From: "Luís Henriques" <lhenriques@suse.de>
To: David Howells <dhowells@redhat.com>
Cc: Eric Biggers <ebiggers@kernel.org>,
Jarkko Sakkinen <jarkko@kernel.org>,
keyrings@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [RFC PATCH] keys: flush work when accessing /proc/key-users
Date: Thu, 14 Dec 2023 14:44:28 +0000 [thread overview]
Message-ID: <ZXsUzBRR2uc81FK0@suse.de> (raw)
In-Reply-To: <2744563.1702303367@warthog.procyon.org.uk>
Hi David,
On Mon, Dec 11, 2023 at 02:02:47PM +0000, David Howells wrote:
<snip>
> > However, that would only fix the flakiness of the key quota for fs/crypto/,
> > not for other users of the keyrings service. Maybe this suggests that
> > key_put() should release the key's quota right away if the key's refcount
> > drops to 0?
>
> That I would be okay with as the key should be removed in short order.
>
> Note that you'd have to change the spinlocks on key->user->lock to irq-locking
> types. Or maybe we can do without them, at least for key gc, and use atomic
> counters. key_invalidate() should probably drop the quota also.
I was trying to help with this but, first, I don't think atomic counters
would actually be a solution. For example, we have the following in
key_alloc():
spin_lock(&user->lock);
if (!(flags & KEY_ALLOC_QUOTA_OVERRUN)) {
if (user->qnkeys + 1 > maxkeys ||
user->qnbytes + quotalen > maxbytes ||
user->qnbytes + quotalen < user->qnbytes)
goto no_quota;
}
user->qnkeys++;
user->qnbytes += quotalen;
spin_unlock(&user->lock);
Thus, I don't think it's really possible to simply stop using a lock
without making these checks+changes non-atomic.
As for using spin_lock_irq() or spin_lock_irqsave(), my understanding is
that the only places where this could be necessary is in key_put() and,
possibly, key_payload_reserve(). key_alloc() shouldn't need that.
Finally, why would key_invalidate() require handling quotas? I'm probably
just missing some subtlety, but I don't see the user->usage refcount being
decremented anywhere in that path (or anywhere else, really).
Cheers,
--
Luís
next prev parent reply other threads:[~2023-12-14 14:44 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-06 14:57 [RFC PATCH] keys: flush work when accessing /proc/key-users Luis Henriques
2023-12-06 16:04 ` David Howells
2023-12-06 17:55 ` Luis Henriques
2023-12-07 2:43 ` Eric Biggers
2023-12-11 14:02 ` David Howells
2023-12-12 3:03 ` Eric Biggers
2023-12-14 14:44 ` Luís Henriques [this message]
2024-01-15 12:03 ` [RFC PATCH v2] keys: update key quotas in key_put() Luis Henriques
2024-01-19 21:10 ` Jarkko Sakkinen
2024-01-22 11:50 ` Luis Henriques
2024-01-22 19:45 ` Jarkko Sakkinen
2024-01-24 22:12 ` Eric Biggers
2024-01-26 16:12 ` Luis Henriques
2024-01-27 6:42 ` Eric Biggers
2024-01-29 11:23 ` Luis Henriques
2023-12-07 4:33 ` [RFC PATCH] keys: flush work when accessing /proc/key-users Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZXsUzBRR2uc81FK0@suse.de \
--to=lhenriques@suse.de \
--cc=dhowells@redhat.com \
--cc=ebiggers@kernel.org \
--cc=jarkko@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox