Re: [RFC PATCH v2 1/8] Use atomic type for ucounts reference counting

From: Kees Cook
Date: Wed Jan 13 2021 - 13:02:54 EST

Next message: Valdis Klētnieks: "Re: [PATCH v2] gcc-plugins: fix gcc 11 indigestion with plugins..."
Previous message: Borislav Petkov: "Re: [PATCH v3] x86/sgx: Synchronize encl->srcu in sgx_encl_release()."
In reply to: Eric W. Biederman: "Re: [RFC PATCH v2 1/8] Use atomic type for ucounts reference counting"
Next in thread: Linus Torvalds: "Re: [RFC PATCH v2 0/8] Count rlimits in each user namespace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jan 13, 2021 at 10:31:40AM -0600, Eric W. Biederman wrote:
> Alexey Gladkov <gladkov.alexey@xxxxxxxxx> writes:
>
> We might want to use refcount_t instead of atomic_t. Not a big deal
> either way.

Yes, please use refcount_t, and don't use _read() since that introduces
races.

-Kees

>
> > Signed-off-by: Alexey Gladkov <gladkov.alexey@xxxxxxxxx>
> > ---
> > include/linux/user_namespace.h | 2 +-
> > kernel/ucount.c | 10 +++++-----
> > 2 files changed, 6 insertions(+), 6 deletions(-)
> >
> > diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h
> > index 64cf8ebdc4ec..84fefa9247c4 100644
> > --- a/include/linux/user_namespace.h
> > +++ b/include/linux/user_namespace.h
> > @@ -92,7 +92,7 @@ struct ucounts {
> > struct hlist_node node;
> > struct user_namespace *ns;
> > kuid_t uid;
> > - int count;
> > + atomic_t count;
> > atomic_t ucount[UCOUNT_COUNTS];
> > };
> >
> > diff --git a/kernel/ucount.c b/kernel/ucount.c
> > index 11b1596e2542..0f2c7c11df19 100644
> > --- a/kernel/ucount.c
> > +++ b/kernel/ucount.c
> > @@ -141,7 +141,8 @@ static struct ucounts *get_ucounts(struct user_namespace *ns, kuid_t uid)
> >
> > new->ns = ns;
> > new->uid = uid;
> > - new->count = 0;
> > +
> > + atomic_set(&new->count, 0);
> >
> > spin_lock_irq(&ucounts_lock);
> > ucounts = find_ucounts(ns, uid, hashent);
> > @@ -152,10 +153,10 @@ static struct ucounts *get_ucounts(struct user_namespace *ns, kuid_t uid)
> > ucounts = new;
> > }
> > }
> > - if (ucounts->count == INT_MAX)
> > + if (atomic_read(&ucounts->count) == INT_MAX)
> > ucounts = NULL;
> > else
> > - ucounts->count += 1;
> > + atomic_inc(&ucounts->count);
> > spin_unlock_irq(&ucounts_lock);
> > return ucounts;
> > }
> > @@ -165,8 +166,7 @@ static void put_ucounts(struct ucounts *ucounts)
> > unsigned long flags;
> >
> > spin_lock_irqsave(&ucounts_lock, flags);
> > - ucounts->count -= 1;
> > - if (!ucounts->count)
> > + if (atomic_dec_and_test(&ucounts->count))
> > hlist_del_init(&ucounts->node);
> > else
> > ucounts = NULL;
>
>
> This can become:
> static void put_ucounts(struct ucounts *ucounts)
> {
> unsigned long flags;
>
> if (atomic_dec_and_lock_irqsave(&ucounts->count, &ucounts_lock, flags)) {
> hlist_del_init(&ucounts->node);
> spin_unlock_irqrestore(&ucounts_lock);
> kfree(ucounts);
> }
> }
>

--
Kees Cook

Next message: Valdis Klētnieks: "Re: [PATCH v2] gcc-plugins: fix gcc 11 indigestion with plugins..."
Previous message: Borislav Petkov: "Re: [PATCH v3] x86/sgx: Synchronize encl->srcu in sgx_encl_release()."
In reply to: Eric W. Biederman: "Re: [RFC PATCH v2 1/8] Use atomic type for ucounts reference counting"
Next in thread: Linus Torvalds: "Re: [RFC PATCH v2 0/8] Count rlimits in each user namespace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]