lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20140502204959.GE2631@ubuntumail>
Date:	Fri, 2 May 2014 20:50:00 +0000
From:	Serge Hallyn <serge.hallyn@...ntu.com>
To:	Richard Guy Briggs <rgb@...hat.com>
Cc:	"Serge E. Hallyn" <serge@...lyn.com>, linux-audit@...hat.com,
	linux-kernel@...r.kernel.org,
	containers@...ts.linux-foundation.org, eparis@...hat.com,
	sgrubb@...hat.com, ebiederm@...ssion.com
Subject: Re: [PATCH 1/2] namespaces: give each namespace a serial number

Quoting Richard Guy Briggs (rgb@...hat.com):
> On 14/05/02, Serge E. Hallyn wrote:
> > Quoting Richard Guy Briggs (rgb@...hat.com):
> > 
> > Most of this looks reasonable, but I'm curious about something,
> > 
> > > +/**
> > > + * ns_serial - compute a serial number for the namespace
> > > + *
> > > + * Compute a serial number for the namespace to uniquely identify it in
> > > + * audit records.
> > > + */
> > > +unsigned int ns_serial(void)
> > > +{
> > > +	static DEFINE_SPINLOCK(serial_lock);
> > > +	static unsigned int serial = 4; /* reserved for IPC, UTS, user, PID */
> > > +
> > > +	unsigned long flags;
> > > +	unsigned int ret;
> > > +
> > > +	spin_lock_irqsave(&serial_lock, flags);
> > > +	do {
> > > +		ret = ++serial;
> > > +	} while (unlikely(!ret));
> > 
> > Why exactly are you doing this?  Surely if serial is going to
> > wrap around we've got a bigger problem than just wanting go
> > bump one more time?
> 
> Thanks for catching this.
> The code was templated off audit_serial() which tries to solve a
> different problem and rolling it is much more likely.  I hadn't noticed
> that rollover protection.  However, I *had* thought of making it a long
> (which would be the same size on 32-bit arches, but larger on 64-bit)
> since a 64-bit system is more likely to roll it out of sheer speed and
> resource availability.  But perhaps a long long would be safer.

Sounds good, and perhaps a BUG_ON(!serial) for good measure.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ