From: Christian Brauner <brauner@kernel.org>
To: Jan Kara <jack@suse.cz>
Cc: "Amir Goldstein" <amir73il@gmail.com>,
linux-fsdevel@vger.kernel.org,
"Josef Bacik" <josef@toxicpanda.com>,
"Jeff Layton" <jlayton@kernel.org>, "Mike Yuan" <me@yhndnzj.com>,
"Zbigniew Jędrzejewski-Szmek" <zbyszek@in.waw.pl>,
"Lennart Poettering" <mzxreary@0pointer.de>,
"Daan De Meyer" <daan.j.demeyer@gmail.com>,
"Aleksa Sarai" <cyphar@cyphar.com>,
"Alexander Viro" <viro@zeniv.linux.org.uk>,
"Jens Axboe" <axboe@kernel.dk>, "Tejun Heo" <tj@kernel.org>,
"Johannes Weiner" <hannes@cmpxchg.org>,
"Michal Koutný" <mkoutny@suse.com>,
"Eric Dumazet" <edumazet@google.com>,
"Jakub Kicinski" <kuba@kernel.org>,
"Paolo Abeni" <pabeni@redhat.com>,
"Simon Horman" <horms@kernel.org>,
"Chuck Lever" <chuck.lever@oracle.com>,
linux-nfs@vger.kernel.org, linux-kselftest@vger.kernel.org,
linux-block@vger.kernel.org, linux-kernel@vger.kernel.org,
cgroups@vger.kernel.org, netdev@vger.kernel.org
Subject: Re: [PATCH v2 24/33] user: support ns lookup
Date: Mon, 15 Sep 2025 15:54:26 +0200 [thread overview]
Message-ID: <20250915-faken-rufen-db3c29188501@brauner> (raw)
In-Reply-To: <bh6wllwygal6hfdjbv3amgok2yxzjgmemyvzriqf2wos6b3plp@tvhvgz47mll3>
On Mon, Sep 15, 2025 at 02:11:55PM +0200, Jan Kara wrote:
> On Fri 12-09-25 13:52:47, Christian Brauner wrote:
> > Support the generic ns lookup infrastructure to support file handles for
> > namespaces.
> >
> > Signed-off-by: Christian Brauner <brauner@kernel.org>
> ...
> > @@ -200,6 +202,7 @@ static void free_user_ns(struct work_struct *work)
> > do {
> > struct ucounts *ucounts = ns->ucounts;
> > parent = ns->parent;
> > + ns_tree_remove(ns);
> > if (ns->gid_map.nr_extents > UID_GID_MAP_MAX_BASE_EXTENTS) {
> > kfree(ns->gid_map.forward);
> > kfree(ns->gid_map.reverse);
> > @@ -218,7 +221,8 @@ static void free_user_ns(struct work_struct *work)
> > retire_userns_sysctls(ns);
> > key_free_user_ns(ns);
> > ns_free_inum(&ns->ns);
> > - kmem_cache_free(user_ns_cachep, ns);
> > + /* Concurrent nstree traversal depends on a grace period. */
> > + kfree_rcu(ns, ns.ns_rcu);
>
> So this is correct for now but it's a bit of a landmine. A lot of stuff
> that ns references is kfreed before the RCU expires. Thus if you lookup ns
> using id, then even if you're under RCU protection you have to be very
> careful about what you can and cannot dereference. IMHO this deserves a
> careful documentation at least or, preferably, split free_user_ns() into
> pre and post-RCU period parts...
Right, the thing is that you cannot touch anything in any namespace
structure without having an actual reference to it. IOW, the only thing
that's valid under rcu is to access the reference count. That's the only
guarantee that the _generic_ infrastructure gives _and_ expects. IOW, if
one can get a live reference (inc_not_zero) that thing better be valid.
Individual namespace implementers may ofc provide additional guarantees
but they are not transparent to the generic infrastructure.
Otherwise I fully agree.
next prev parent reply other threads:[~2025-09-15 13:54 UTC|newest]
Thread overview: 71+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-12 11:52 [PATCH v2 00/33] ns: support file handles Christian Brauner
2025-09-12 11:52 ` [PATCH v2 01/33] pidfs: validate extensible ioctls Christian Brauner
2025-09-12 11:52 ` [PATCH v2 02/33] nsfs: drop tautological ioctl() check Christian Brauner
2025-09-12 11:52 ` [PATCH v2 03/33] nsfs: validate extensible ioctls Christian Brauner
2025-09-12 11:52 ` [PATCH v2 04/33] block: use extensible_ioctl_valid() Christian Brauner
2025-09-16 11:18 ` Mark Brown
2025-09-16 13:40 ` Dan Carpenter
2025-09-18 13:17 ` Jan Kara
2025-09-19 12:28 ` Christian Brauner
2025-09-12 11:52 ` [PATCH v2 05/33] ns: move to_ns_common() to ns_common.h Christian Brauner
2025-09-12 11:52 ` [PATCH v2 06/33] nsfs: add nsfs.h header Christian Brauner
2025-09-12 11:52 ` [PATCH v2 07/33] ns: uniformly initialize ns_common Christian Brauner
2025-09-12 11:52 ` [PATCH v2 08/33] cgroup: use ns_common_init() Christian Brauner
2025-09-12 15:48 ` Tejun Heo
2025-09-12 11:52 ` [PATCH v2 09/33] ipc: " Christian Brauner
2025-09-12 11:52 ` [PATCH v2 10/33] mnt: " Christian Brauner
2025-09-12 11:52 ` [PATCH v2 11/33] net: " Christian Brauner
2025-09-15 11:07 ` Jan Kara
2025-09-15 11:42 ` Christian Brauner
2025-09-15 11:50 ` Jan Kara
2025-09-15 22:59 ` Al Viro
2025-09-12 11:52 ` [PATCH v2 12/33] pid: " Christian Brauner
2025-09-12 11:52 ` [PATCH v2 13/33] time: " Christian Brauner
2025-09-12 11:52 ` [PATCH v2 14/33] user: " Christian Brauner
2025-09-12 11:52 ` [PATCH v2 15/33] uts: " Christian Brauner
2025-09-12 11:52 ` [PATCH v2 16/33] ns: remove ns_alloc_inum() Christian Brauner
2025-09-12 11:52 ` [PATCH v2 17/33] nstree: make iterator generic Christian Brauner
2025-09-15 11:49 ` Jan Kara
2025-09-12 11:52 ` [PATCH v2 18/33] mnt: support ns lookup Christian Brauner
2025-09-15 11:48 ` Jan Kara
2025-09-15 13:45 ` Christian Brauner
2025-09-16 3:24 ` Kuniyuki Iwashima
2025-09-16 3:59 ` Al Viro
2025-09-16 3:56 ` Al Viro
2025-09-16 3:59 ` Al Viro
2025-09-16 4:46 ` Al Viro
2025-09-17 9:50 ` Christian Brauner
2025-09-18 10:21 ` Al Viro
2025-09-12 11:52 ` [PATCH v2 19/33] cgroup: " Christian Brauner
2025-09-15 11:53 ` Jan Kara
2025-09-12 11:52 ` [PATCH v2 20/33] ipc: " Christian Brauner
2025-09-15 11:56 ` Jan Kara
2025-09-12 11:52 ` [PATCH v2 21/33] net: " Christian Brauner
2025-09-15 12:02 ` Jan Kara
2025-09-15 13:47 ` Christian Brauner
2025-09-16 3:59 ` Kuniyuki Iwashima
2025-09-12 11:52 ` [PATCH v2 22/33] pid: " Christian Brauner
2025-09-15 12:04 ` Jan Kara
2025-09-12 11:52 ` [PATCH v2 23/33] time: " Christian Brauner
2025-09-15 12:06 ` Jan Kara
2025-09-12 11:52 ` [PATCH v2 24/33] user: " Christian Brauner
2025-09-15 12:11 ` Jan Kara
2025-09-15 13:54 ` Christian Brauner [this message]
2025-09-15 14:14 ` Jan Kara
2025-09-12 11:52 ` [PATCH v2 25/33] uts: " Christian Brauner
2025-09-15 12:59 ` Jan Kara
2025-09-12 11:52 ` [PATCH v2 26/33] ns: add to_<type>_ns() to respective headers Christian Brauner
2025-09-15 12:06 ` Jan Kara
2025-09-12 11:52 ` [PATCH v2 27/33] nsfs: add current_in_namespace() Christian Brauner
2025-09-15 13:08 ` Jan Kara
2025-09-12 11:52 ` [PATCH v2 28/33] nsfs: support file handles Christian Brauner
2025-09-15 13:25 ` Jan Kara
2025-09-15 13:55 ` Christian Brauner
2025-09-12 11:52 ` [PATCH v2 29/33] nsfs: support exhaustive " Christian Brauner
2025-09-15 13:26 ` Jan Kara
2025-09-12 11:52 ` [PATCH v2 30/33] nsfs: add missing id retrieval support Christian Brauner
2025-09-15 13:28 ` Jan Kara
2025-09-12 11:52 ` [PATCH v2 31/33] tools: update nsfs.h uapi header Christian Brauner
2025-09-12 11:52 ` [PATCH v2 32/33] selftests/namespaces: add identifier selftests Christian Brauner
2025-09-12 11:52 ` [PATCH v2 33/33] selftests/namespaces: add file handle selftests Christian Brauner
2025-09-16 4:55 ` [PATCH v2 00/33] ns: support file handles Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250915-faken-rufen-db3c29188501@brauner \
--to=brauner@kernel.org \
--cc=amir73il@gmail.com \
--cc=axboe@kernel.dk \
--cc=cgroups@vger.kernel.org \
--cc=chuck.lever@oracle.com \
--cc=cyphar@cyphar.com \
--cc=daan.j.demeyer@gmail.com \
--cc=edumazet@google.com \
--cc=hannes@cmpxchg.org \
--cc=horms@kernel.org \
--cc=jack@suse.cz \
--cc=jlayton@kernel.org \
--cc=josef@toxicpanda.com \
--cc=kuba@kernel.org \
--cc=linux-block@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=me@yhndnzj.com \
--cc=mkoutny@suse.com \
--cc=mzxreary@0pointer.de \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=tj@kernel.org \
--cc=viro@zeniv.linux.org.uk \
--cc=zbyszek@in.waw.pl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox