| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAAQViEv2eBf9o7EaXo1=6hJrhDQJawf3jreFt=CWPDJCUzGRxw@mail.gmail.com>
Date: Fri, 22 Feb 2019 18:58:32 +0100
From: Albert Vaca Cintora <albertvaka@...il.com>
To: Albert Vaca Cintora <albertvaka@...il.com>,
akpm@...ux-foundation.org, rdunlap@...radead.org, mingo@...nel.org,
Jan Kara <jack@...e.cz>, ebiederm@...ssion.com,
Nicolas Saenz Julienne <nsaenzjulienne@...e.de>,
linux-kernel@...r.kernel.org, mbrugger@...e.com
Subject: Re: [PATCH v2] kernel/ucounts: expose count of inotify watches in use
On Fri, Feb 1, 2019 at 9:42 PM Albert Vaca Cintora <albertvaka@...il.com> wrote:
>
> Adds a readonly 'current_inotify_watches' entry to the user sysctl table.
> The handler for this entry is a custom function that ends up calling
> proc_dointvec. Said sysctl table already contains 'max_inotify_watches'
> and it gets mounted under /proc/sys/user/.
>
> Inotify watches are a finite resource, in a similar way to available file
> descriptors. The motivation for this patch is to be able to set up
> monitoring and alerting before an application starts failing because
> it runs out of inotify watches.
>
> Signed-off-by: Albert Vaca Cintora <albertvaka@...il.com>
> Acked-by: Jan Kara <jack@...e.cz>
> Reviewed-by: Nicolas Saenz Julienne <nsaenzjulienne@...e.de>
Friendly ping. Any comments on this?
> ---
> kernel/ucount.c | 29 +++++++++++++++++++++++++++++
> 1 file changed, 29 insertions(+)
>
> diff --git a/kernel/ucount.c b/kernel/ucount.c
> index f48d1b6376a4..d8b11e53f098 100644
> --- a/kernel/ucount.c
> +++ b/kernel/ucount.c
> @@ -57,6 +57,11 @@ static struct ctl_table_root set_root = {
> .permissions = set_permissions,
> };
>
> +#ifdef CONFIG_INOTIFY_USER
> +int proc_read_inotify_watches(struct ctl_table *table, int write,
> + void __user *buffer, size_t *lenp, loff_t *ppos);
> +#endif
> +
> static int zero = 0;
> static int int_max = INT_MAX;
> #define UCOUNT_ENTRY(name) \
> @@ -79,6 +84,12 @@ static struct ctl_table user_table[] = {
> #ifdef CONFIG_INOTIFY_USER
> UCOUNT_ENTRY("max_inotify_instances"),
> UCOUNT_ENTRY("max_inotify_watches"),
> + {
> + .procname = "current_inotify_watches",
> + .maxlen = sizeof(int),
> + .mode = 0444,
> + .proc_handler = proc_read_inotify_watches,
> + },
> #endif
> { }
> };
> @@ -226,6 +237,24 @@ void dec_ucount(struct ucounts *ucounts, enum ucount_type type)
> put_ucounts(ucounts);
> }
>
> +#ifdef CONFIG_INOTIFY_USER
> +int proc_read_inotify_watches(struct ctl_table *table, int write,
> + void __user *buffer, size_t *lenp, loff_t *ppos)
> +{
> + struct ucounts *ucounts;
> + struct ctl_table fake_table;
> + int count;
> +
> + ucounts = get_ucounts(current_user_ns(), current_euid());
> + count = atomic_read(&ucounts->ucount[UCOUNT_INOTIFY_WATCHES]);
> + put_ucounts(ucounts);
> +
> + fake_table.data = &count;
> + fake_table.maxlen = sizeof(count);
> + return proc_dointvec(&fake_table, write, buffer, lenp, ppos);
> +}
> +#endif
> +
> static __init int user_namespace_sysctl_init(void)
> {
> #ifdef CONFIG_SYSCTL
> --
> 2.20.1
>
Powered by blists - more mailing lists