Re: [PATCH 5.10 036/103] ucounts: Increase ucounts reference counter before the security hook

From: Eric W. Biederman
Date: Wed Sep 01 2021 - 13:26:28 EST


Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> writes:

> On Wed, Sep 01, 2021 at 09:25:25AM -0500, Eric W. Biederman wrote:
>> Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> writes:
>>
>> > From: Alexey Gladkov <legion@xxxxxxxxxx>
>> >
>> > [ Upstream commit bbb6d0f3e1feb43d663af089c7dedb23be6a04fb ]
>> >
>> > We need to increment the ucounts reference counter befor security_prepare_creds()
>> > because this function may fail and abort_creds() will try to decrement
>> > this reference.
>>
>> Has the conversion of the rlimits to ucounts been backported?
>>
>> Semantically the code is an improvement but I don't know of any cases
>> where it makes enough of a real-world difference to make it worth
>> backporting the code.
>>
>> Certainly the ucount/rlimit conversions do not meet the historical
>> criteria for backports. AKA simple obviously correct patches.
>>
>> The fact we have been applying fixes for the entire v5.14 stabilization
>> period is a testament to the code not quite being obviously correct.
>>
>> Without backports the code only affects v5.14 so I have not been
>> including a Cc stable on any of the commits.
>>
>> So color me very puzzled about what is going on here.
>
> Sasha picked this for some reason, but if you think it should be
> dropped, we can easily do so.

My question is what is the reason Sasha picked this up?

If this patch even applies to v5.10 the earlier patches have been
backported. So we can't just drop this patch. Either the earlier
backports need to be reverted, or we need to make certain all of the
patches are backported.

I really am trying to understand what is going on and why.

I work on a lot of stuff that has been imperfect for years. Generally I
clean up the code and the semantics so the old imperfect code does not
impede new development (user or kernel). Updating a couple of rlimits
to the ucount infrastructure was one of those improvements to imperfect
code.

As I expect this situation to come up again and again, I am asking what
is going on? What are the rules under which code is backported?

I am hoping to get a clear answer on why what looks to me like feature
development has been backported into v5.10, and v5.13.


If the answer is going to be random commits are going to be backported
whenever the stable reviewers think it is a good idea, with no
explanation of why they think so, can I please not be Cc'd during stable
review as I have no basis on which to perform a review.

Eric