From: Nikolay Borisov <kernel@kyup.com>
To: john@johnmccutchan.com, eparis@redhat.com, ebiederm@xmission.com
Cc: jack@suse.cz, linux-kernel@vger.kernel.org, gorcunov@openvz.org,
avagin@openvz.org, netdev@vger.kernel.org,
operations@siteground.com, Nikolay Borisov <kernel@kyup.com>
Subject: [PATCH 2/4] inotify: Convert inotify limits to be accounted per-realuser/per-namespace
Date: Wed, 1 Jun 2016 10:52:58 +0300 [thread overview]
Message-ID: <1464767580-22732-3-git-send-email-kernel@kyup.com> (raw)
In-Reply-To: <1464767580-22732-1-git-send-email-kernel@kyup.com>
Signed-off-by: Nikolay Borisov <kernel@kyup.com>
---
fs/notify/inotify/inotify_fsnotify.c | 14 +++++++++++++-
fs/notify/inotify/inotify_user.c | 23 +++++++++++++++--------
include/linux/sched.h | 2 --
3 files changed, 28 insertions(+), 11 deletions(-)
diff --git a/fs/notify/inotify/inotify_fsnotify.c b/fs/notify/inotify/inotify_fsnotify.c
index 2cd900c2c737..efaeec3f2e26 100644
--- a/fs/notify/inotify/inotify_fsnotify.c
+++ b/fs/notify/inotify/inotify_fsnotify.c
@@ -166,7 +166,19 @@ static void inotify_free_group_priv(struct fsnotify_group *group)
idr_for_each(&group->inotify_data.idr, idr_callback, group);
idr_destroy(&group->inotify_data.idr);
if (group->inotify_data.user) {
- atomic_dec(&group->inotify_data.user->inotify_devs);
+ struct user_struct *user = group->inotify_data.user;
+ void *key = group->inotify_data.userns_ptr;
+ struct inotify_state *state;
+
+ spin_lock(&user->inotify_lock);
+ state = __find_inotify_state(user, key);
+ if (--state->inotify_devs == 0)
+ hash_del(&state->node);
+ spin_unlock(&user->inotify_lock);
+
+ if (state->inotify_devs == 0)
+ kfree(state);
+
free_uid(group->inotify_data.user);
}
}
diff --git a/fs/notify/inotify/inotify_user.c b/fs/notify/inotify/inotify_user.c
index ae7ec2414252..e7cc4eaa838f 100644
--- a/fs/notify/inotify/inotify_user.c
+++ b/fs/notify/inotify/inotify_user.c
@@ -94,7 +94,7 @@ static int inotify_init_state(struct user_struct *user,
int ret = 0;
spin_lock(&user->inotify_lock);
- state = __find_inotify_count(user, key);
+ state = __find_inotify_state(user, key);
if (!state) {
spin_unlock(&user->inotify_lock);
@@ -536,7 +536,8 @@ void inotify_ignored_and_remove_idr(struct fsnotify_mark *fsn_mark,
/* remove this mark from the idr */
inotify_remove_from_idr(group, i_mark);
- atomic_dec(&group->inotify_data.user->inotify_watches);
+ inotify_dec_watches(group->inotify_data.user,
+ group->inotify_data.userns_ptr);
}
/* ding dong the mark is dead */
@@ -609,6 +610,8 @@ static int inotify_new_watch(struct fsnotify_group *group,
int ret;
struct idr *idr = &group->inotify_data.idr;
spinlock_t *idr_lock = &group->inotify_data.idr_lock;
+ struct user_struct *user = group->inotify_data.user;
+ void *key = group->inotify_data.userns_ptr;
mask = inotify_arg_to_mask(arg);
@@ -621,7 +624,7 @@ static int inotify_new_watch(struct fsnotify_group *group,
tmp_i_mark->wd = -1;
ret = -ENOSPC;
- if (atomic_read(&group->inotify_data.user->inotify_watches) >= inotify_max_user_watches)
+ if (inotify_read_watches(user, key) >= inotify_max_user_watches)
goto out_err;
ret = inotify_add_to_idr(idr, idr_lock, tmp_i_mark);
@@ -638,7 +641,7 @@ static int inotify_new_watch(struct fsnotify_group *group,
}
/* increment the number of watches the user has */
- atomic_inc(&group->inotify_data.user->inotify_watches);
+ inotify_inc_watches(user, key);
/* return the watch descriptor for this new mark */
ret = tmp_i_mark->wd;
@@ -669,6 +672,9 @@ static struct fsnotify_group *inotify_new_group(unsigned int max_events)
{
struct fsnotify_group *group;
struct inotify_event_info *oevent;
+ struct user_struct *user = get_current_user();
+ void *key = current_user_ns();
+ int ret;
group = fsnotify_alloc_group(&inotify_fsnotify_ops);
if (IS_ERR(group))
@@ -689,12 +695,13 @@ static struct fsnotify_group *inotify_new_group(unsigned int max_events)
spin_lock_init(&group->inotify_data.idr_lock);
idr_init(&group->inotify_data.idr);
- group->inotify_data.user = get_current_user();
+ group->inotify_data.user = user;
+ group->inotify_data.userns_ptr = key;
- if (atomic_inc_return(&group->inotify_data.user->inotify_devs) >
- inotify_max_user_instances) {
+ ret = inotify_init_state(user, key);
+ if (ret < 0) {
fsnotify_destroy_group(group);
- return ERR_PTR(-EMFILE);
+ return ERR_PTR(ret);
}
return group;
diff --git a/include/linux/sched.h b/include/linux/sched.h
index 0c55d951d0bb..8f589b32ed15 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -842,8 +842,6 @@ struct user_struct {
#ifdef CONFIG_INOTIFY_USER
spinlock_t inotify_lock;
DECLARE_HASHTABLE(inotify_tbl, 6);
- atomic_t inotify_watches; /* How many inotify watches does this user have? */
- atomic_t inotify_devs; /* How many inotify devs does this user have opened? */
#endif
#ifdef CONFIG_FANOTIFY
atomic_t fanotify_listeners;
--
2.5.0
next prev parent reply other threads:[~2016-06-01 7:53 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-01 7:52 [RFC PATCH 0/4] Make inotify instance/watches be accounted per userns Nikolay Borisov
2016-06-01 7:52 ` [PATCH 1/4] inotify: Add infrastructure to account inotify limits per-namespace Nikolay Borisov
2016-06-06 8:05 ` Cyrill Gorcunov
2016-06-06 9:26 ` Nikolay Borisov
2016-06-01 7:52 ` Nikolay Borisov [this message]
2016-06-01 7:52 ` [PATCH 3/4] misc: Rename the HASH_SIZE macro Nikolay Borisov
2016-06-01 18:13 ` David Miller
2016-06-01 7:53 ` [PATCH 4/4] inotify: Don't include inotify.h when !CONFIG_INOTIFY_USER Nikolay Borisov
2016-06-01 16:00 ` [RFC PATCH 0/4] Make inotify instance/watches be accounted per userns Eric W. Biederman
[not found] ` <8737ow7vcp.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2016-06-02 6:27 ` Nikolay Borisov
2016-06-02 16:19 ` Eric W. Biederman
2016-06-02 7:49 ` Jan Kara
[not found] ` <20160602074920.GG19636-4I4JzKEfoa/jFM9bn6wA6Q@public.gmane.org>
2016-06-02 16:58 ` Eric W. Biederman
[not found] ` <87bn3jy1cd.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2016-06-03 11:14 ` Nikolay Borisov
[not found] ` <5751667D.7010207-6AxghH7DbtA@public.gmane.org>
2016-06-03 20:41 ` Eric W. Biederman
[not found] ` <87inxqovho.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2016-06-06 6:41 ` Nikolay Borisov
2016-06-06 20:00 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1464767580-22732-3-git-send-email-kernel@kyup.com \
--to=kernel@kyup.com \
--cc=avagin@openvz.org \
--cc=ebiederm@xmission.com \
--cc=eparis@redhat.com \
--cc=gorcunov@openvz.org \
--cc=jack@suse.cz \
--cc=john@johnmccutchan.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=operations@siteground.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).