lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20251029070201.2327405-1-safinaskar@gmail.com>
Date: Wed, 29 Oct 2025 10:02:01 +0300
From: Askar Safin <safinaskar@...il.com>
To: brauner@...nel.org
Cc: amir73il@...il.com,
	arnd@...db.de,
	bpf@...r.kernel.org,
	cgroups@...r.kernel.org,
	cyphar@...har.com,
	daan.j.demeyer@...il.com,
	edumazet@...gle.com,
	hannes@...xchg.org,
	jack@...e.cz,
	jannh@...gle.com,
	jlayton@...nel.org,
	josef@...icpanda.com,
	kuba@...nel.org,
	linux-fsdevel@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	me@...dnzj.com,
	mzxreary@...inter.de,
	netdev@...r.kernel.org,
	tglx@...utronix.de,
	tj@...nel.org,
	viro@...iv.linux.org.uk,
	zbyszek@...waw.pl
Subject: Re: [PATCH v3 11/70] ns: add active reference count

Christian Brauner <brauner@...nel.org>:
> Currently namespace file handles allow much broader access to namespaces
> than what is currently possible via (1)-(4). The reason is that

There is no any (4) here.


> On current kernels a namespace is visible to userspace in the
> following cases:
[...]
> (3) The namespace is a hierarchical namespace type and is the parent of
>     a single or multiple child namespaces.
[...]
> To handle this nicely we introduce an active reference count which
> tracks (1)-(3). This is easy to do as all of these things are already
[...]
> + * Inactive -> Active:
> + *   When walking a hierarchical namespace tree upwards and reopening
> + *   parent namespaces via NS_GET_PARENT that only exist because they
> + *   are a parent of an actively used namespace it is possible to
> + *   necrobump an inactive namespace back to the active state.

These quoted parts contradict to each other. You say "we introduce an
active reference count which tracks (1)-(3)", and (3) says "The namespace
is a hierarchical namespace type and is the parent of a single or multiple
child namespaces". I. e. active reference will count such parents. But then
in code you say:

> + * Inactive -> Active:
> + *   When walking a hierarchical namespace tree upwards and reopening
> + *   parent namespaces via NS_GET_PARENT that only exist because they
> + *   are a parent of an actively used namespace it is possible to
> + *   necrobump an inactive namespace back to the active state.

I. e. now you say that such parents are inactive and can become active.




-- 
Askar Safin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ