From: Simon Horman <horms@kernel.org>
To: Christian Brauner <brauner@kernel.org>
Cc: linux-fsdevel@vger.kernel.org,
"Josef Bacik" <josef@toxicpanda.com>,
"Jeff Layton" <jlayton@kernel.org>,
"Jann Horn" <jannh@google.com>, "Mike Yuan" <me@yhndnzj.com>,
"Zbigniew Jędrzejewski-Szmek" <zbyszek@in.waw.pl>,
"Lennart Poettering" <mzxreary@0pointer.de>,
"Daan De Meyer" <daan.j.demeyer@gmail.com>,
"Aleksa Sarai" <cyphar@cyphar.com>,
"Amir Goldstein" <amir73il@gmail.com>,
"Tejun Heo" <tj@kernel.org>,
"Johannes Weiner" <hannes@cmpxchg.org>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Alexander Viro" <viro@zeniv.linux.org.uk>,
"Jan Kara" <jack@suse.cz>,
linux-kernel@vger.kernel.org, cgroups@vger.kernel.org,
bpf@vger.kernel.org, "Eric Dumazet" <edumazet@google.com>,
"Jakub Kicinski" <kuba@kernel.org>,
netdev@vger.kernel.org, "Arnd Bergmann" <arnd@arndb.de>
Subject: Re: [PATCH v3 17/70] nstree: add listns()
Date: Tue, 28 Oct 2025 10:36:30 +0000 [thread overview]
Message-ID: <aQCcrqp7qxY8ew8T@horms.kernel.org> (raw)
In-Reply-To: <20251024-work-namespace-nstree-listns-v3-17-b6241981b72b@kernel.org>
On Fri, Oct 24, 2025 at 12:52:46PM +0200, Christian Brauner wrote:
...
> diff --git a/kernel/nstree.c b/kernel/nstree.c
...
> +static ssize_t do_listns(struct klistns *kls)
> +{
> + u64 *ns_ids = kls->kns_ids;
> + size_t nr_ns_ids = kls->nr_ns_ids;
> + struct ns_common *ns, *first_ns = NULL;
> + struct ns_tree *ns_tree = NULL;
> + const struct list_head *head;
> + struct user_namespace *user_ns;
> + u32 ns_type;
> + ssize_t ret;
> +
> + if (hweight32(kls->ns_type) == 1)
> + ns_type = kls->ns_type;
> + else
> + ns_type = 0;
> +
> + if (ns_type) {
> + ns_tree = ns_tree_from_type(ns_type);
> + if (!ns_tree)
> + return -EINVAL;
> + }
> +
> + if (kls->last_ns_id) {
> + kls->first_ns = lookup_ns_id_at(kls->last_ns_id + 1, ns_type);
> + if (!kls->first_ns)
> + return -ENOENT;
> + first_ns = kls->first_ns;
> + }
> +
> + ret = 0;
> + if (ns_tree)
> + head = &ns_tree->ns_list;
> + else
> + head = &ns_unified_list;
> +
> + guard(rcu)();
> + if (!first_ns)
> + first_ns = first_ns_common(head, ns_tree);
> +
> + for (ns = first_ns; !ns_common_is_head(ns, head, ns_tree) && nr_ns_ids;
> + ns = next_ns_common(ns, ns_tree)) {
> + if (kls->ns_type && !(kls->ns_type & ns->ns_type))
> + continue;
> + if (!ns_get_unless_inactive(ns))
> + continue;
> + /* Check permissions */
> + if (!ns->ops)
> + user_ns = NULL;
Hi Christian,
Here it is assumed that ns->ops may be NULL.
> + else
> + user_ns = ns->ops->owner(ns);
> + if (!user_ns)
> + user_ns = &init_user_ns;
> + if (ns_capable_noaudit(user_ns, CAP_SYS_ADMIN) ||
> + is_current_namespace(ns) ||
> + ((ns->ns_type == CLONE_NEWUSER) && ns_capable_noaudit(to_user_ns(ns), CAP_SYS_ADMIN))) {
> + *ns_ids++ = ns->ns_id;
> + nr_ns_ids--;
> + ret++;
> + }
> + if (need_resched())
> + cond_resched_rcu();
> + /* doesn't sleep */
> + ns->ops->put(ns);
And, if so, it isn't clear to me why that wouldn't also be the case here.
Flagged by Smatch.
> + }
> +
> + return ret;
> +}
...
next prev parent reply other threads:[~2025-10-28 10:36 UTC|newest]
Thread overview: 88+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-24 10:52 [PATCH v3 00/70] nstree: listns() Christian Brauner
2025-10-24 10:52 ` [PATCH v3 01/70] libfs: allow to specify s_d_flags Christian Brauner
2025-10-24 10:52 ` [PATCH v3 02/70] nsfs: use inode_just_drop() Christian Brauner
2025-10-24 10:52 ` [PATCH v3 03/70] nsfs: raise DCACHE_DONTCACHE explicitly Christian Brauner
2025-10-24 10:52 ` [PATCH v3 04/70] pidfs: " Christian Brauner
2025-10-24 10:52 ` [PATCH v3 05/70] nsfs: raise SB_I_NODEV and SB_I_NOEXEC Christian Brauner
2025-10-27 13:13 ` Jeff Layton
2025-10-28 15:35 ` Christian Brauner
2025-10-24 10:52 ` [PATCH v3 06/70] cgroup: add cgroup namespace to tree after owner is set Christian Brauner
2025-10-24 10:52 ` [PATCH v3 07/70] nstree: simplify return Christian Brauner
2025-10-24 10:52 ` [PATCH v3 08/70] ns: initialize ns_list_node for initial namespaces Christian Brauner
2025-10-24 10:52 ` [PATCH v3 09/70] ns: add __ns_ref_read() Christian Brauner
2025-10-24 10:52 ` [PATCH v3 10/70] ns: rename to exit_nsproxy_namespaces() Christian Brauner
2025-10-24 10:52 ` [PATCH v3 11/70] ns: add active reference count Christian Brauner
2025-10-27 16:36 ` Thomas Gleixner
2025-10-28 15:33 ` Christian Brauner
2025-10-28 10:30 ` Simon Horman
2025-10-28 15:32 ` Christian Brauner
2025-10-29 7:02 ` Askar Safin
2025-10-24 10:52 ` [PATCH v3 12/70] ns: use anonymous struct to group list member Christian Brauner
2025-10-24 10:52 ` [PATCH v3 13/70] nstree: introduce a unified tree Christian Brauner
2025-10-24 10:52 ` [PATCH v3 14/70] nstree: allow lookup solely based on inode Christian Brauner
2025-10-27 13:48 ` Jeff Layton
2025-10-24 10:52 ` [PATCH v3 15/70] nstree: assign fixed ids to the initial namespaces Christian Brauner
2025-10-24 10:52 ` [PATCH v3 16/70] ns: maintain list of owned namespaces Christian Brauner
2025-10-24 10:52 ` [PATCH v3 17/70] nstree: add listns() Christian Brauner
2025-10-24 14:06 ` Arnd Bergmann
2025-10-28 15:20 ` Christian Brauner
2025-10-27 14:04 ` Jeff Layton
2025-10-28 15:39 ` Christian Brauner
2025-10-28 10:36 ` Simon Horman [this message]
2025-10-28 13:33 ` Christian Brauner
2025-10-29 7:52 ` Askar Safin
2025-10-24 10:52 ` [PATCH v3 18/70] arch: hookup listns() system call Christian Brauner
2025-10-24 14:08 ` Arnd Bergmann
2025-10-24 10:52 ` [PATCH v3 19/70] nsfs: update tools header Christian Brauner
2025-10-24 10:52 ` [PATCH v3 20/70] selftests/filesystems: remove CLONE_NEWPIDNS from setup_userns() helper Christian Brauner
2025-10-24 10:52 ` [PATCH v3 21/70] selftests/namespaces: first active reference count tests Christian Brauner
2025-10-24 10:52 ` [PATCH v3 22/70] selftests/namespaces: second " Christian Brauner
2025-10-24 10:52 ` [PATCH v3 23/70] selftests/namespaces: third " Christian Brauner
2025-10-24 10:52 ` [PATCH v3 24/70] selftests/namespaces: fourth " Christian Brauner
2025-10-24 10:52 ` [PATCH v3 25/70] selftests/namespaces: fifth " Christian Brauner
2025-10-24 10:52 ` [PATCH v3 26/70] selftests/namespaces: sixth " Christian Brauner
2025-10-24 10:52 ` [PATCH v3 27/70] selftests/namespaces: seventh " Christian Brauner
2025-10-24 10:52 ` [PATCH v3 28/70] selftests/namespaces: eigth " Christian Brauner
2025-10-24 10:52 ` [PATCH v3 29/70] selftests/namespaces: ninth " Christian Brauner
2025-10-24 10:52 ` [PATCH v3 30/70] selftests/namespaces: tenth " Christian Brauner
2025-10-24 10:53 ` [PATCH v3 31/70] selftests/namespaces: eleventh " Christian Brauner
2025-10-24 10:53 ` [PATCH v3 32/70] selftests/namespaces: twelth " Christian Brauner
2025-10-24 10:53 ` [PATCH v3 33/70] selftests/namespaces: thirteenth " Christian Brauner
2025-10-24 10:53 ` [PATCH v3 34/70] selftests/namespaces: fourteenth " Christian Brauner
2025-10-24 10:53 ` [PATCH v3 35/70] selftests/namespaces: fifteenth " Christian Brauner
2025-10-24 10:53 ` [PATCH v3 36/70] selftests/namespaces: add listns() wrapper Christian Brauner
2025-10-24 10:53 ` [PATCH v3 37/70] selftests/namespaces: first listns() test Christian Brauner
2025-10-24 10:53 ` [PATCH v3 38/70] selftests/namespaces: second " Christian Brauner
2025-10-24 10:53 ` [PATCH v3 39/70] selftests/namespaces: third " Christian Brauner
2025-10-24 10:53 ` [PATCH v3 40/70] selftests/namespaces: fourth " Christian Brauner
2025-10-24 10:53 ` [PATCH v3 41/70] selftests/namespaces: fifth " Christian Brauner
2025-10-24 10:53 ` [PATCH v3 42/70] selftests/namespaces: sixth " Christian Brauner
2025-10-24 10:53 ` [PATCH v3 43/70] selftests/namespaces: seventh " Christian Brauner
2025-10-24 10:53 ` [PATCH v3 44/70] selftests/namespaces: eigth " Christian Brauner
2025-10-24 10:53 ` [PATCH v3 45/70] selftests/namespaces: ninth " Christian Brauner
2025-10-24 10:53 ` [PATCH v3 46/70] selftests/namespaces: first listns() permission test Christian Brauner
2025-10-24 10:53 ` [PATCH v3 47/70] selftests/namespaces: second " Christian Brauner
2025-10-24 10:53 ` [PATCH v3 48/70] selftests/namespaces: third " Christian Brauner
2025-10-24 10:53 ` [PATCH v3 49/70] selftests/namespaces: fourth " Christian Brauner
2025-10-24 10:53 ` [PATCH v3 50/70] selftests/namespaces: fifth " Christian Brauner
2025-10-24 10:53 ` [PATCH v3 51/70] selftests/namespaces: sixth " Christian Brauner
2025-10-24 10:53 ` [PATCH v3 52/70] selftests/namespaces: seventh " Christian Brauner
2025-10-24 10:53 ` [PATCH v3 53/70] selftests/namespaces: first inactive namespace resurrection test Christian Brauner
2025-10-24 10:53 ` [PATCH v3 54/70] selftests/namespaces: second " Christian Brauner
2025-10-24 10:53 ` [PATCH v3 55/70] selftests/namespaces: third " Christian Brauner
2025-10-24 10:53 ` [PATCH v3 56/70] selftests/namespaces: fourth " Christian Brauner
2025-10-24 10:53 ` [PATCH v3 57/70] selftests/namespaces: fifth " Christian Brauner
2025-10-24 10:53 ` [PATCH v3 58/70] selftests/namespaces: sixth " Christian Brauner
2025-10-24 10:53 ` [PATCH v3 59/70] selftests/namespaces: seventh " Christian Brauner
2025-10-24 10:53 ` [PATCH v3 60/70] selftests/namespaces: eigth " Christian Brauner
2025-10-24 10:53 ` [PATCH v3 61/70] selftests/namespaces: ninth " Christian Brauner
2025-10-24 10:53 ` [PATCH v3 62/70] selftests/namespaces: tenth " Christian Brauner
2025-10-24 10:53 ` [PATCH v3 63/70] selftests/namespaces: eleventh " Christian Brauner
2025-10-24 10:53 ` [PATCH v3 64/70] selftests/namespaces: twelth " Christian Brauner
2025-10-24 10:53 ` [PATCH v3 65/70] selftests/namespace: first threaded active reference count test Christian Brauner
2025-10-24 10:53 ` [PATCH v3 66/70] selftests/namespace: second " Christian Brauner
2025-10-24 10:53 ` [PATCH v3 67/70] selftests/namespace: third " Christian Brauner
2025-10-24 10:53 ` [PATCH v3 68/70] selftests/namespace: commit_creds() active reference tests Christian Brauner
2025-10-24 10:53 ` [PATCH v3 69/70] selftests/namespace: add stress test Christian Brauner
2025-10-24 10:53 ` [PATCH v3 70/70] selftests/namespace: test listns() pagination Christian Brauner
2025-10-27 14:10 ` [PATCH v3 00/70] nstree: listns() Jeff Layton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aQCcrqp7qxY8ew8T@horms.kernel.org \
--to=horms@kernel.org \
--cc=amir73il@gmail.com \
--cc=arnd@arndb.de \
--cc=bpf@vger.kernel.org \
--cc=brauner@kernel.org \
--cc=cgroups@vger.kernel.org \
--cc=cyphar@cyphar.com \
--cc=daan.j.demeyer@gmail.com \
--cc=edumazet@google.com \
--cc=hannes@cmpxchg.org \
--cc=jack@suse.cz \
--cc=jannh@google.com \
--cc=jlayton@kernel.org \
--cc=josef@toxicpanda.com \
--cc=kuba@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=me@yhndnzj.com \
--cc=mzxreary@0pointer.de \
--cc=netdev@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=tj@kernel.org \
--cc=viro@zeniv.linux.org.uk \
--cc=zbyszek@in.waw.pl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).