lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <1400006695.5967.5.camel@flatline.rdu.redhat.com>
Date:	Tue, 13 May 2014 14:44:55 -0400
From:	Eric Paris <eparis@...hat.com>
To:	Richard Guy Briggs <rgb@...hat.com>
Cc:	containers@...ts.linux-foundation.org,
	linux-kernel@...r.kernel.org, linux-audit@...hat.com,
	ebiederm@...ssion.com, serge@...lyn.com
Subject: Re: [PATCH V2 1/6] namespaces: assign each namespace instance a
 serial number

On Tue, 2014-05-13 at 11:30 -0400, Eric Paris wrote:
> On Tue, 2014-05-13 at 11:13 -0400, Richard Guy Briggs wrote:
> > On 14/05/13, Richard Guy Briggs wrote:
> > > On 14/05/10, Eric Paris wrote:
> > > > On Fri, 2014-05-09 at 20:27 -0400, Richard Guy Briggs wrote:
> > > > > Generate and assign a serial number per namespace instance since boot.
> > > > > 
> > > > > Use a serial number per namespace (unique across one boot of one kernel)
> > > > > instead of the inode number (which is claimed to have had the right to change
> > > > > reserved and is not necessarily unique if there is more than one proc fs) to
> > > > > uniquely identify it per kernel boot.
> > > > > 
> > > > > Signed-off-by: Richard Guy Briggs <rgb@...hat.com>
> > > > > ---
> > > > 
> > > > > +/**
> > > > > + * ns_serial - compute a serial number for the namespace
> > > > > + *
> > > > > + * Compute a serial number for the namespace to uniquely identify it in
> > > > > + * audit records.
> > > > > + */
> > > > > +unsigned long long ns_serial(void)
> > > > > +{
> > > > > +	static DEFINE_SPINLOCK(serial_lock);
> > > > > +	static unsigned long long serial = 4; /* reserved for IPC, UTS, user, PID */
> > > > > +	unsigned long flags;
> > > > > +
> > > > > +	spin_lock_irqsave(&serial_lock, flags);
> > > > > +	++serial;
> > > > > +	spin_unlock_irqrestore(&serial_lock, flags);
> > > > > +	BUG_ON(!serial);
> > > > > +
> > > > > +	return serial;
> > > > > +}
> > > > > +
> > > > >  static inline struct nsproxy *create_nsproxy(void)
> > > > >  {
> > > > >  	struct nsproxy *nsproxy;
> > > > 
> > > > atomic64_t instead of doing it yourself?
> > > 
> > > I'm willing to switch to atomic64_*.  Thanks for pointing out its
> > > existence.
> > 
> > Same would then go for using atomic_t in audit_serial().
> 
> Yup, moving to an atomic in audit_serial() looks like a good idea to me.

Talking with steve on irc, neither of us see a need for the double
increment quirk if the serial wraps back to 0.  Nothing wrong with 0, it
is a number.

-Eric

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ