lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <5267887B.3090307@6wind.com>
Date:	Wed, 23 Oct 2013 10:27:39 +0200
From:	Guillaume Gaudonville <guillaume.gaudonville@...nd.com>
To:	"Eric W. Biederman" <ebiederm@...ssion.com>,
	paulmck@...ux.vnet.ibm.com
CC:	linux-kernel@...r.kernel.org, serge.hallyn@...onical.com,
	akpm@...ux-foundation.org, viro@...iv.linux.org.uk,
	davem@...emloft.net, cmetcalf@...era.com
Subject: Re: [RFC PATCH linux-next v2] ns: do not allocate a new nsproxy at
 each call

On 10/22/2013 09:44 PM, Eric W. Biederman wrote:
> To be succint.
>
> Mutation of nsproxy in place was a distraction.
>
> What is crucial to the current operation of the code is
>
> synchronize_rcu();
> put_pid_ns();
> put_net_ns();
> ...
>
> To remove the syncrhonize_rcu we would have to either user call_rcu or
> make certain all of the namespaces have some kind of rcu liveness
> guarantee (which many of them do) and use something like maybe_get_net.
>
> If you are going to pursue this the maybe_get_net direction is my
> preference as that is what we would need if we did not have nsproxy
> and so will be simpler overall.
>
> Hmm.  On the side of simple it may be appropriate to revisit the patch
> that started using rcu protection for nsproxy.   I doesn't look like
> the original reasons for nsproxy being rcu protected exist any more,
> so reverting to task_lock protect may be enough..
>
> And it would result in faster/simpler code that only slows down when we
> perform a remote access, which should be far from common.
Ok, let me think a bit of these new directions and I'll come back to you,
thanks for your help guys.
> commit cf7b708c8d1d7a27736771bcf4c457b332b0f818
> Author: Pavel Emelyanov <xemul@...nvz.org>
> Date:   Thu Oct 18 23:39:54 2007 -0700
>
>      Make access to task's nsproxy lighter
>      
>      When someone wants to deal with some other taks's namespaces it has to lock
>      the task and then to get the desired namespace if the one exists.  This is
>      slow on read-only paths and may be impossible in some cases.
>      
>      E.g.  Oleg recently noticed a race between unshare() and the (sent for
>      review in cgroups) pid namespaces - when the task notifies the parent it
>      has to know the parent's namespace, but taking the task_lock() is
>      impossible there - the code is under write locked tasklist lock.
>      
>      On the other hand switching the namespace on task (daemonize) and releasing
>      the namespace (after the last task exit) is rather rare operation and we
>      can sacrifice its speed to solve the issues above.
>      
>      The access to other task namespaces is proposed to be performed
>      like this:
>      
>           rcu_read_lock();
>           nsproxy = task_nsproxy(tsk);
>           if (nsproxy != NULL) {
>                   / *
>                     * work with the namespaces here
>                     * e.g. get the reference on one of them
>                     * /
>           } / *
>               * NULL task_nsproxy() means that this task is
>               * almost dead (zombie)
>               * /
>           rcu_read_unlock();
>      
>      This patch has passed the review by Eric and Oleg :) and,
>      of course, tested.
>
>
> Eric

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ