ns.nr_mounts = 1;
+	mnt_add_to_ns(&init_mnt_ns, m);
+	init_task.nsproxy->mnt_ns = &init_mnt_ns;
+	get_mnt_ns(&init_mnt_ns);
 
 	root.mnt = mnt;
 	root.dentry = mnt->mnt_root;
@@ -6036,7 +6041,7 @@ static void __init init_mount_tree(void)
 	set_fs_pwd(current->fs, &root);
 	set_fs_root(current->fs, &root);
 
-	ns_tree_add(ns);
+	ns_tree_add(&init_mnt_ns);
 }
 
 void __init mnt_init(void)
diff --git a/include/linux/mnt_namespace.h b/include/linux/mnt_namespace.h
index 70b366b64816..6d1c4c218c14 100644
--- a/include/linux/mnt_namespace.h
+++ b/include/linux/mnt_namespace.h
@@ -11,6 +11,8 @@ struct fs_struct;
 struct user_namespace;
 struct ns_common;
 
+extern struct mnt_namespace init_mnt_ns;
+
 extern struct mnt_namespace *copy_mnt_ns(unsigned long, struct mnt_namespace *,
 		struct user_namespace *, struct fs_struct *);
 extern void put_mnt_ns(struct mnt_namespace *ns);
-- 
2.47.3

Re: [PATCH 2/9] mnt: expose pointer to init_mnt_ns

[Jan Kara]

On Fri 19-09-25 12:05:16, Christian Brauner wrote:
> On Wed, Sep 17, 2025 at 06:28:37PM +0200, Jan Kara wrote:
> > On Wed 17-09-25 12:28:01, Christian Brauner wrote:
> > > There's various scenarios where we need to know whether we are in the
> > > initial set of namespaces or not to e.g., shortcut permission checking.
> > > All namespaces expose that information. Let's do that too.
> > > 
> > > Signed-off-by: Christian Brauner <brauner@kernel.org>
> 
> I've changed this so it behaves exactly like all the other init
> namespaces. See appended.

Yeah, looks good to me. Feel free to add:

Reviewed-by: Jan Kara <jack@suse.cz>

(although I can see you've kept my Reviewed-by in the patch).

								Honza

-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

Re: [PATCH 2/9] mnt: expose pointer to init_mnt_ns

[Christian Brauner]

On Mon, Sep 22, 2025 at 12:19:11PM +0200, Jan Kara wrote:
> On Fri 19-09-25 12:05:16, Christian Brauner wrote:
> > On Wed, Sep 17, 2025 at 06:28:37PM +0200, Jan Kara wrote:
> > > On Wed 17-09-25 12:28:01, Christian Brauner wrote:
> > > > There's various scenarios where we need to know whether we are in the
> > > > initial set of namespaces or not to e.g., shortcut permission checking.
> > > > All namespaces expose that information. Let's do that too.
> > > > 
> > > > Signed-off-by: Christian Brauner <brauner@kernel.org>
> > 
> > I've changed this so it behaves exactly like all the other init
> > namespaces. See appended.
> 
> Yeah, looks good to me. Feel free to add:
> 
> Reviewed-by: Jan Kara <jack@suse.cz>
> 
> (although I can see you've kept my Reviewed-by in the patch).

Sorry, that was an accident because I had amended the patch.
Thanks for paying attention to this!

[PATCH 3/9] nscommon: move to separate file

[Christian Brauner]

It's really awkward spilling the ns common infrastructure into multiple
headers. Move it to a separate file.

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 include/linux/ns_common.h |  3 +++
 include/linux/proc_ns.h   | 19 -------------------
 kernel/Makefile           |  2 +-
 kernel/nscommon.c         | 21 +++++++++++++++++++++
 4 files changed, 25 insertions(+), 20 deletions(-)

diff --git a/include/linux/ns_common.h b/include/linux/ns_common.h
index 7224072cccc5..78b17fe80b62 100644
--- a/include/linux/ns_common.h
+++ b/include/linux/ns_common.h
@@ -31,6 +31,9 @@ struct ns_common {
 	};
 };
 
+int ns_common_init(struct ns_common *ns, const struct proc_ns_operations *ops,
+		   bool alloc_inum);
+
 #define to_ns_common(__ns)                              \
 	_Generic((__ns),                                \
 		struct cgroup_namespace *: &(__ns)->ns, \
diff --git a/include/linux/proc_ns.h b/include/linux/proc_ns.h
index 7f89f0829e60..9f21670b5824 100644
--- a/include/linux/proc_ns.h
+++ b/include/linux/proc_ns.h
@@ -66,25 +66,6 @@ static inline void proc_free_inum(unsigned int inum) {}
 
 #endif /* CONFIG_PROC_FS */
 
-static inline int ns_common_init(struct ns_common *ns,
-				 const struct proc_ns_operations *ops,
-				 bool alloc_inum)
-{
-	if (alloc_inum) {
-		int ret;
-		ret = proc_alloc_inum(&ns->inum);
-		if (ret)
-			return ret;
-	}
-	refcount_set(&ns->count, 1);
-	ns->stashed = NULL;
-	ns->ops = ops;
-	ns->ns_id = 0;
-	RB_CLEAR_NODE(&ns->ns_tree_node);
-	INIT_LIST_HEAD(&ns->ns_list_node);
-	return 0;
-}
-
 #define ns_free_inum(ns) proc_free_inum((ns)->inum)
 
 #define get_proc_ns(inode) ((struct ns_common *)(inode)->i_private)
diff --git a/kernel/Makefile b/kernel/Makefile
index b807516a1b43..1f48f7cd2d7b 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -8,7 +8,7 @@ obj-y     = fork.o exec_domain.o panic.o \
 	    sysctl.o capability.o ptrace.o user.o \
 	    signal.o sys.o umh.o workqueue.o pid.o task_work.o \
 	    extable.o params.o \
-	    kthread.o sys_ni.o nsproxy.o nstree.o \
+	    kthread.o sys_ni.o nsproxy.o nstree.o nscommon.o \
 	    notifier.o ksysfs.o cred.o reboot.o \
 	    async.o range.o smpboot.o ucount.o regset.o ksyms_common.o
 
diff --git a/kernel/nscommon.c b/kernel/nscommon.c
new file mode 100644
index 000000000000..ebf4783d0505
--- /dev/null
+++ b/kernel/nscommon.c
@@ -0,0 +1,21 @@
+// SPDX-License-Identifier: GPL-2.0-only
+
+#include <linux/ns_common.h>
+
+int ns_common_init(struct ns_common *ns, const struct proc_ns_operations *ops,
+		   bool alloc_inum)
+{
+	if (alloc_inum) {
+		int ret;
+		ret = proc_alloc_inum(&ns->inum);
+		if (ret)
+			return ret;
+	}
+	refcount_set(&ns->count, 1);
+	ns->stashed = NULL;
+	ns->ops = ops;
+	ns->ns_id = 0;
+	RB_CLEAR_NODE(&ns->ns_tree_node);
+	INIT_LIST_HEAD(&ns->ns_list_node);
+	return 0;
+}

-- 
2.47.3

Re: [PATCH 3/9] nscommon: move to separate file

[Jan Kara]

On Wed 17-09-25 12:28:02, Christian Brauner wrote:
> It's really awkward spilling the ns common infrastructure into multiple
> headers. Move it to a separate file.
> 
> Signed-off-by: Christian Brauner <brauner@kernel.org>

Looks good. Feel free to add:

Reviewed-by: Jan Kara <jack@suse.cz>

								Honza

> ---
>  include/linux/ns_common.h |  3 +++
>  include/linux/proc_ns.h   | 19 -------------------
>  kernel/Makefile           |  2 +-
>  kernel/nscommon.c         | 21 +++++++++++++++++++++
>  4 files changed, 25 insertions(+), 20 deletions(-)
> 
> diff --git a/include/linux/ns_common.h b/include/linux/ns_common.h
> index 7224072cccc5..78b17fe80b62 100644
> --- a/include/linux/ns_common.h
> +++ b/include/linux/ns_common.h
> @@ -31,6 +31,9 @@ struct ns_common {
>  	};
>  };
>  
> +int ns_common_init(struct ns_common *ns, const struct proc_ns_operations *ops,
> +		   bool alloc_inum);
> +
>  #define to_ns_common(__ns)                              \
>  	_Generic((__ns),                                \
>  		struct cgroup_namespace *: &(__ns)->ns, \
> diff --git a/include/linux/proc_ns.h b/include/linux/proc_ns.h
> index 7f89f0829e60..9f21670b5824 100644
> --- a/include/linux/proc_ns.h
> +++ b/include/linux/proc_ns.h
> @@ -66,25 +66,6 @@ static inline void proc_free_inum(unsigned int inum) {}
>  
>  #endif /* CONFIG_PROC_FS */
>  
> -static inline int ns_common_init(struct ns_common *ns,
> -				 const struct proc_ns_operations *ops,
> -				 bool alloc_inum)
> -{
> -	if (alloc_inum) {
> -		int ret;
> -		ret = proc_alloc_inum(&ns->inum);
> -		if (ret)
> -			return ret;
> -	}
> -	refcount_set(&ns->count, 1);
> -	ns->stashed = NULL;
> -	ns->ops = ops;
> -	ns->ns_id = 0;
> -	RB_CLEAR_NODE(&ns->ns_tree_node);
> -	INIT_LIST_HEAD(&ns->ns_list_node);
> -	return 0;
> -}
> -
>  #define ns_free_inum(ns) proc_free_inum((ns)->inum)
>  
>  #define get_proc_ns(inode) ((struct ns_common *)(inode)->i_private)
> diff --git a/kernel/Makefile b/kernel/Makefile
> index b807516a1b43..1f48f7cd2d7b 100644
> --- a/kernel/Makefile
> +++ b/kernel/Makefile
> @@ -8,7 +8,7 @@ obj-y     = fork.o exec_domain.o panic.o \
>  	    sysctl.o capability.o ptrace.o user.o \
>  	    signal.o sys.o umh.o workqueue.o pid.o task_work.o \
>  	    extable.o params.o \
> -	    kthread.o sys_ni.o nsproxy.o nstree.o \
> +	    kthread.o sys_ni.o nsproxy.o nstree.o nscommon.o \
>  	    notifier.o ksysfs.o cred.o reboot.o \
>  	    async.o range.o smpboot.o ucount.o regset.o ksyms_common.o
>  
> diff --git a/kernel/nscommon.c b/kernel/nscommon.c
> new file mode 100644
> index 000000000000..ebf4783d0505
> --- /dev/null
> +++ b/kernel/nscommon.c
> @@ -0,0 +1,21 @@
> +// SPDX-License-Identifier: GPL-2.0-only
> +
> +#include <linux/ns_common.h>
> +
> +int ns_common_init(struct ns_common *ns, const struct proc_ns_operations *ops,
> +		   bool alloc_inum)
> +{
> +	if (alloc_inum) {
> +		int ret;
> +		ret = proc_alloc_inum(&ns->inum);
> +		if (ret)
> +			return ret;
> +	}
> +	refcount_set(&ns->count, 1);
> +	ns->stashed = NULL;
> +	ns->ops = ops;
> +	ns->ns_id = 0;
> +	RB_CLEAR_NODE(&ns->ns_tree_node);
> +	INIT_LIST_HEAD(&ns->ns_list_node);
> +	return 0;
> +}
> 
> -- 
> 2.47.3
> 
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

[PATCH 4/9] cgroup: split namespace into separate header

[Christian Brauner]

We have dedicated headers for all namespace types. Add one for the
cgroup namespace as well. Now it's consistent for all namespace types
and easy to figure out what to include.

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 include/linux/cgroup.h           | 51 +-----------------------------------
 include/linux/cgroup_namespace.h | 56 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 57 insertions(+), 50 deletions(-)

diff --git a/include/linux/cgroup.h b/include/linux/cgroup.h
index 9ca25346f7cb..5156fed8cbc3 100644
--- a/include/linux/cgroup.h
+++ b/include/linux/cgroup.h
@@ -27,6 +27,7 @@
 #include <linux/kernel_stat.h>
 
 #include <linux/cgroup-defs.h>
+#include <linux/cgroup_namespace.h>
 
 struct kernel_clone_args;
 
@@ -783,56 +784,6 @@ static inline void cgroup_sk_free(struct sock_cgroup_data *skcd) {}
 
 #endif	/* CONFIG_CGROUP_DATA */
 
-struct cgroup_namespace {
-	struct ns_common	ns;
-	struct user_namespace	*user_ns;
-	struct ucounts		*ucounts;
-	struct css_set          *root_cset;
-};
-
-extern struct cgroup_namespace init_cgroup_ns;
-
-#ifdef CONFIG_CGROUPS
-
-static inline struct cgroup_namespace *to_cg_ns(struct ns_common *ns)
-{
-	return container_of(ns, struct cgroup_namespace, ns);
-}
-
-void free_cgroup_ns(struct cgroup_namespace *ns);
-
-struct cgroup_namespace *copy_cgroup_ns(unsigned long flags,
-					struct user_namespace *user_ns,
-					struct cgroup_namespace *old_ns);
-
-int cgroup_path_ns(struct cgroup *cgrp, char *buf, size_t buflen,
-		   struct cgroup_namespace *ns);
-
-static inline void get_cgroup_ns(struct cgroup_namespace *ns)
-{
-	refcount_inc(&ns->ns.count);
-}
-
-static inline void put_cgroup_ns(struct cgroup_namespace *ns)
-{
-	if (refcount_dec_and_test(&ns->ns.count))
-		free_cgroup_ns(ns);
-}
-
-#else /* !CONFIG_CGROUPS */
-
-static inline void free_cgroup_ns(struct cgroup_namespace *ns) { }
-static inline struct cgroup_namespace *
-copy_cgroup_ns(unsigned long flags, struct user_namespace *user_ns,
-	       struct cgroup_namespace *old_ns)
-{
-	return old_ns;
-}
-
-static inline void get_cgroup_ns(struct cgroup_namespace *ns) { }
-static inline void put_cgroup_ns(struct cgroup_namespace *ns) { }
-
-#endif /* !CONFIG_CGROUPS */
 
 #ifdef CONFIG_CGROUPS
 
diff --git a/include/linux/cgroup_namespace.h b/include/linux/cgroup_namespace.h
new file mode 100644
index 000000000000..c02bb76c5e32
--- /dev/null
+++ b/include/linux/cgroup_namespace.h
@@ -0,0 +1,56 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef _LINUX_CGROUP_NAMESPACE_H
+#define _LINUX_CGROUP_NAMESPACE_H
+
+struct cgroup_namespace {
+	struct ns_common	ns;
+	struct user_namespace	*user_ns;
+	struct ucounts		*ucounts;
+	struct css_set          *root_cset;
+};
+
+extern struct cgroup_namespace init_cgroup_ns;
+
+#ifdef CONFIG_CGROUPS
+
+static inline struct cgroup_namespace *to_cg_ns(struct ns_common *ns)
+{
+	return container_of(ns, struct cgroup_namespace, ns);
+}
+
+void free_cgroup_ns(struct cgroup_namespace *ns);
+
+struct cgroup_namespace *copy_cgroup_ns(unsigned long flags,
+					struct user_namespace *user_ns,
+					struct cgroup_namespace *old_ns);
+
+int cgroup_path_ns(struct cgroup *cgrp, char *buf, size_t buflen,
+		   struct cgroup_namespace *ns);
+
+static inline void get_cgroup_ns(struct cgroup_namespace *ns)
+{
+	refcount_inc(&ns->ns.count);
+}
+
+static inline void put_cgroup_ns(struct cgroup_namespace *ns)
+{
+	if (refcount_dec_and_test(&ns->ns.count))
+		free_cgroup_ns(ns);
+}
+
+#else /* !CONFIG_CGROUPS */
+
+static inline void free_cgroup_ns(struct cgroup_namespace *ns) { }
+static inline struct cgroup_namespace *
+copy_cgroup_ns(unsigned long flags, struct user_namespace *user_ns,
+	       struct cgroup_namespace *old_ns)
+{
+	return old_ns;
+}
+
+static inline void get_cgroup_ns(struct cgroup_namespace *ns) { }
+static inline void put_cgroup_ns(struct cgroup_namespace *ns) { }
+
+#endif /* !CONFIG_CGROUPS */
+
+#endif /* _LINUX_CGROUP_NAMESPACE_H */

-- 
2.47.3

Re: [PATCH 4/9] cgroup: split namespace into separate header

[Tejun Heo]

On Wed, Sep 17, 2025 at 12:28:03PM +0200, Christian Brauner wrote:
> We have dedicated headers for all namespace types. Add one for the
> cgroup namespace as well. Now it's consistent for all namespace types
> and easy to figure out what to include.
> 
> Signed-off-by: Christian Brauner <brauner@kernel.org>

Acked-by: Tejun Heo <tj@kernel.org>

Please feel free to route with other changes. If you want it to go through
the cgroup tree, please let me know.

Thanks.

-- 
tejun

Re: [PATCH 4/9] cgroup: split namespace into separate header

[Jan Kara]

On Wed 17-09-25 12:28:03, Christian Brauner wrote:
> We have dedicated headers for all namespace types. Add one for the
> cgroup namespace as well. Now it's consistent for all namespace types
> and easy to figure out what to include.
> 
> Signed-off-by: Christian Brauner <brauner@kernel.org>

Looks good. Feel free to add:

Reviewed-by: Jan Kara <jack@suse.cz>

								Honza

> ---
>  include/linux/cgroup.h           | 51 +-----------------------------------
>  include/linux/cgroup_namespace.h | 56 ++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 57 insertions(+), 50 deletions(-)
> 
> diff --git a/include/linux/cgroup.h b/include/linux/cgroup.h
> index 9ca25346f7cb..5156fed8cbc3 100644
> --- a/include/linux/cgroup.h
> +++ b/include/linux/cgroup.h
> @@ -27,6 +27,7 @@
>  #include <linux/kernel_stat.h>
>  
>  #include <linux/cgroup-defs.h>
> +#include <linux/cgroup_namespace.h>
>  
>  struct kernel_clone_args;
>  
> @@ -783,56 +784,6 @@ static inline void cgroup_sk_free(struct sock_cgroup_data *skcd) {}
>  
>  #endif	/* CONFIG_CGROUP_DATA */
>  
> -struct cgroup_namespace {
> -	struct ns_common	ns;
> -	struct user_namespace	*user_ns;
> -	struct ucounts		*ucounts;
> -	struct css_set          *root_cset;
> -};
> -
> -extern struct cgroup_namespace init_cgroup_ns;
> -
> -#ifdef CONFIG_CGROUPS
> -
> -static inline struct cgroup_namespace *to_cg_ns(struct ns_common *ns)
> -{
> -	return container_of(ns, struct cgroup_namespace, ns);
> -}
> -
> -void free_cgroup_ns(struct cgroup_namespace *ns);
> -
> -struct cgroup_namespace *copy_cgroup_ns(unsigned long flags,
> -					struct user_namespace *user_ns,
> -					struct cgroup_namespace *old_ns);
> -
> -int cgroup_path_ns(struct cgroup *cgrp, char *buf, size_t buflen,
> -		   struct cgroup_namespace *ns);
> -
> -static inline void get_cgroup_ns(struct cgroup_namespace *ns)
> -{
> -	refcount_inc(&ns->ns.count);
> -}
> -
> -static inline void put_cgroup_ns(struct cgroup_namespace *ns)
> -{
> -	if (refcount_dec_and_test(&ns->ns.count))
> -		free_cgroup_ns(ns);
> -}
> -
> -#else /* !CONFIG_CGROUPS */
> -
> -static inline void free_cgroup_ns(struct cgroup_namespace *ns) { }
> -static inline struct cgroup_namespace *
> -copy_cgroup_ns(unsigned long flags, struct user_namespace *user_ns,
> -	       struct cgroup_namespace *old_ns)
> -{
> -	return old_ns;
> -}
> -
> -static inline void get_cgroup_ns(struct cgroup_namespace *ns) { }
> -static inline void put_cgroup_ns(struct cgroup_namespace *ns) { }
> -
> -#endif /* !CONFIG_CGROUPS */
>  
>  #ifdef CONFIG_CGROUPS
>  
> diff --git a/include/linux/cgroup_namespace.h b/include/linux/cgroup_namespace.h
> new file mode 100644
> index 000000000000..c02bb76c5e32
> --- /dev/null
> +++ b/include/linux/cgroup_namespace.h
> @@ -0,0 +1,56 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +#ifndef _LINUX_CGROUP_NAMESPACE_H
> +#define _LINUX_CGROUP_NAMESPACE_H
> +
> +struct cgroup_namespace {
> +	struct ns_common	ns;
> +	struct user_namespace	*user_ns;
> +	struct ucounts		*ucounts;
> +	struct css_set          *root_cset;
> +};
> +
> +extern struct cgroup_namespace init_cgroup_ns;
> +
> +#ifdef CONFIG_CGROUPS
> +
> +static inline struct cgroup_namespace *to_cg_ns(struct ns_common *ns)
> +{
> +	return container_of(ns, struct cgroup_namespace, ns);
> +}
> +
> +void free_cgroup_ns(struct cgroup_namespace *ns);
> +
> +struct cgroup_namespace *copy_cgroup_ns(unsigned long flags,
> +					struct user_namespace *user_ns,
> +					struct cgroup_namespace *old_ns);
> +
> +int cgroup_path_ns(struct cgroup *cgrp, char *buf, size_t buflen,
> +		   struct cgroup_namespace *ns);
> +
> +static inline void get_cgroup_ns(struct cgroup_namespace *ns)
> +{
> +	refcount_inc(&ns->ns.count);
> +}
> +
> +static inline void put_cgroup_ns(struct cgroup_namespace *ns)
> +{
> +	if (refcount_dec_and_test(&ns->ns.count))
> +		free_cgroup_ns(ns);
> +}
> +
> +#else /* !CONFIG_CGROUPS */
> +
> +static inline void free_cgroup_ns(struct cgroup_namespace *ns) { }
> +static inline struct cgroup_namespace *
> +copy_cgroup_ns(unsigned long flags, struct user_namespace *user_ns,
> +	       struct cgroup_namespace *old_ns)
> +{
> +	return old_ns;
> +}
> +
> +static inline void get_cgroup_ns(struct cgroup_namespace *ns) { }
> +static inline void put_cgroup_ns(struct cgroup_namespace *ns) { }
> +
> +#endif /* !CONFIG_CGROUPS */
> +
> +#endif /* _LINUX_CGROUP_NAMESPACE_H */
> 
> -- 
> 2.47.3
> 
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

[PATCH 5/9] nsfs: add inode number for anon namespace

[Christian Brauner]

Add an inode number anonymous namespaces.

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 include/uapi/linux/nsfs.h | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/include/uapi/linux/nsfs.h b/include/uapi/linux/nsfs.h
index 5d5bf22464c9..e098759ec917 100644
--- a/include/uapi/linux/nsfs.h
+++ b/include/uapi/linux/nsfs.h
@@ -53,6 +53,9 @@ enum init_ns_ino {
 	TIME_NS_INIT_INO	= 0xEFFFFFFAU,
 	NET_NS_INIT_INO		= 0xEFFFFFF9U,
 	MNT_NS_INIT_INO		= 0xEFFFFFF8U,
+#ifdef __KERNEL__
+	MNT_NS_ANON_INO		= 0xEFFFFFF7U,
+#endif
 };
 
 struct nsfs_file_handle {

-- 
2.47.3

Re: [PATCH 5/9] nsfs: add inode number for anon namespace

[Jan Kara]

On Wed 17-09-25 12:28:04, Christian Brauner wrote:
> Add an inode number anonymous namespaces.
                     ^ missing 'for'
 
> Signed-off-by: Christian Brauner <brauner@kernel.org>

Otherwise looks good. Feel free to add:

Reviewed-by: Jan Kara <jack@suse.cz>

								Honza

> ---
>  include/uapi/linux/nsfs.h | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/include/uapi/linux/nsfs.h b/include/uapi/linux/nsfs.h
> index 5d5bf22464c9..e098759ec917 100644
> --- a/include/uapi/linux/nsfs.h
> +++ b/include/uapi/linux/nsfs.h
> @@ -53,6 +53,9 @@ enum init_ns_ino {
>  	TIME_NS_INIT_INO	= 0xEFFFFFFAU,
>  	NET_NS_INIT_INO		= 0xEFFFFFF9U,
>  	MNT_NS_INIT_INO		= 0xEFFFFFF8U,
> +#ifdef __KERNEL__
> +	MNT_NS_ANON_INO		= 0xEFFFFFF7U,
> +#endif
>  };
>  
>  struct nsfs_file_handle {
> 
> -- 
> 2.47.3
> 
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

[PATCH 6/9] mnt: simplify ns_common_init() handling

[Christian Brauner]

Assign the reserved MNT_NS_ANON_INO sentinel to anonymous mount
namespaces and cleanup the initial mount ns allocation. This is just a
preparatory patch and the ns->inum check in ns_common_init() will be
dropped in the next patch.

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 fs/namespace.c    | 7 ++++---
 kernel/nscommon.c | 2 +-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/fs/namespace.c b/fs/namespace.c
index c8251545d57e..09e4ecd44972 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -4104,6 +4104,8 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns, bool a
 		return ERR_PTR(-ENOMEM);
 	}
 
+	if (anon)
+		new_ns->ns.inum = MNT_NS_ANON_INO;
 	ret = ns_common_init(&new_ns->ns, &mntns_operations, !anon);
 	if (ret) {
 		kfree(new_ns);
@@ -6020,10 +6022,9 @@ static void __init init_mount_tree(void)
 	if (IS_ERR(mnt))
 		panic("Can't create rootfs");
 
-	ns = alloc_mnt_ns(&init_user_ns, true);
+	ns = alloc_mnt_ns(&init_user_ns, false);
 	if (IS_ERR(ns))
 		panic("Can't allocate initial namespace");
-	ns->ns.inum = PROC_MNT_INIT_INO;
 	m = real_mount(mnt);
 	ns->root = m;
 	ns->nr_mounts = 1;
@@ -6037,7 +6038,7 @@ static void __init init_mount_tree(void)
 	set_fs_pwd(current->fs, &root);
 	set_fs_root(current->fs, &root);
 
-	ns_tree_add(ns);
+	ns_tree_add_raw(ns);
 	init_mnt_ns = ns;
 }
 
diff --git a/kernel/nscommon.c b/kernel/nscommon.c
index ebf4783d0505..e10fad8afe61 100644
--- a/kernel/nscommon.c
+++ b/kernel/nscommon.c
@@ -5,7 +5,7 @@
 int ns_common_init(struct ns_common *ns, const struct proc_ns_operations *ops,
 		   bool alloc_inum)
 {
-	if (alloc_inum) {
+	if (alloc_inum && !ns->inum) {
 		int ret;
 		ret = proc_alloc_inum(&ns->inum);
 		if (ret)

-- 
2.47.3

Re: [PATCH 6/9] mnt: simplify ns_common_init() handling

[Jan Kara]

On Wed 17-09-25 12:28:05, Christian Brauner wrote:
> Assign the reserved MNT_NS_ANON_INO sentinel to anonymous mount
> namespaces and cleanup the initial mount ns allocation. This is just a
> preparatory patch and the ns->inum check in ns_common_init() will be
> dropped in the next patch.
> 
> Signed-off-by: Christian Brauner <brauner@kernel.org>

...
> ---
>  fs/namespace.c    | 7 ++++---
>  kernel/nscommon.c | 2 +-
>  2 files changed, 5 insertions(+), 4 deletions(-)
> 
> diff --git a/fs/namespace.c b/fs/namespace.c
> index c8251545d57e..09e4ecd44972 100644
> --- a/fs/namespace.c
> +++ b/fs/namespace.c
> @@ -4104,6 +4104,8 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns, bool a
>  		return ERR_PTR(-ENOMEM);
>  	}
>  
> +	if (anon)
> +		new_ns->ns.inum = MNT_NS_ANON_INO;
>  	ret = ns_common_init(&new_ns->ns, &mntns_operations, !anon);
>  	if (ret) {
>  		kfree(new_ns);
> @@ -6020,10 +6022,9 @@ static void __init init_mount_tree(void)
>  	if (IS_ERR(mnt))
>  		panic("Can't create rootfs");
>  
> -	ns = alloc_mnt_ns(&init_user_ns, true);
> +	ns = alloc_mnt_ns(&init_user_ns, false);
>  	if (IS_ERR(ns))
>  		panic("Can't allocate initial namespace");
> -	ns->ns.inum = PROC_MNT_INIT_INO;
>  	m = real_mount(mnt);
>  	ns->root = m;
>  	ns->nr_mounts = 1;
> @@ -6037,7 +6038,7 @@ static void __init init_mount_tree(void)
>  	set_fs_pwd(current->fs, &root);
>  	set_fs_root(current->fs, &root);
>  
> -	ns_tree_add(ns);
> +	ns_tree_add_raw(ns);

But we don't have ns->ns_id set by anything now? Or am I missing something?

								Honza
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

Re: [PATCH 6/9] mnt: simplify ns_common_init() handling

[Christian Brauner]

On Wed, Sep 17, 2025 at 06:45:11PM +0200, Jan Kara wrote:
> On Wed 17-09-25 12:28:05, Christian Brauner wrote:
> > Assign the reserved MNT_NS_ANON_INO sentinel to anonymous mount
> > namespaces and cleanup the initial mount ns allocation. This is just a
> > preparatory patch and the ns->inum check in ns_common_init() will be
> > dropped in the next patch.
> > 
> > Signed-off-by: Christian Brauner <brauner@kernel.org>
> 
> ...
> > ---
> >  fs/namespace.c    | 7 ++++---
> >  kernel/nscommon.c | 2 +-
> >  2 files changed, 5 insertions(+), 4 deletions(-)
> > 
> > diff --git a/fs/namespace.c b/fs/namespace.c
> > index c8251545d57e..09e4ecd44972 100644
> > --- a/fs/namespace.c
> > +++ b/fs/namespace.c
> > @@ -4104,6 +4104,8 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns, bool a
> >  		return ERR_PTR(-ENOMEM);
> >  	}
> >  
> > +	if (anon)
> > +		new_ns->ns.inum = MNT_NS_ANON_INO;
> >  	ret = ns_common_init(&new_ns->ns, &mntns_operations, !anon);
> >  	if (ret) {
> >  		kfree(new_ns);
> > @@ -6020,10 +6022,9 @@ static void __init init_mount_tree(void)
> >  	if (IS_ERR(mnt))
> >  		panic("Can't create rootfs");
> >  
> > -	ns = alloc_mnt_ns(&init_user_ns, true);
> > +	ns = alloc_mnt_ns(&init_user_ns, false);
> >  	if (IS_ERR(ns))
> >  		panic("Can't allocate initial namespace");
> > -	ns->ns.inum = PROC_MNT_INIT_INO;
> >  	m = real_mount(mnt);
> >  	ns->root = m;
> >  	ns->nr_mounts = 1;
> > @@ -6037,7 +6038,7 @@ static void __init init_mount_tree(void)
> >  	set_fs_pwd(current->fs, &root);
> >  	set_fs_root(current->fs, &root);
> >  
> > -	ns_tree_add(ns);
> > +	ns_tree_add_raw(ns);
> 
> But we don't have ns->ns_id set by anything now? Or am I missing something?

It is set in alloc_mnt_ns() via ns_tree_gen_id(). :)
Unless I'm missing something.
But we still need to add PROC_MNT_INIT_INTO until the final conversion.
I'm fixing that in-tree.

Re: [PATCH 6/9] mnt: simplify ns_common_init() handling

[Jan Kara]

On Thu 18-09-25 10:15:01, Christian Brauner wrote:
> On Wed, Sep 17, 2025 at 06:45:11PM +0200, Jan Kara wrote:
> > On Wed 17-09-25 12:28:05, Christian Brauner wrote:
> > > Assign the reserved MNT_NS_ANON_INO sentinel to anonymous mount
> > > namespaces and cleanup the initial mount ns allocation. This is just a
> > > preparatory patch and the ns->inum check in ns_common_init() will be
> > > dropped in the next patch.
> > > 
> > > Signed-off-by: Christian Brauner <brauner@kernel.org>
> > 
> > ...
> > > ---
> > >  fs/namespace.c    | 7 ++++---
> > >  kernel/nscommon.c | 2 +-
> > >  2 files changed, 5 insertions(+), 4 deletions(-)
> > > 
> > > diff --git a/fs/namespace.c b/fs/namespace.c
> > > index c8251545d57e..09e4ecd44972 100644
> > > --- a/fs/namespace.c
> > > +++ b/fs/namespace.c
> > > @@ -4104,6 +4104,8 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns, bool a
> > >  		return ERR_PTR(-ENOMEM);
> > >  	}
> > >  
> > > +	if (anon)
> > > +		new_ns->ns.inum = MNT_NS_ANON_INO;
> > >  	ret = ns_common_init(&new_ns->ns, &mntns_operations, !anon);
> > >  	if (ret) {
> > >  		kfree(new_ns);
> > > @@ -6020,10 +6022,9 @@ static void __init init_mount_tree(void)
> > >  	if (IS_ERR(mnt))
> > >  		panic("Can't create rootfs");
> > >  
> > > -	ns = alloc_mnt_ns(&init_user_ns, true);
> > > +	ns = alloc_mnt_ns(&init_user_ns, false);
> > >  	if (IS_ERR(ns))
> > >  		panic("Can't allocate initial namespace");
> > > -	ns->ns.inum = PROC_MNT_INIT_INO;
> > >  	m = real_mount(mnt);
> > >  	ns->root = m;
> > >  	ns->nr_mounts = 1;
> > > @@ -6037,7 +6038,7 @@ static void __init init_mount_tree(void)
> > >  	set_fs_pwd(current->fs, &root);
> > >  	set_fs_root(current->fs, &root);
> > >  
> > > -	ns_tree_add(ns);
> > > +	ns_tree_add_raw(ns);
> > 
> > But we don't have ns->ns_id set by anything now? Or am I missing something?
> 
> It is set in alloc_mnt_ns() via ns_tree_gen_id(). :)
> Unless I'm missing something.

Ah, right. Feel free to add:

Reviewed-by: Jan Kara <jack@suse.cz>

								Honza
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

[PATCH 7/9] net: centralize ns_common initialization

[Christian Brauner]

Centralize ns_common initialization.

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 net/core/net_namespace.c | 23 +++--------------------
 1 file changed, 3 insertions(+), 20 deletions(-)

diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
index a57b3cda8dbc..897f4927df9e 100644
--- a/net/core/net_namespace.c
+++ b/net/core/net_namespace.c
@@ -409,7 +409,7 @@ static __net_init int preinit_net(struct net *net, struct user_namespace *user_n
 	ns_ops = NULL;
 #endif
 
-	ret = ns_common_init(&net->ns, ns_ops, false);
+	ret = ns_common_init(&net->ns, ns_ops, true);
 	if (ret)
 		return ret;
 
@@ -597,6 +597,7 @@ struct net *copy_net_ns(unsigned long flags,
 		net_passive_dec(net);
 dec_ucounts:
 		dec_net_namespaces(ucounts);
+		ns_free_inum(&net->ns);
 		return ERR_PTR(rv);
 	}
 	return net;
@@ -718,6 +719,7 @@ static void cleanup_net(struct work_struct *work)
 #endif
 		put_user_ns(net->user_ns);
 		net_passive_dec(net);
+		ns_free_inum(&net->ns);
 	}
 	WRITE_ONCE(cleanup_net_task, NULL);
 }
@@ -831,31 +833,12 @@ static void net_ns_net_debugfs(struct net *net)
 
 static __net_init int net_ns_net_init(struct net *net)
 {
-	int ret = 0;
-
-	if (net == &init_net)
-		net->ns.inum = PROC_NET_INIT_INO;
-	else
-		ret = proc_alloc_inum(&to_ns_common(net)->inum);
-	if (ret)
-		return ret;
-
 	net_ns_net_debugfs(net);
 	return 0;
 }
 
-static __net_exit void net_ns_net_exit(struct net *net)
-{
-	/*
-	 * Initial network namespace doesn't exit so we don't need any
-	 * special checks here.
-	 */
-	ns_free_inum(&net->ns);
-}
-
 static struct pernet_operations __net_initdata net_ns_ops = {
 	.init = net_ns_net_init,
-	.exit = net_ns_net_exit,
 };
 
 static const struct nla_policy rtnl_net_policy[NETNSA_MAX + 1] = {

-- 
2.47.3

Re: [PATCH 7/9] net: centralize ns_common initialization

[Jan Kara]

On Wed 17-09-25 12:28:06, Christian Brauner wrote:
> Centralize ns_common initialization.
> 
> Signed-off-by: Christian Brauner <brauner@kernel.org>
> ---
>  net/core/net_namespace.c | 23 +++--------------------
>  1 file changed, 3 insertions(+), 20 deletions(-)
> 
> diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
> index a57b3cda8dbc..897f4927df9e 100644
> --- a/net/core/net_namespace.c
> +++ b/net/core/net_namespace.c
> @@ -409,7 +409,7 @@ static __net_init int preinit_net(struct net *net, struct user_namespace *user_n
>  	ns_ops = NULL;
>  #endif
>  
> -	ret = ns_common_init(&net->ns, ns_ops, false);
> +	ret = ns_common_init(&net->ns, ns_ops, true);
>  	if (ret)
>  		return ret;
>  
> @@ -597,6 +597,7 @@ struct net *copy_net_ns(unsigned long flags,
>  		net_passive_dec(net);
>  dec_ucounts:
>  		dec_net_namespaces(ucounts);
> +		ns_free_inum(&net->ns);

This looks like a wrong place to put it? dec_ucounts also gets called when we
failed to create 'net' and thus net == NULL. 

>  		return ERR_PTR(rv);
>  	}
>  	return net;
> @@ -718,6 +719,7 @@ static void cleanup_net(struct work_struct *work)
>  #endif
>  		put_user_ns(net->user_ns);
>  		net_passive_dec(net);
> +		ns_free_inum(&net->ns);

The calling of ns_free_inum() after we've dropped our reference
(net_passive_dec()) looks suspicious. Given how 'net' freeing works I don't
think this can lead to actual UAF issues but it is in my opinion a bad
coding pattern and for no good reason AFAICT.

>  	}
>  	WRITE_ONCE(cleanup_net_task, NULL);
>  }

								Honza

-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

Re: [PATCH 7/9] net: centralize ns_common initialization

[Christian Brauner]

On Thu, Sep 18, 2025 at 11:42:38AM +0200, Jan Kara wrote:
> On Wed 17-09-25 12:28:06, Christian Brauner wrote:
> > Centralize ns_common initialization.
> > 
> > Signed-off-by: Christian Brauner <brauner@kernel.org>
> > ---
> >  net/core/net_namespace.c | 23 +++--------------------
> >  1 file changed, 3 insertions(+), 20 deletions(-)
> > 
> > diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
> > index a57b3cda8dbc..897f4927df9e 100644
> > --- a/net/core/net_namespace.c
> > +++ b/net/core/net_namespace.c
> > @@ -409,7 +409,7 @@ static __net_init int preinit_net(struct net *net, struct user_namespace *user_n
> >  	ns_ops = NULL;
> >  #endif
> >  
> > -	ret = ns_common_init(&net->ns, ns_ops, false);
> > +	ret = ns_common_init(&net->ns, ns_ops, true);
> >  	if (ret)
> >  		return ret;
> >  
> > @@ -597,6 +597,7 @@ struct net *copy_net_ns(unsigned long flags,
> >  		net_passive_dec(net);
> >  dec_ucounts:
> >  		dec_net_namespaces(ucounts);
> > +		ns_free_inum(&net->ns);
> 
> This looks like a wrong place to put it? dec_ucounts also gets called when we
> failed to create 'net' and thus net == NULL. 
> 
> >  		return ERR_PTR(rv);
> >  	}
> >  	return net;
> > @@ -718,6 +719,7 @@ static void cleanup_net(struct work_struct *work)
> >  #endif
> >  		put_user_ns(net->user_ns);
> >  		net_passive_dec(net);
> > +		ns_free_inum(&net->ns);
> 
> The calling of ns_free_inum() after we've dropped our reference
> (net_passive_dec()) looks suspicious. Given how 'net' freeing works I don't
> think this can lead to actual UAF issues but it is in my opinion a bad
> coding pattern and for no good reason AFAICT.

All good points. I can't say I'm fond of the complexity in this specific
instance in general.

diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
index 897f4927df9e..9df236811454 100644
--- a/net/core/net_namespace.c
+++ b/net/core/net_namespace.c
@@ -590,6 +590,7 @@ struct net *copy_net_ns(unsigned long flags,

        if (rv < 0) {
 put_userns:
+               ns_free_inum(&net->ns);
 #ifdef CONFIG_KEYS
                key_remove_domain(net->key_domain);
 #endif
@@ -597,7 +598,6 @@ struct net *copy_net_ns(unsigned long flags,
                net_passive_dec(net);
 dec_ucounts:
                dec_net_namespaces(ucounts);
-               ns_free_inum(&net->ns);
                return ERR_PTR(rv);
        }
        return net;
@@ -713,13 +713,13 @@ static void cleanup_net(struct work_struct *work)
        /* Finally it is safe to free my network namespace structure */
        list_for_each_entry_safe(net, tmp, &net_exit_list, exit_list) {
                list_del_init(&net->exit_list);
+               ns_free_inum(&net->ns);
                dec_net_namespaces(net->ucounts);
 #ifdef CONFIG_KEYS
                key_remove_domain(net->key_domain);
 #endif
                put_user_ns(net->user_ns);
                net_passive_dec(net);
-               ns_free_inum(&net->ns);
        }
        WRITE_ONCE(cleanup_net_task, NULL);
 }

Re: [PATCH 7/9] net: centralize ns_common initialization

[Jan Kara]

On Fri 19-09-25 10:08:33, Christian Brauner wrote:
> On Thu, Sep 18, 2025 at 11:42:38AM +0200, Jan Kara wrote:
> > On Wed 17-09-25 12:28:06, Christian Brauner wrote:
> > > Centralize ns_common initialization.
> > > 
> > > Signed-off-by: Christian Brauner <brauner@kernel.org>
> > > ---
> > >  net/core/net_namespace.c | 23 +++--------------------
> > >  1 file changed, 3 insertions(+), 20 deletions(-)
> > > 
> > > diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
> > > index a57b3cda8dbc..897f4927df9e 100644
> > > --- a/net/core/net_namespace.c
> > > +++ b/net/core/net_namespace.c
> > > @@ -409,7 +409,7 @@ static __net_init int preinit_net(struct net *net, struct user_namespace *user_n
> > >  	ns_ops = NULL;
> > >  #endif
> > >  
> > > -	ret = ns_common_init(&net->ns, ns_ops, false);
> > > +	ret = ns_common_init(&net->ns, ns_ops, true);
> > >  	if (ret)
> > >  		return ret;
> > >  
> > > @@ -597,6 +597,7 @@ struct net *copy_net_ns(unsigned long flags,
> > >  		net_passive_dec(net);
> > >  dec_ucounts:
> > >  		dec_net_namespaces(ucounts);
> > > +		ns_free_inum(&net->ns);
> > 
> > This looks like a wrong place to put it? dec_ucounts also gets called when we
> > failed to create 'net' and thus net == NULL. 
> > 
> > >  		return ERR_PTR(rv);
> > >  	}
> > >  	return net;
> > > @@ -718,6 +719,7 @@ static void cleanup_net(struct work_struct *work)
> > >  #endif
> > >  		put_user_ns(net->user_ns);
> > >  		net_passive_dec(net);
> > > +		ns_free_inum(&net->ns);
> > 
> > The calling of ns_free_inum() after we've dropped our reference
> > (net_passive_dec()) looks suspicious. Given how 'net' freeing works I don't
> > think this can lead to actual UAF issues but it is in my opinion a bad
> > coding pattern and for no good reason AFAICT.
> 
> All good points. I can't say I'm fond of the complexity in this specific
> instance in general.

Agreed. The changes look good to me now. Feel free to add:

Reviewed-by: Jan Kara <jack@suse.cz>

								Honza

> 
> diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
> index 897f4927df9e..9df236811454 100644
> --- a/net/core/net_namespace.c
> +++ b/net/core/net_namespace.c
> @@ -590,6 +590,7 @@ struct net *copy_net_ns(unsigned long flags,
> 
>         if (rv < 0) {
>  put_userns:
> +               ns_free_inum(&net->ns);
>  #ifdef CONFIG_KEYS
>                 key_remove_domain(net->key_domain);
>  #endif
> @@ -597,7 +598,6 @@ struct net *copy_net_ns(unsigned long flags,
>                 net_passive_dec(net);
>  dec_ucounts:
>                 dec_net_namespaces(ucounts);
> -               ns_free_inum(&net->ns);
>                 return ERR_PTR(rv);
>         }
>         return net;
> @@ -713,13 +713,13 @@ static void cleanup_net(struct work_struct *work)
>         /* Finally it is safe to free my network namespace structure */
>         list_for_each_entry_safe(net, tmp, &net_exit_list, exit_list) {
>                 list_del_init(&net->exit_list);
> +               ns_free_inum(&net->ns);
>                 dec_net_namespaces(net->ucounts);
>  #ifdef CONFIG_KEYS
>                 key_remove_domain(net->key_domain);
>  #endif
>                 put_user_ns(net->user_ns);
>                 net_passive_dec(net);
> -               ns_free_inum(&net->ns);
>         }
>         WRITE_ONCE(cleanup_net_task, NULL);
>  }
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

[PATCH 8/9] nscommon: simplify initialization

[Christian Brauner]

There's a lot of information that namespace implementers don't need to
know about at all. Encapsulate this all in the initialization helper.

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 fs/namespace.c            |  5 +++--
 include/linux/ns_common.h | 41 +++++++++++++++++++++++++++++++++++++++--
 ipc/namespace.c           |  2 +-
 kernel/cgroup/namespace.c |  2 +-
 kernel/nscommon.c         | 17 ++++++++---------
 kernel/pid_namespace.c    |  2 +-
 kernel/time/namespace.c   |  2 +-
 kernel/user_namespace.c   |  2 +-
 kernel/utsname.c          |  2 +-
 net/core/net_namespace.c  |  2 +-
 10 files changed, 57 insertions(+), 20 deletions(-)

diff --git a/fs/namespace.c b/fs/namespace.c
index 09e4ecd44972..31eb0e8f21eb 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -4105,8 +4105,9 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns, bool a
 	}
 
 	if (anon)
-		new_ns->ns.inum = MNT_NS_ANON_INO;
-	ret = ns_common_init(&new_ns->ns, &mntns_operations, !anon);
+		ret = ns_common_init_inum(new_ns, &mntns_operations, MNT_NS_ANON_INO);
+	else
+		ret = ns_common_init(new_ns, &mntns_operations);
 	if (ret) {
 		kfree(new_ns);
 		dec_mnt_namespaces(ucounts);
diff --git a/include/linux/ns_common.h b/include/linux/ns_common.h
index 78b17fe80b62..284bba2b7c43 100644
--- a/include/linux/ns_common.h
+++ b/include/linux/ns_common.h
@@ -16,6 +16,15 @@ struct time_namespace;
 struct user_namespace;
 struct uts_namespace;
 
+extern struct cgroup_namespace init_cgroup_ns;
+extern struct ipc_namespace init_ipc_ns;
+extern struct mnt_namespace *init_mnt_ns;
+extern struct net init_net;
+extern struct pid_namespace init_pid_ns;
+extern struct time_namespace init_time_ns;
+extern struct user_namespace init_user_ns;
+extern struct uts_namespace init_uts_ns;
+
 struct ns_common {
 	struct dentry *stashed;
 	const struct proc_ns_operations *ops;
@@ -31,8 +40,7 @@ struct ns_common {
 	};
 };
 
-int ns_common_init(struct ns_common *ns, const struct proc_ns_operations *ops,
-		   bool alloc_inum);
+int __ns_common_init(struct ns_common *ns, const struct proc_ns_operations *ops, int inum);
 
 #define to_ns_common(__ns)                              \
 	_Generic((__ns),                                \
@@ -45,4 +53,33 @@ int ns_common_init(struct ns_common *ns, const struct proc_ns_operations *ops,
 		struct user_namespace *:   &(__ns)->ns, \
 		struct uts_namespace *:    &(__ns)->ns)
 
+#define ns_init_inum(__ns)                                     \
+	_Generic((__ns),                                       \
+		struct cgroup_namespace *: CGROUP_NS_INIT_INO, \
+		struct ipc_namespace *:    IPC_NS_INIT_INO,    \
+		struct mnt_namespace *:    MNT_NS_INIT_INO,    \
+		struct net *:              NET_NS_INIT_INO,    \
+		struct pid_namespace *:    PID_NS_INIT_INO,    \
+		struct time_namespace *:   TIME_NS_INIT_INO,   \
+		struct user_namespace *:   USER_NS_INIT_INO,   \
+		struct uts_namespace *:    UTS_NS_INIT_INO)
+
+#define ns_init_ns(__ns)                                    \
+	_Generic((__ns),                                    \
+		struct cgroup_namespace *: &init_cgroup_ns, \
+		struct ipc_namespace *:    &init_ipc_ns,    \
+		struct mnt_namespace *:    init_mnt_ns,     \
+		struct net *:              &init_net,       \
+		struct pid_namespace *:    &init_pid_ns,    \
+		struct time_namespace *:   &init_time_ns,   \
+		struct user_namespace *:   &init_user_ns,   \
+		struct uts_namespace *:    &init_uts_ns)
+
+#define ns_common_init(__ns, __ops) \
+	__ns_common_init(&(__ns)->ns, __ops, \
+		         (((__ns) == ns_init_ns(__ns)) ? ns_init_inum(__ns) : 0))
+
+#define ns_common_init_inum(__ns, __ops, __inum) \
+	__ns_common_init(&(__ns)->ns, __ops, __inum)
+
 #endif
diff --git a/ipc/namespace.c b/ipc/namespace.c
index 89588819956b..0f8bbd18a475 100644
--- a/ipc/namespace.c
+++ b/ipc/namespace.c
@@ -62,7 +62,7 @@ static struct ipc_namespace *create_ipc_ns(struct user_namespace *user_ns,
 	if (ns == NULL)
 		goto fail_dec;
 
-	err = ns_common_init(&ns->ns, &ipcns_operations, true);
+	err = ns_common_init(ns, &ipcns_operations);
 	if (err)
 		goto fail_free;
 
diff --git a/kernel/cgroup/namespace.c b/kernel/cgroup/namespace.c
index 5a327914b565..d928c557e28b 100644
--- a/kernel/cgroup/namespace.c
+++ b/kernel/cgroup/namespace.c
@@ -27,7 +27,7 @@ static struct cgroup_namespace *alloc_cgroup_ns(void)
 	new_ns = kzalloc(sizeof(struct cgroup_namespace), GFP_KERNEL_ACCOUNT);
 	if (!new_ns)
 		return ERR_PTR(-ENOMEM);
-	ret = ns_common_init(&new_ns->ns, &cgroupns_operations, true);
+	ret = ns_common_init(new_ns, &cgroupns_operations);
 	if (ret)
 		return ERR_PTR(ret);
 	ns_tree_add(new_ns);
diff --git a/kernel/nscommon.c b/kernel/nscommon.c
index e10fad8afe61..c3a90bb665ad 100644
--- a/kernel/nscommon.c
+++ b/kernel/nscommon.c
@@ -1,21 +1,20 @@
 // SPDX-License-Identifier: GPL-2.0-only
 
 #include <linux/ns_common.h>
+#include <linux/proc_ns.h>
 
-int ns_common_init(struct ns_common *ns, const struct proc_ns_operations *ops,
-		   bool alloc_inum)
+int __ns_common_init(struct ns_common *ns, const struct proc_ns_operations *ops, int inum)
 {
-	if (alloc_inum && !ns->inum) {
-		int ret;
-		ret = proc_alloc_inum(&ns->inum);
-		if (ret)
-			return ret;
-	}
 	refcount_set(&ns->count, 1);
 	ns->stashed = NULL;
 	ns->ops = ops;
 	ns->ns_id = 0;
 	RB_CLEAR_NODE(&ns->ns_tree_node);
 	INIT_LIST_HEAD(&ns->ns_list_node);
-	return 0;
+
+	if (inum) {
+		ns->inum = inum;
+		return 0;
+	}
+	return proc_alloc_inum(&ns->inum);
 }
diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c
index 9b327420309e..170757c265c2 100644
--- a/kernel/pid_namespace.c
+++ b/kernel/pid_namespace.c
@@ -103,7 +103,7 @@ static struct pid_namespace *create_pid_namespace(struct user_namespace *user_ns
 	if (ns->pid_cachep == NULL)
 		goto out_free_idr;
 
-	err = ns_common_init(&ns->ns, &pidns_operations, true);
+	err = ns_common_init(ns, &pidns_operations);
 	if (err)
 		goto out_free_idr;
 
diff --git a/kernel/time/namespace.c b/kernel/time/namespace.c
index 20b65f90549e..ce8e952104a7 100644
--- a/kernel/time/namespace.c
+++ b/kernel/time/namespace.c
@@ -97,7 +97,7 @@ static struct time_namespace *clone_time_ns(struct user_namespace *user_ns,
 	if (!ns->vvar_page)
 		goto fail_free;
 
-	err = ns_common_init(&ns->ns, &timens_operations, true);
+	err = ns_common_init(ns, &timens_operations);
 	if (err)
 		goto fail_free_page;
 
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index cfb0e28f2779..db9f0463219c 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -126,7 +126,7 @@ int create_user_ns(struct cred *new)
 
 	ns->parent_could_setfcap = cap_raised(new->cap_effective, CAP_SETFCAP);
 
-	ret = ns_common_init(&ns->ns, &userns_operations, true);
+	ret = ns_common_init(ns, &userns_operations);
 	if (ret)
 		goto fail_free;
 
diff --git a/kernel/utsname.c b/kernel/utsname.c
index a682830742d3..399888be66bd 100644
--- a/kernel/utsname.c
+++ b/kernel/utsname.c
@@ -50,7 +50,7 @@ static struct uts_namespace *clone_uts_ns(struct user_namespace *user_ns,
 	if (!ns)
 		goto fail_dec;
 
-	err = ns_common_init(&ns->ns, &utsns_operations, true);
+	err = ns_common_init(ns, &utsns_operations);
 	if (err)
 		goto fail_free;
 
diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
index 897f4927df9e..fdb266bbdf93 100644
--- a/net/core/net_namespace.c
+++ b/net/core/net_namespace.c
@@ -409,7 +409,7 @@ static __net_init int preinit_net(struct net *net, struct user_namespace *user_n
 	ns_ops = NULL;
 #endif
 
-	ret = ns_common_init(&net->ns, ns_ops, true);
+	ret = ns_common_init(net, ns_ops);
 	if (ret)
 		return ret;
 

-- 
2.47.3

Re: [PATCH 8/9] nscommon: simplify initialization

[Jan Kara]

On Wed 17-09-25 12:28:07, Christian Brauner wrote:
> There's a lot of information that namespace implementers don't need to
> know about at all. Encapsulate this all in the initialization helper.
> 
> Signed-off-by: Christian Brauner <brauner@kernel.org>

Looks good. Feel free to add:

Reviewed-by: Jan Kara <jack@suse.cz>

								Honza

> ---
>  fs/namespace.c            |  5 +++--
>  include/linux/ns_common.h | 41 +++++++++++++++++++++++++++++++++++++++--
>  ipc/namespace.c           |  2 +-
>  kernel/cgroup/namespace.c |  2 +-
>  kernel/nscommon.c         | 17 ++++++++---------
>  kernel/pid_namespace.c    |  2 +-
>  kernel/time/namespace.c   |  2 +-
>  kernel/user_namespace.c   |  2 +-
>  kernel/utsname.c          |  2 +-
>  net/core/net_namespace.c  |  2 +-
>  10 files changed, 57 insertions(+), 20 deletions(-)
> 
> diff --git a/fs/namespace.c b/fs/namespace.c
> index 09e4ecd44972..31eb0e8f21eb 100644
> --- a/fs/namespace.c
> +++ b/fs/namespace.c
> @@ -4105,8 +4105,9 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns, bool a
>  	}
>  
>  	if (anon)
> -		new_ns->ns.inum = MNT_NS_ANON_INO;
> -	ret = ns_common_init(&new_ns->ns, &mntns_operations, !anon);
> +		ret = ns_common_init_inum(new_ns, &mntns_operations, MNT_NS_ANON_INO);
> +	else
> +		ret = ns_common_init(new_ns, &mntns_operations);
>  	if (ret) {
>  		kfree(new_ns);
>  		dec_mnt_namespaces(ucounts);
> diff --git a/include/linux/ns_common.h b/include/linux/ns_common.h
> index 78b17fe80b62..284bba2b7c43 100644
> --- a/include/linux/ns_common.h
> +++ b/include/linux/ns_common.h
> @@ -16,6 +16,15 @@ struct time_namespace;
>  struct user_namespace;
>  struct uts_namespace;
>  
> +extern struct cgroup_namespace init_cgroup_ns;
> +extern struct ipc_namespace init_ipc_ns;
> +extern struct mnt_namespace *init_mnt_ns;
> +extern struct net init_net;
> +extern struct pid_namespace init_pid_ns;
> +extern struct time_namespace init_time_ns;
> +extern struct user_namespace init_user_ns;
> +extern struct uts_namespace init_uts_ns;
> +
>  struct ns_common {
>  	struct dentry *stashed;
>  	const struct proc_ns_operations *ops;
> @@ -31,8 +40,7 @@ struct ns_common {
>  	};
>  };
>  
> -int ns_common_init(struct ns_common *ns, const struct proc_ns_operations *ops,
> -		   bool alloc_inum);
> +int __ns_common_init(struct ns_common *ns, const struct proc_ns_operations *ops, int inum);
>  
>  #define to_ns_common(__ns)                              \
>  	_Generic((__ns),                                \
> @@ -45,4 +53,33 @@ int ns_common_init(struct ns_common *ns, const struct proc_ns_operations *ops,
>  		struct user_namespace *:   &(__ns)->ns, \
>  		struct uts_namespace *:    &(__ns)->ns)
>  
> +#define ns_init_inum(__ns)                                     \
> +	_Generic((__ns),                                       \
> +		struct cgroup_namespace *: CGROUP_NS_INIT_INO, \
> +		struct ipc_namespace *:    IPC_NS_INIT_INO,    \
> +		struct mnt_namespace *:    MNT_NS_INIT_INO,    \
> +		struct net *:              NET_NS_INIT_INO,    \
> +		struct pid_namespace *:    PID_NS_INIT_INO,    \
> +		struct time_namespace *:   TIME_NS_INIT_INO,   \
> +		struct user_namespace *:   USER_NS_INIT_INO,   \
> +		struct uts_namespace *:    UTS_NS_INIT_INO)
> +
> +#define ns_init_ns(__ns)                                    \
> +	_Generic((__ns),                                    \
> +		struct cgroup_namespace *: &init_cgroup_ns, \
> +		struct ipc_namespace *:    &init_ipc_ns,    \
> +		struct mnt_namespace *:    init_mnt_ns,     \
> +		struct net *:              &init_net,       \
> +		struct pid_namespace *:    &init_pid_ns,    \
> +		struct time_namespace *:   &init_time_ns,   \
> +		struct user_namespace *:   &init_user_ns,   \
> +		struct uts_namespace *:    &init_uts_ns)
> +
> +#define ns_common_init(__ns, __ops) \
> +	__ns_common_init(&(__ns)->ns, __ops, \
> +		         (((__ns) == ns_init_ns(__ns)) ? ns_init_inum(__ns) : 0))
> +
> +#define ns_common_init_inum(__ns, __ops, __inum) \
> +	__ns_common_init(&(__ns)->ns, __ops, __inum)
> +
>  #endif
> diff --git a/ipc/namespace.c b/ipc/namespace.c
> index 89588819956b..0f8bbd18a475 100644
> --- a/ipc/namespace.c
> +++ b/ipc/namespace.c
> @@ -62,7 +62,7 @@ static struct ipc_namespace *create_ipc_ns(struct user_namespace *user_ns,
>  	if (ns == NULL)
>  		goto fail_dec;
>  
> -	err = ns_common_init(&ns->ns, &ipcns_operations, true);
> +	err = ns_common_init(ns, &ipcns_operations);
>  	if (err)
>  		goto fail_free;
>  
> diff --git a/kernel/cgroup/namespace.c b/kernel/cgroup/namespace.c
> index 5a327914b565..d928c557e28b 100644
> --- a/kernel/cgroup/namespace.c
> +++ b/kernel/cgroup/namespace.c
> @@ -27,7 +27,7 @@ static struct cgroup_namespace *alloc_cgroup_ns(void)
>  	new_ns = kzalloc(sizeof(struct cgroup_namespace), GFP_KERNEL_ACCOUNT);
>  	if (!new_ns)
>  		return ERR_PTR(-ENOMEM);
> -	ret = ns_common_init(&new_ns->ns, &cgroupns_operations, true);
> +	ret = ns_common_init(new_ns, &cgroupns_operations);
>  	if (ret)
>  		return ERR_PTR(ret);
>  	ns_tree_add(new_ns);
> diff --git a/kernel/nscommon.c b/kernel/nscommon.c
> index e10fad8afe61..c3a90bb665ad 100644
> --- a/kernel/nscommon.c
> +++ b/kernel/nscommon.c
> @@ -1,21 +1,20 @@
>  // SPDX-License-Identifier: GPL-2.0-only
>  
>  #include <linux/ns_common.h>
> +#include <linux/proc_ns.h>
>  
> -int ns_common_init(struct ns_common *ns, const struct proc_ns_operations *ops,
> -		   bool alloc_inum)
> +int __ns_common_init(struct ns_common *ns, const struct proc_ns_operations *ops, int inum)
>  {
> -	if (alloc_inum && !ns->inum) {
> -		int ret;
> -		ret = proc_alloc_inum(&ns->inum);
> -		if (ret)
> -			return ret;
> -	}
>  	refcount_set(&ns->count, 1);
>  	ns->stashed = NULL;
>  	ns->ops = ops;
>  	ns->ns_id = 0;
>  	RB_CLEAR_NODE(&ns->ns_tree_node);
>  	INIT_LIST_HEAD(&ns->ns_list_node);
> -	return 0;
> +
> +	if (inum) {
> +		ns->inum = inum;
> +		return 0;
> +	}
> +	return proc_alloc_inum(&ns->inum);
>  }
> diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c
> index 9b327420309e..170757c265c2 100644
> --- a/kernel/pid_namespace.c
> +++ b/kernel/pid_namespace.c
> @@ -103,7 +103,7 @@ static struct pid_namespace *create_pid_namespace(struct user_namespace *user_ns
>  	if (ns->pid_cachep == NULL)
>  		goto out_free_idr;
>  
> -	err = ns_common_init(&ns->ns, &pidns_operations, true);
> +	err = ns_common_init(ns, &pidns_operations);
>  	if (err)
>  		goto out_free_idr;
>  
> diff --git a/kernel/time/namespace.c b/kernel/time/namespace.c
> index 20b65f90549e..ce8e952104a7 100644
> --- a/kernel/time/namespace.c
> +++ b/kernel/time/namespace.c
> @@ -97,7 +97,7 @@ static struct time_namespace *clone_time_ns(struct user_namespace *user_ns,
>  	if (!ns->vvar_page)
>  		goto fail_free;
>  
> -	err = ns_common_init(&ns->ns, &timens_operations, true);
> +	err = ns_common_init(ns, &timens_operations);
>  	if (err)
>  		goto fail_free_page;
>  
> diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
> index cfb0e28f2779..db9f0463219c 100644
> --- a/kernel/user_namespace.c
> +++ b/kernel/user_namespace.c
> @@ -126,7 +126,7 @@ int create_user_ns(struct cred *new)
>  
>  	ns->parent_could_setfcap = cap_raised(new->cap_effective, CAP_SETFCAP);
>  
> -	ret = ns_common_init(&ns->ns, &userns_operations, true);
> +	ret = ns_common_init(ns, &userns_operations);
>  	if (ret)
>  		goto fail_free;
>  
> diff --git a/kernel/utsname.c b/kernel/utsname.c
> index a682830742d3..399888be66bd 100644
> --- a/kernel/utsname.c
> +++ b/kernel/utsname.c
> @@ -50,7 +50,7 @@ static struct uts_namespace *clone_uts_ns(struct user_namespace *user_ns,
>  	if (!ns)
>  		goto fail_dec;
>  
> -	err = ns_common_init(&ns->ns, &utsns_operations, true);
> +	err = ns_common_init(ns, &utsns_operations);
>  	if (err)
>  		goto fail_free;
>  
> diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
> index 897f4927df9e..fdb266bbdf93 100644
> --- a/net/core/net_namespace.c
> +++ b/net/core/net_namespace.c
> @@ -409,7 +409,7 @@ static __net_init int preinit_net(struct net *net, struct user_namespace *user_n
>  	ns_ops = NULL;
>  #endif
>  
> -	ret = ns_common_init(&net->ns, ns_ops, true);
> +	ret = ns_common_init(net, ns_ops);
>  	if (ret)
>  		return ret;
>  
> 
> -- 
> 2.47.3
> 
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

[PATCH 9/9] ns: add ns_common_free()

[Christian Brauner]

And drop ns_free_inum(). Anything common that can be wasted centrally
should be wasted in the new common helper.

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 fs/namespace.c            | 4 ++--
 include/linux/ns_common.h | 3 +++
 include/linux/proc_ns.h   | 2 --
 ipc/namespace.c           | 4 ++--
 kernel/cgroup/namespace.c | 2 +-
 kernel/nscommon.c         | 5 +++++
 kernel/pid_namespace.c    | 4 ++--
 kernel/time/namespace.c   | 2 +-
 kernel/user_namespace.c   | 4 ++--
 kernel/utsname.c          | 2 +-
 net/core/net_namespace.c  | 4 ++--
 11 files changed, 21 insertions(+), 15 deletions(-)

diff --git a/fs/namespace.c b/fs/namespace.c
index 31eb0e8f21eb..03bd04559e69 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -4083,7 +4083,7 @@ static void dec_mnt_namespaces(struct ucounts *ucounts)
 static void free_mnt_ns(struct mnt_namespace *ns)
 {
 	if (!is_anon_ns(ns))
-		ns_free_inum(&ns->ns);
+		ns_common_free(ns);
 	dec_mnt_namespaces(ns->ucounts);
 	mnt_ns_tree_remove(ns);
 }
@@ -4155,7 +4155,7 @@ struct mnt_namespace *copy_mnt_ns(unsigned long flags, struct mnt_namespace *ns,
 	new = copy_tree(old, old->mnt.mnt_root, copy_flags);
 	if (IS_ERR(new)) {
 		namespace_unlock();
-		ns_free_inum(&new_ns->ns);
+		ns_common_free(ns);
 		dec_mnt_namespaces(new_ns->ucounts);
 		mnt_ns_release(new_ns);
 		return ERR_CAST(new);
diff --git a/include/linux/ns_common.h b/include/linux/ns_common.h
index 284bba2b7c43..5094c0147b54 100644
--- a/include/linux/ns_common.h
+++ b/include/linux/ns_common.h
@@ -41,6 +41,7 @@ struct ns_common {
 };
 
 int __ns_common_init(struct ns_common *ns, const struct proc_ns_operations *ops, int inum);
+void __ns_common_free(struct ns_common *ns);
 
 #define to_ns_common(__ns)                              \
 	_Generic((__ns),                                \
@@ -82,4 +83,6 @@ int __ns_common_init(struct ns_common *ns, const struct proc_ns_operations *ops,
 #define ns_common_init_inum(__ns, __ops, __inum) \
 	__ns_common_init(&(__ns)->ns, __ops, __inum)
 
+#define ns_common_free(__ns) __ns_common_free(to_ns_common((__ns)))
+
 #endif
diff --git a/include/linux/proc_ns.h b/include/linux/proc_ns.h
index 9f21670b5824..08016f6e0e6f 100644
--- a/include/linux/proc_ns.h
+++ b/include/linux/proc_ns.h
@@ -66,8 +66,6 @@ static inline void proc_free_inum(unsigned int inum) {}
 
 #endif /* CONFIG_PROC_FS */
 
-#define ns_free_inum(ns) proc_free_inum((ns)->inum)
-
 #define get_proc_ns(inode) ((struct ns_common *)(inode)->i_private)
 
 #endif /* _LINUX_PROC_NS_H */
diff --git a/ipc/namespace.c b/ipc/namespace.c
index 0f8bbd18a475..09d261a1a2aa 100644
--- a/ipc/namespace.c
+++ b/ipc/namespace.c
@@ -97,7 +97,7 @@ static struct ipc_namespace *create_ipc_ns(struct user_namespace *user_ns,
 
 fail_put:
 	put_user_ns(ns->user_ns);
-	ns_free_inum(&ns->ns);
+	ns_common_free(ns);
 fail_free:
 	kfree(ns);
 fail_dec:
@@ -161,7 +161,7 @@ static void free_ipc_ns(struct ipc_namespace *ns)
 
 	dec_ipc_namespaces(ns->ucounts);
 	put_user_ns(ns->user_ns);
-	ns_free_inum(&ns->ns);
+	ns_common_free(ns);
 	kfree(ns);
 }
 
diff --git a/kernel/cgroup/namespace.c b/kernel/cgroup/namespace.c
index d928c557e28b..16ead7508371 100644
--- a/kernel/cgroup/namespace.c
+++ b/kernel/cgroup/namespace.c
@@ -40,7 +40,7 @@ void free_cgroup_ns(struct cgroup_namespace *ns)
 	put_css_set(ns->root_cset);
 	dec_cgroup_namespaces(ns->ucounts);
 	put_user_ns(ns->user_ns);
-	ns_free_inum(&ns->ns);
+	ns_common_free(ns);
 	/* Concurrent nstree traversal depends on a grace period. */
 	kfree_rcu(ns, ns.ns_rcu);
 }
diff --git a/kernel/nscommon.c b/kernel/nscommon.c
index c3a90bb665ad..7c1b07e2a6c9 100644
--- a/kernel/nscommon.c
+++ b/kernel/nscommon.c
@@ -18,3 +18,8 @@ int __ns_common_init(struct ns_common *ns, const struct proc_ns_operations *ops,
 	}
 	return proc_alloc_inum(&ns->inum);
 }
+
+void __ns_common_free(struct ns_common *ns)
+{
+	proc_free_inum(ns->inum);
+}
diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c
index 170757c265c2..27e2dd9ee051 100644
--- a/kernel/pid_namespace.c
+++ b/kernel/pid_namespace.c
@@ -127,7 +127,7 @@ static struct pid_namespace *create_pid_namespace(struct user_namespace *user_ns
 	return ns;
 
 out_free_inum:
-	ns_free_inum(&ns->ns);
+	ns_common_free(ns);
 out_free_idr:
 	idr_destroy(&ns->idr);
 	kmem_cache_free(pid_ns_cachep, ns);
@@ -152,7 +152,7 @@ static void destroy_pid_namespace(struct pid_namespace *ns)
 	ns_tree_remove(ns);
 	unregister_pidns_sysctls(ns);
 
-	ns_free_inum(&ns->ns);
+	ns_common_free(ns);
 
 	idr_destroy(&ns->idr);
 	call_rcu(&ns->rcu, delayed_free_pidns);
diff --git a/kernel/time/namespace.c b/kernel/time/namespace.c
index ce8e952104a7..d49c73015d6e 100644
--- a/kernel/time/namespace.c
+++ b/kernel/time/namespace.c
@@ -255,7 +255,7 @@ void free_time_ns(struct time_namespace *ns)
 	ns_tree_remove(ns);
 	dec_time_namespaces(ns->ucounts);
 	put_user_ns(ns->user_ns);
-	ns_free_inum(&ns->ns);
+	ns_common_free(ns);
 	__free_page(ns->vvar_page);
 	/* Concurrent nstree traversal depends on a grace period. */
 	kfree_rcu(ns, ns.ns_rcu);
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index db9f0463219c..32406bcab526 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -165,7 +165,7 @@ int create_user_ns(struct cred *new)
 #ifdef CONFIG_PERSISTENT_KEYRINGS
 	key_put(ns->persistent_keyring_register);
 #endif
-	ns_free_inum(&ns->ns);
+	ns_common_free(ns);
 fail_free:
 	kmem_cache_free(user_ns_cachep, ns);
 fail_dec:
@@ -220,7 +220,7 @@ static void free_user_ns(struct work_struct *work)
 #endif
 		retire_userns_sysctls(ns);
 		key_free_user_ns(ns);
-		ns_free_inum(&ns->ns);
+		ns_common_free(ns);
 		/* Concurrent nstree traversal depends on a grace period. */
 		kfree_rcu(ns, ns.ns_rcu);
 		dec_user_namespaces(ucounts);
diff --git a/kernel/utsname.c b/kernel/utsname.c
index 399888be66bd..95d733eb2c98 100644
--- a/kernel/utsname.c
+++ b/kernel/utsname.c
@@ -98,7 +98,7 @@ void free_uts_ns(struct uts_namespace *ns)
 	ns_tree_remove(ns);
 	dec_uts_namespaces(ns->ucounts);
 	put_user_ns(ns->user_ns);
-	ns_free_inum(&ns->ns);
+	ns_common_free(ns);
 	/* Concurrent nstree traversal depends on a grace period. */
 	kfree_rcu(ns, ns.ns_rcu);
 }
diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
index fdb266bbdf93..fdbaf5f8ac78 100644
--- a/net/core/net_namespace.c
+++ b/net/core/net_namespace.c
@@ -597,7 +597,7 @@ struct net *copy_net_ns(unsigned long flags,
 		net_passive_dec(net);
 dec_ucounts:
 		dec_net_namespaces(ucounts);
-		ns_free_inum(&net->ns);
+		ns_common_free(net);
 		return ERR_PTR(rv);
 	}
 	return net;
@@ -719,7 +719,7 @@ static void cleanup_net(struct work_struct *work)
 #endif
 		put_user_ns(net->user_ns);
 		net_passive_dec(net);
-		ns_free_inum(&net->ns);
+		ns_common_free(net);
 	}
 	WRITE_ONCE(cleanup_net_task, NULL);
 }

-- 
2.47.3

Re: [PATCH 9/9] ns: add ns_common_free()

[Jan Kara]

On Wed 17-09-25 12:28:08, Christian Brauner wrote:
> And drop ns_free_inum(). Anything common that can be wasted centrally
> should be wasted in the new common helper.
> 
> Signed-off-by: Christian Brauner <brauner@kernel.org>

Nice. Feel free to add:

Reviewed-by: Jan Kara <jack@suse.cz>

								Honza

> ---
>  fs/namespace.c            | 4 ++--
>  include/linux/ns_common.h | 3 +++
>  include/linux/proc_ns.h   | 2 --
>  ipc/namespace.c           | 4 ++--
>  kernel/cgroup/namespace.c | 2 +-
>  kernel/nscommon.c         | 5 +++++
>  kernel/pid_namespace.c    | 4 ++--
>  kernel/time/namespace.c   | 2 +-
>  kernel/user_namespace.c   | 4 ++--
>  kernel/utsname.c          | 2 +-
>  net/core/net_namespace.c  | 4 ++--
>  11 files changed, 21 insertions(+), 15 deletions(-)
> 
> diff --git a/fs/namespace.c b/fs/namespace.c
> index 31eb0e8f21eb..03bd04559e69 100644
> --- a/fs/namespace.c
> +++ b/fs/namespace.c
> @@ -4083,7 +4083,7 @@ static void dec_mnt_namespaces(struct ucounts *ucounts)
>  static void free_mnt_ns(struct mnt_namespace *ns)
>  {
>  	if (!is_anon_ns(ns))
> -		ns_free_inum(&ns->ns);
> +		ns_common_free(ns);
>  	dec_mnt_namespaces(ns->ucounts);
>  	mnt_ns_tree_remove(ns);
>  }
> @@ -4155,7 +4155,7 @@ struct mnt_namespace *copy_mnt_ns(unsigned long flags, struct mnt_namespace *ns,
>  	new = copy_tree(old, old->mnt.mnt_root, copy_flags);
>  	if (IS_ERR(new)) {
>  		namespace_unlock();
> -		ns_free_inum(&new_ns->ns);
> +		ns_common_free(ns);
>  		dec_mnt_namespaces(new_ns->ucounts);
>  		mnt_ns_release(new_ns);
>  		return ERR_CAST(new);
> diff --git a/include/linux/ns_common.h b/include/linux/ns_common.h
> index 284bba2b7c43..5094c0147b54 100644
> --- a/include/linux/ns_common.h
> +++ b/include/linux/ns_common.h
> @@ -41,6 +41,7 @@ struct ns_common {
>  };
>  
>  int __ns_common_init(struct ns_common *ns, const struct proc_ns_operations *ops, int inum);
> +void __ns_common_free(struct ns_common *ns);
>  
>  #define to_ns_common(__ns)                              \
>  	_Generic((__ns),                                \
> @@ -82,4 +83,6 @@ int __ns_common_init(struct ns_common *ns, const struct proc_ns_operations *ops,
>  #define ns_common_init_inum(__ns, __ops, __inum) \
>  	__ns_common_init(&(__ns)->ns, __ops, __inum)
>  
> +#define ns_common_free(__ns) __ns_common_free(to_ns_common((__ns)))
> +
>  #endif
> diff --git a/include/linux/proc_ns.h b/include/linux/proc_ns.h
> index 9f21670b5824..08016f6e0e6f 100644
> --- a/include/linux/proc_ns.h
> +++ b/include/linux/proc_ns.h
> @@ -66,8 +66,6 @@ static inline void proc_free_inum(unsigned int inum) {}
>  
>  #endif /* CONFIG_PROC_FS */
>  
> -#define ns_free_inum(ns) proc_free_inum((ns)->inum)
> -
>  #define get_proc_ns(inode) ((struct ns_common *)(inode)->i_private)
>  
>  #endif /* _LINUX_PROC_NS_H */
> diff --git a/ipc/namespace.c b/ipc/namespace.c
> index 0f8bbd18a475..09d261a1a2aa 100644
> --- a/ipc/namespace.c
> +++ b/ipc/namespace.c
> @@ -97,7 +97,7 @@ static struct ipc_namespace *create_ipc_ns(struct user_namespace *user_ns,
>  
>  fail_put:
>  	put_user_ns(ns->user_ns);
> -	ns_free_inum(&ns->ns);
> +	ns_common_free(ns);
>  fail_free:
>  	kfree(ns);
>  fail_dec:
> @@ -161,7 +161,7 @@ static void free_ipc_ns(struct ipc_namespace *ns)
>  
>  	dec_ipc_namespaces(ns->ucounts);
>  	put_user_ns(ns->user_ns);
> -	ns_free_inum(&ns->ns);
> +	ns_common_free(ns);
>  	kfree(ns);
>  }
>  
> diff --git a/kernel/cgroup/namespace.c b/kernel/cgroup/namespace.c
> index d928c557e28b..16ead7508371 100644
> --- a/kernel/cgroup/namespace.c
> +++ b/kernel/cgroup/namespace.c
> @@ -40,7 +40,7 @@ void free_cgroup_ns(struct cgroup_namespace *ns)
>  	put_css_set(ns->root_cset);
>  	dec_cgroup_namespaces(ns->ucounts);
>  	put_user_ns(ns->user_ns);
> -	ns_free_inum(&ns->ns);
> +	ns_common_free(ns);
>  	/* Concurrent nstree traversal depends on a grace period. */
>  	kfree_rcu(ns, ns.ns_rcu);
>  }
> diff --git a/kernel/nscommon.c b/kernel/nscommon.c
> index c3a90bb665ad..7c1b07e2a6c9 100644
> --- a/kernel/nscommon.c
> +++ b/kernel/nscommon.c
> @@ -18,3 +18,8 @@ int __ns_common_init(struct ns_common *ns, const struct proc_ns_operations *ops,
>  	}
>  	return proc_alloc_inum(&ns->inum);
>  }
> +
> +void __ns_common_free(struct ns_common *ns)
> +{
> +	proc_free_inum(ns->inum);
> +}
> diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c
> index 170757c265c2..27e2dd9ee051 100644
> --- a/kernel/pid_namespace.c
> +++ b/kernel/pid_namespace.c
> @@ -127,7 +127,7 @@ static struct pid_namespace *create_pid_namespace(struct user_namespace *user_ns
>  	return ns;
>  
>  out_free_inum:
> -	ns_free_inum(&ns->ns);
> +	ns_common_free(ns);
>  out_free_idr:
>  	idr_destroy(&ns->idr);
>  	kmem_cache_free(pid_ns_cachep, ns);
> @@ -152,7 +152,7 @@ static void destroy_pid_namespace(struct pid_namespace *ns)
>  	ns_tree_remove(ns);
>  	unregister_pidns_sysctls(ns);
>  
> -	ns_free_inum(&ns->ns);
> +	ns_common_free(ns);
>  
>  	idr_destroy(&ns->idr);
>  	call_rcu(&ns->rcu, delayed_free_pidns);
> diff --git a/kernel/time/namespace.c b/kernel/time/namespace.c
> index ce8e952104a7..d49c73015d6e 100644
> --- a/kernel/time/namespace.c
> +++ b/kernel/time/namespace.c
> @@ -255,7 +255,7 @@ void free_time_ns(struct time_namespace *ns)
>  	ns_tree_remove(ns);
>  	dec_time_namespaces(ns->ucounts);
>  	put_user_ns(ns->user_ns);
> -	ns_free_inum(&ns->ns);
> +	ns_common_free(ns);
>  	__free_page(ns->vvar_page);
>  	/* Concurrent nstree traversal depends on a grace period. */
>  	kfree_rcu(ns, ns.ns_rcu);
> diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
> index db9f0463219c..32406bcab526 100644
> --- a/kernel/user_namespace.c
> +++ b/kernel/user_namespace.c
> @@ -165,7 +165,7 @@ int create_user_ns(struct cred *new)
>  #ifdef CONFIG_PERSISTENT_KEYRINGS
>  	key_put(ns->persistent_keyring_register);
>  #endif
> -	ns_free_inum(&ns->ns);
> +	ns_common_free(ns);
>  fail_free:
>  	kmem_cache_free(user_ns_cachep, ns);
>  fail_dec:
> @@ -220,7 +220,7 @@ static void free_user_ns(struct work_struct *work)
>  #endif
>  		retire_userns_sysctls(ns);
>  		key_free_user_ns(ns);
> -		ns_free_inum(&ns->ns);
> +		ns_common_free(ns);
>  		/* Concurrent nstree traversal depends on a grace period. */
>  		kfree_rcu(ns, ns.ns_rcu);
>  		dec_user_namespaces(ucounts);
> diff --git a/kernel/utsname.c b/kernel/utsname.c
> index 399888be66bd..95d733eb2c98 100644
> --- a/kernel/utsname.c
> +++ b/kernel/utsname.c
> @@ -98,7 +98,7 @@ void free_uts_ns(struct uts_namespace *ns)
>  	ns_tree_remove(ns);
>  	dec_uts_namespaces(ns->ucounts);
>  	put_user_ns(ns->user_ns);
> -	ns_free_inum(&ns->ns);
> +	ns_common_free(ns);
>  	/* Concurrent nstree traversal depends on a grace period. */
>  	kfree_rcu(ns, ns.ns_rcu);
>  }
> diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
> index fdb266bbdf93..fdbaf5f8ac78 100644
> --- a/net/core/net_namespace.c
> +++ b/net/core/net_namespace.c
> @@ -597,7 +597,7 @@ struct net *copy_net_ns(unsigned long flags,
>  		net_passive_dec(net);
>  dec_ucounts:
>  		dec_net_namespaces(ucounts);
> -		ns_free_inum(&net->ns);
> +		ns_common_free(net);
>  		return ERR_PTR(rv);
>  	}
>  	return net;
> @@ -719,7 +719,7 @@ static void cleanup_net(struct work_struct *work)
>  #endif
>  		put_user_ns(net->user_ns);
>  		net_passive_dec(net);
> -		ns_free_inum(&net->ns);
> +		ns_common_free(net);
>  	}
>  	WRITE_ONCE(cleanup_net_task, NULL);
>  }
> 
> -- 
> 2.47.3
> 
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR