Re: [PATCH v2 06/10] utsns: Add a limit on the number of uts namespaces

From: Serge E. Hallyn
Date: Mon Jul 25 2016 - 19:09:48 EST


Quoting Eric W. Biederman (ebiederm@xxxxxxxxxxxx):
> Signed-off-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>

Acked-by: Serge Hallyn <serge@xxxxxxxxxx>

> ---
> include/linux/user_namespace.h | 1 +
> kernel/user_namespace.c | 1 +
> kernel/utsname.c | 31 ++++++++++++++++++++++++++-----
> 3 files changed, 28 insertions(+), 5 deletions(-)
>
> diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h
> index 47733637741a..bed2506081fe 100644
> --- a/include/linux/user_namespace.h
> +++ b/include/linux/user_namespace.h
> @@ -25,6 +25,7 @@ struct uid_gid_map { /* 64 bytes -- 1 cache line */
> enum ucounts {
> UCOUNT_USER_NAMESPACES,
> UCOUNT_PID_NAMESPACES,
> + UCOUNT_UTS_NAMESPACES,
> UCOUNT_COUNTS,
> };
>
> diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
> index 02a03ead7afc..6b205c24e888 100644
> --- a/kernel/user_namespace.c
> +++ b/kernel/user_namespace.c
> @@ -78,6 +78,7 @@ static int count_max = COUNT_MAX;
> static struct ctl_table userns_table[] = {
> UCOUNT_ENTRY("max_user_namespaces"),
> UCOUNT_ENTRY("max_pid_namespaces"),
> + UCOUNT_ENTRY("max_uts_namespaces"),
> { }
> };
> #endif /* CONFIG_SYSCTL */
> diff --git a/kernel/utsname.c b/kernel/utsname.c
> index 831ea7108232..4f13c0419d64 100644
> --- a/kernel/utsname.c
> +++ b/kernel/utsname.c
> @@ -17,6 +17,16 @@
> #include <linux/user_namespace.h>
> #include <linux/proc_ns.h>
>
> +static bool inc_uts_namespaces(struct user_namespace *ns)
> +{
> + return inc_ucount(ns, UCOUNT_UTS_NAMESPACES);
> +}
> +
> +static void dec_uts_namespaces(struct user_namespace *ns)
> +{
> + dec_ucount(ns, UCOUNT_UTS_NAMESPACES);
> +}
> +
> static struct uts_namespace *create_uts_ns(void)
> {
> struct uts_namespace *uts_ns;
> @@ -38,15 +48,18 @@ static struct uts_namespace *clone_uts_ns(struct user_namespace *user_ns,
> struct uts_namespace *ns;
> int err;
>
> + err = -ENFILE;
> + if (!inc_uts_namespaces(user_ns))
> + goto fail;
> +
> + err = -ENOMEM;
> ns = create_uts_ns();
> if (!ns)
> - return ERR_PTR(-ENOMEM);
> + goto fail_dec;
>
> err = ns_alloc_inum(&ns->ns);
> - if (err) {
> - kfree(ns);
> - return ERR_PTR(err);
> - }
> + if (err)
> + goto fail_free;
>
> ns->ns.ops = &utsns_operations;
>
> @@ -55,6 +68,13 @@ static struct uts_namespace *clone_uts_ns(struct user_namespace *user_ns,
> ns->user_ns = get_user_ns(user_ns);
> up_read(&uts_sem);
> return ns;
> +
> +fail_free:
> + kfree(ns);
> +fail_dec:
> + dec_uts_namespaces(user_ns);
> +fail:
> + return ERR_PTR(err);
> }
>
> /*
> @@ -85,6 +105,7 @@ void free_uts_ns(struct kref *kref)
> struct uts_namespace *ns;
>
> ns = container_of(kref, struct uts_namespace, kref);
> + dec_uts_namespaces(ns->user_ns);
> put_user_ns(ns->user_ns);
> ns_free_inum(&ns->ns);
> kfree(ns);
> --
> 2.8.3