lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 13 May 2014 11:13:16 -0400
From:	Richard Guy Briggs <rgb@...hat.com>
To:	Eric Paris <eparis@...hat.com>
Cc:	linux-audit@...hat.com, linux-kernel@...r.kernel.org,
	containers@...ts.linux-foundation.org, arozansk@...hat.com,
	serge@...lyn.com, ebiederm@...ssion.com, sgrubb@...hat.com
Subject: Re: [PATCH V2 1/6] namespaces: assign each namespace instance a
 serial number

On 14/05/13, Richard Guy Briggs wrote:
> On 14/05/10, Eric Paris wrote:
> > On Fri, 2014-05-09 at 20:27 -0400, Richard Guy Briggs wrote:
> > > Generate and assign a serial number per namespace instance since boot.
> > > 
> > > Use a serial number per namespace (unique across one boot of one kernel)
> > > instead of the inode number (which is claimed to have had the right to change
> > > reserved and is not necessarily unique if there is more than one proc fs) to
> > > uniquely identify it per kernel boot.
> > > 
> > > Signed-off-by: Richard Guy Briggs <rgb@...hat.com>
> > > ---
> > 
> > > +/**
> > > + * ns_serial - compute a serial number for the namespace
> > > + *
> > > + * Compute a serial number for the namespace to uniquely identify it in
> > > + * audit records.
> > > + */
> > > +unsigned long long ns_serial(void)
> > > +{
> > > +	static DEFINE_SPINLOCK(serial_lock);
> > > +	static unsigned long long serial = 4; /* reserved for IPC, UTS, user, PID */
> > > +	unsigned long flags;
> > > +
> > > +	spin_lock_irqsave(&serial_lock, flags);
> > > +	++serial;
> > > +	spin_unlock_irqrestore(&serial_lock, flags);
> > > +	BUG_ON(!serial);
> > > +
> > > +	return serial;
> > > +}
> > > +
> > >  static inline struct nsproxy *create_nsproxy(void)
> > >  {
> > >  	struct nsproxy *nsproxy;
> > 
> > atomic64_t instead of doing it yourself?
> 
> I'm willing to switch to atomic64_*.  Thanks for pointing out its
> existence.

Same would then go for using atomic_t in audit_serial().

> > and why _irqsave() ?  Can we seriously create new namespaces in irq
> > context?  If you use the atomic though, you don't have to worry about
> > it...
> 
> Agreed.  That is unlikely.
> 
> - RGB
> 
> --
> Richard Guy Briggs <rbriggs@...hat.com>
> Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
> Remote, Ottawa, Canada
> Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545

- RGB

--
Richard Guy Briggs <rbriggs@...hat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ