From nobody Mon Feb 9 00:46:17 2026 Received: from dggsgout12.his.huawei.com (dggsgout12.his.huawei.com [45.249.212.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id ADE0426FD90 for ; Fri, 9 May 2025 07:06:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=45.249.212.56 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746774419; cv=none; b=IBF4lsIn7NmqZEDI59PabPDEASIGgr5pCwAzVBNZvKJGofsJ7gE9n0foBvZLwCWiqgYL8aqv+eQ9uMtc+KMJh/ACS3TuwmZqS4CvBywHzY/peV4ATUSuAtSbF7FUvtA4vhqPpgAJoiZzzw8FguIqQKvL9AzgeM9VsdR64oYNII4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746774419; c=relaxed/simple; bh=EZlt0cvhp3NrCL+YaqANcp2crpQa/wInckL0SK34i5E=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=TzXV4pz/4QrOVue3PGOELfh2qsQPvIUoio/3JDsbV2fvQ/4Qp12Ff7vJNV49mcxTwMjlIa5ZgMaXVVxXTyDKEi+eHBVfaP4jlNCG/EhMbDiWGR7OwlgbGEYtZruxvqWhnMjRIS82aLh6htGTyIq2EYAj7vafJGsvwTEk5SX8HDk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com; spf=pass smtp.mailfrom=huaweicloud.com; arc=none smtp.client-ip=45.249.212.56 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huaweicloud.com Received: from mail.maildlp.com (unknown [172.19.93.142]) by dggsgout12.his.huawei.com (SkyGuard) with ESMTP id 4Zv0R86YR7z4f3jXc for ; Fri, 9 May 2025 15:06:28 +0800 (CST) Received: from mail02.huawei.com (unknown [10.116.40.252]) by mail.maildlp.com (Postfix) with ESMTP id 7DCAE1A084B for ; Fri, 9 May 2025 15:06:53 +0800 (CST) Received: from hulk-vt.huawei.com (unknown [10.67.174.121]) by APP3 (Coremail) with SMTP id _Ch0CgAnesR4qR1ofcXLLg--.60961S3; Fri, 09 May 2025 15:06:53 +0800 (CST) From: Chen Ridong To: akpm@linux-foundation.org, paulmck@kernel.org, bigeasy@linutronix.de, legion@kernel.org, roman.gushchin@linux.dev, brauner@kernel.org, tglx@linutronix.de, frederic@kernel.org, peterz@infradead.org, oleg@redhat.com, joel.granados@kernel.org, viro@zeniv.linux.org.uk, lorenzo.stoakes@oracle.com, avagin@google.com, mengensun@tencent.com, linux@weissschuh.net, jlayton@kernel.org, ruanjinjie@huawei.com, kees@kernel.org Cc: linux-kernel@vger.kernel.org, lujialin4@huawei.com, chenridong@huaweicloud.com Subject: [RFC next 1/5] user_namespace: add children list node Date: Fri, 9 May 2025 06:54:07 +0000 Message-Id: <20250509065417.147515-2-chenridong@huaweicloud.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250509065417.147515-1-chenridong@huaweicloud.com> References: <20250509065417.147515-1-chenridong@huaweicloud.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: _Ch0CgAnesR4qR1ofcXLLg--.60961S3 X-Coremail-Antispam: 1UD129KBjvJXoW7AF1Uur13ZFy8ZFWxtr1kXwb_yoW8uFy3pF ZIyr9xGws3Jr1qkryUWan5u34xWw48JF17Ca4v934rtryagFy0kr4UC3Wj9r15Xr48GrWY qFWjgrs0y3yUW37anT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUm014x267AKxVWrJVCq3wAFc2x0x2IEx4CE42xK8VAvwI8IcIk0 rVWrJVCq3wAFIxvE14AKwVWUJVWUGwA2048vs2IY020E87I2jVAFwI0_Jr4l82xGYIkIc2 x26xkF7I0E14v26ryj6s0DM28lY4IEw2IIxxk0rwA2F7IY1VAKz4vEj48ve4kI8wA2z4x0 Y4vE2Ix0cI8IcVAFwI0_tr0E3s1l84ACjcxK6xIIjxv20xvEc7CjxVAFwI0_Gr1j6F4UJw A2z4x0Y4vEx4A2jsIE14v26rxl6s0DM28EF7xvwVC2z280aVCY1x0267AKxVW0oVCq3wAS 0I0E0xvYzxvE52x082IY62kv0487Mc02F40EFcxC0VAKzVAqx4xG6I80ewAv7VC0I7IYx2 IY67AKxVWUJVWUGwAv7VC2z280aVAFwI0_Jr0_Gr1lOx8S6xCaFVCjc4AY6r1j6r4UM4x0 Y48IcxkI7VAKI48JM4x0x7Aq67IIx4CEVc8vx2IErcIFxwACI402YVCY1x02628vn2kIc2 xKxwCY1x0262kKe7AKxVW8ZVWrXwCF04k20xvY0x0EwIxGrwCFx2IqxVCFs4IE7xkEbVWU JVW8JwC20s026c02F40E14v26r1j6r18MI8I3I0E7480Y4vE14v26r106r1rMI8E67AF67 kF1VAFwI0_GFv_WrylIxkGc2Ij64vIr41lIxAIcVC0I7IYx2IY67AKxVWUJVWUCwCI42IY 6xIIjxv20xvEc7CjxVAFwI0_Gr0_Cr1lIxAIcVCF04k26cxKx2IYs7xG6r1j6r1xMIIF0x vEx4A2jsIE14v26r1j6r4UMIIF0xvEx4A2jsIEc7CjxVAFwI0_Gr0_Gr1UYxBIdaVFxhVj vjDU0xZFpf9x0pRlJPiUUUUU= X-CM-SenderInfo: hfkh02xlgr0w46kxt4xhlfz01xgou0bp/ Content-Type: text/plain; charset="utf-8" From: Chen Ridong Add the 'children' and 'ns_node' fields to the user_namespace structure. This addition enables the user_namespace to locate all of its nested child namespaces efficiently. Signed-off-by: Chen Ridong --- include/linux/user_namespace.h | 2 ++ kernel/user.c | 2 ++ kernel/user_namespace.c | 4 ++++ 3 files changed, 8 insertions(+) diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h index a0bb6d012137..7b1e180227c8 100644 --- a/include/linux/user_namespace.h +++ b/include/linux/user_namespace.h @@ -78,6 +78,8 @@ struct user_namespace { struct uid_gid_map gid_map; struct uid_gid_map projid_map; struct user_namespace *parent; + struct list_head ns_node; + struct list_head children; int level; kuid_t owner; kgid_t group; diff --git a/kernel/user.c b/kernel/user.c index f46b1d41163b..3a712a6894fd 100644 --- a/kernel/user.c +++ b/kernel/user.c @@ -65,6 +65,8 @@ struct user_namespace init_user_ns =3D { .nr_extents =3D 1, }, }, + .ns_node =3D LIST_HEAD_INIT(init_user_ns.ns_node), + .children =3D LIST_HEAD_INIT(init_user_ns.children), .ns.count =3D REFCOUNT_INIT(3), .owner =3D GLOBAL_ROOT_UID, .group =3D GLOBAL_ROOT_GID, diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c index 682f40d5632d..b570536934cc 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c @@ -135,6 +135,9 @@ int create_user_ns(struct cred *new) ns->level =3D parent_ns->level + 1; ns->owner =3D owner; ns->group =3D group; + INIT_LIST_HEAD(&ns->children); + INIT_LIST_HEAD(&ns->ns_node); + list_add_tail_rcu(&ns->ns_node, &parent_ns->children); INIT_WORK(&ns->work, free_user_ns); for (i =3D 0; i < UCOUNT_COUNTS; i++) { ns->ucount_max[i] =3D INT_MAX; @@ -217,6 +220,7 @@ static void free_user_ns(struct work_struct *work) kfree(ns->binfmt_misc); #endif retire_userns_sysctls(ns); + list_del_rcu(&ns->ns_node); key_free_user_ns(ns); ns_free_inum(&ns->ns); kmem_cache_free(user_ns_cachep, ns); --=20 2.34.1 From nobody Mon Feb 9 00:46:17 2026 Received: from dggsgout11.his.huawei.com (dggsgout11.his.huawei.com [45.249.212.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 66C4826FD9E for ; Fri, 9 May 2025 07:06:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=45.249.212.51 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746774419; cv=none; b=o/9hJypr6n33GL6PYD2DcfGR4ZCwd0+KNLEkqmRt25aerz5dMF7Xq055mxes8f/xXx/fQh87T55h6WtoxGXXw619Z4QdGhfIYpSoUZ4oTXYbphGre+hOvuDrOYusi3Ku0pT/8cQdYtz6AiyF5WFM94i9GEjScdsDJ5/cQ1oy6Jg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746774419; c=relaxed/simple; bh=EZlt0cvhp3NrCL+YaqANcp2crpQa/wInckL0SK34i5E=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=GJ10P8EkfCwONKWDBxxo7wTifgu4ELyBsAYlronGgYhZFXb8bgPNFD+mqsYJ8gt2jypTyDhaeTn+P6TenTyyElhoQ66+xchevm47umKsV7E3KazHKH8baHob9epVALC2Vc6NHwLFJRLnXOYq0HWZABxE0JhGzrFMYS1M9Bmox6E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com; spf=pass smtp.mailfrom=huaweicloud.com; arc=none smtp.client-ip=45.249.212.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huaweicloud.com Received: from mail.maildlp.com (unknown [172.19.93.142]) by dggsgout11.his.huawei.com (SkyGuard) with ESMTP id 4Zv0R80RSRz4f3m6t for ; Fri, 9 May 2025 15:06:28 +0800 (CST) Received: from mail02.huawei.com (unknown [10.116.40.252]) by mail.maildlp.com (Postfix) with ESMTP id 246621A07BD for ; Fri, 9 May 2025 15:06:54 +0800 (CST) Received: from hulk-vt.huawei.com (unknown [10.67.174.121]) by APP3 (Coremail) with SMTP id _Ch0CgAnesR4qR1ofcXLLg--.60961S9; Fri, 09 May 2025 15:06:53 +0800 (CST) From: Chen Ridong To: akpm@linux-foundation.org, paulmck@kernel.org, bigeasy@linutronix.de, legion@kernel.org, roman.gushchin@linux.dev, brauner@kernel.org, tglx@linutronix.de, frederic@kernel.org, peterz@infradead.org, oleg@redhat.com, joel.granados@kernel.org, viro@zeniv.linux.org.uk, lorenzo.stoakes@oracle.com, avagin@google.com, mengensun@tencent.com, linux@weissschuh.net, jlayton@kernel.org, ruanjinjie@huawei.com, kees@kernel.org Cc: linux-kernel@vger.kernel.org, lujialin4@huawei.com, chenridong@huaweicloud.com Subject: [RFC next 1/5] user_namespace: add children list node Date: Fri, 9 May 2025 06:54:13 +0000 Message-Id: <20250509065417.147515-8-chenridong@huaweicloud.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250509065417.147515-1-chenridong@huaweicloud.com> References: <20250509065417.147515-1-chenridong@huaweicloud.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: _Ch0CgAnesR4qR1ofcXLLg--.60961S9 X-Coremail-Antispam: 1UD129KBjvJXoW7AF1Uur13ZFy8ZFWxtr1kXwb_yoW8uFy3pF ZIyr9xGws3Jr1qkryUWan5u34xWw48JF17Ca4v934rtryagFy0kr4UC3Wj9r15Xr48GrWY qFWjgrs0y3yUW37anT9S1TB71UUUUUDqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUmS14x267AKxVWrJVCq3wAFc2x0x2IEx4CE42xK8VAvwI8IcIk0 rVWrJVCq3wAFIxvE14AKwVWUJVWUGwA2048vs2IY020E87I2jVAFwI0_JF0E3s1l82xGYI kIc2x26xkF7I0E14v26ryj6s0DM28lY4IEw2IIxxk0rwA2F7IY1VAKz4vEj48ve4kI8wA2 z4x0Y4vE2Ix0cI8IcVAFwI0_tr0E3s1l84ACjcxK6xIIjxv20xvEc7CjxVAFwI0_Gr1j6F 4UJwA2z4x0Y4vEx4A2jsIE14v26rxl6s0DM28EF7xvwVC2z280aVCY1x0267AKxVW0oVCq 3wAS0I0E0xvYzxvE52x082IY62kv0487Mc02F40EFcxC0VAKzVAqx4xG6I80ewAv7VC0I7 IYx2IY67AKxVWUJVWUGwAv7VC2z280aVAFwI0_Jr0_Gr1lOx8S6xCaFVCjc4AY6r1j6r4U M4x0Y48IcxkI7VAKI48JM4x0x7Aq67IIx4CEVc8vx2IErcIFxwACI402YVCY1x02628vn2 kIc2xKxwCY1x0262kKe7AKxVWrXVW3AwCF04k20xvY0x0EwIxGrwCFx2IqxVCFs4IE7xkE bVWUJVW8JwC20s026c02F40E14v26r1j6r18MI8I3I0E7480Y4vE14v26r106r1rMI8E67 AF67kF1VAFwI0_GFv_WrylIxkGc2Ij64vIr41lIxAIcVC0I7IYx2IY67AKxVWUCVW8JwCI 42IY6xIIjxv20xvEc7CjxVAFwI0_Gr1j6F4UJwCI42IY6xAIw20EY4v20xvaj40_Jr0_JF 4lIxAIcVC2z280aVAFwI0_Jr0_Gr1lIxAIcVC2z280aVCY1x0267AKxVW8Jr0_Cr1UYxBI daVFxhVjvjDU0xZFpf9x0pRUDGrUUUUU= X-CM-SenderInfo: hfkh02xlgr0w46kxt4xhlfz01xgou0bp/ Content-Type: text/plain; charset="utf-8" From: Chen Ridong Add the 'children' and 'ns_node' fields to the user_namespace structure. This addition enables the user_namespace to locate all of its nested child namespaces efficiently. Signed-off-by: Chen Ridong --- include/linux/user_namespace.h | 2 ++ kernel/user.c | 2 ++ kernel/user_namespace.c | 4 ++++ 3 files changed, 8 insertions(+) diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h index a0bb6d012137..7b1e180227c8 100644 --- a/include/linux/user_namespace.h +++ b/include/linux/user_namespace.h @@ -78,6 +78,8 @@ struct user_namespace { struct uid_gid_map gid_map; struct uid_gid_map projid_map; struct user_namespace *parent; + struct list_head ns_node; + struct list_head children; int level; kuid_t owner; kgid_t group; diff --git a/kernel/user.c b/kernel/user.c index f46b1d41163b..3a712a6894fd 100644 --- a/kernel/user.c +++ b/kernel/user.c @@ -65,6 +65,8 @@ struct user_namespace init_user_ns =3D { .nr_extents =3D 1, }, }, + .ns_node =3D LIST_HEAD_INIT(init_user_ns.ns_node), + .children =3D LIST_HEAD_INIT(init_user_ns.children), .ns.count =3D REFCOUNT_INIT(3), .owner =3D GLOBAL_ROOT_UID, .group =3D GLOBAL_ROOT_GID, diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c index 682f40d5632d..b570536934cc 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c @@ -135,6 +135,9 @@ int create_user_ns(struct cred *new) ns->level =3D parent_ns->level + 1; ns->owner =3D owner; ns->group =3D group; + INIT_LIST_HEAD(&ns->children); + INIT_LIST_HEAD(&ns->ns_node); + list_add_tail_rcu(&ns->ns_node, &parent_ns->children); INIT_WORK(&ns->work, free_user_ns); for (i =3D 0; i < UCOUNT_COUNTS; i++) { ns->ucount_max[i] =3D INT_MAX; @@ -217,6 +220,7 @@ static void free_user_ns(struct work_struct *work) kfree(ns->binfmt_misc); #endif retire_userns_sysctls(ns); + list_del_rcu(&ns->ns_node); key_free_user_ns(ns); ns_free_inum(&ns->ns); kmem_cache_free(user_ns_cachep, ns); --=20 2.34.1 From nobody Mon Feb 9 00:46:17 2026 Received: from dggsgout12.his.huawei.com (dggsgout12.his.huawei.com [45.249.212.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AF59726FD91 for ; Fri, 9 May 2025 07:06:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=45.249.212.56 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746774419; cv=none; b=AVdwwWG3j7j36I3RQGGBpwBjTXfAI/WTVBhgr7tfDjo+J1vN7p+FuoEU5qVtA3/OCnLR9U9LaQpAnKag1TNTlwyioUZzWD6hhvMnly7K+5rkhqTg+XQukYRm1Wh5OPysJ3hnW2Ir9CtYKy7aBBmubCgFoB5koHmonQ4dw6DyZuQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746774419; c=relaxed/simple; bh=ty5BFu9gW6qxlgzjuzhCGDP4r6MgxNpDMaV/Ale1lok=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=FkohYaLb2DTOaZbjUQZ2H7SIsbVu9ZCqXwFh0oDThe3OIS810YmZX/tPfoHiiIBkYkBLB2mDqsy5knL6DM29chStWjvNd5y+mBW10/zLJYcEGj71bKT0v2pwxzX22hCyTv0GGp/1D1TIb3oe5hmtazgJk9S0rWqDBjt+W7Gi9tM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com; spf=pass smtp.mailfrom=huaweicloud.com; arc=none smtp.client-ip=45.249.212.56 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huaweicloud.com Received: from mail.maildlp.com (unknown [172.19.93.142]) by dggsgout12.his.huawei.com (SkyGuard) with ESMTP id 4Zv0R90Tftz4f3jY1 for ; Fri, 9 May 2025 15:06:29 +0800 (CST) Received: from mail02.huawei.com (unknown [10.116.40.252]) by mail.maildlp.com (Postfix) with ESMTP id 9CFF71A0359 for ; Fri, 9 May 2025 15:06:53 +0800 (CST) Received: from hulk-vt.huawei.com (unknown [10.67.174.121]) by APP3 (Coremail) with SMTP id _Ch0CgAnesR4qR1ofcXLLg--.60961S4; Fri, 09 May 2025 15:06:53 +0800 (CST) From: Chen Ridong To: akpm@linux-foundation.org, paulmck@kernel.org, bigeasy@linutronix.de, legion@kernel.org, roman.gushchin@linux.dev, brauner@kernel.org, tglx@linutronix.de, frederic@kernel.org, peterz@infradead.org, oleg@redhat.com, joel.granados@kernel.org, viro@zeniv.linux.org.uk, lorenzo.stoakes@oracle.com, avagin@google.com, mengensun@tencent.com, linux@weissschuh.net, jlayton@kernel.org, ruanjinjie@huawei.com, kees@kernel.org Cc: linux-kernel@vger.kernel.org, lujialin4@huawei.com, chenridong@huaweicloud.com Subject: [RFC next 2/5] usernamespace: make usernamespace rcu safe Date: Fri, 9 May 2025 06:54:08 +0000 Message-Id: <20250509065417.147515-3-chenridong@huaweicloud.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250509065417.147515-1-chenridong@huaweicloud.com> References: <20250509065417.147515-1-chenridong@huaweicloud.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: _Ch0CgAnesR4qR1ofcXLLg--.60961S4 X-Coremail-Antispam: 1UD129KBjvJXoW7Cw4rKw1DZryrKF43Kr4UJwb_yoW8CFyrpF 92kr9xGa1xJr1qkw1UZFs5u34fWr4FqFyUCa1ku3s5tFyagryjyr4xAa48Zr15Gr48G3y3 XFWjgrWDKr4UW37anT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUmY14x267AKxVWrJVCq3wAFc2x0x2IEx4CE42xK8VAvwI8IcIk0 rVWrJVCq3wAFIxvE14AKwVWUJVWUGwA2048vs2IY020E87I2jVAFwI0_Jryl82xGYIkIc2 x26xkF7I0E14v26ryj6s0DM28lY4IEw2IIxxk0rwA2F7IY1VAKz4vEj48ve4kI8wA2z4x0 Y4vE2Ix0cI8IcVAFwI0_tr0E3s1l84ACjcxK6xIIjxv20xvEc7CjxVAFwI0_Gr1j6F4UJw A2z4x0Y4vEx4A2jsIE14v26rxl6s0DM28EF7xvwVC2z280aVCY1x0267AKxVW0oVCq3wAS 0I0E0xvYzxvE52x082IY62kv0487Mc02F40EFcxC0VAKzVAqx4xG6I80ewAv7VC0I7IYx2 IY67AKxVWUJVWUGwAv7VC2z280aVAFwI0_Jr0_Gr1lOx8S6xCaFVCjc4AY6r1j6r4UM4x0 Y48IcxkI7VAKI48JM4x0x7Aq67IIx4CEVc8vx2IErcIFxwACI402YVCY1x02628vn2kIc2 xKxwCY1x0262kKe7AKxVW8ZVWrXwCF04k20xvY0x0EwIxGrwCFx2IqxVCFs4IE7xkEbVWU JVW8JwC20s026c02F40E14v26r1j6r18MI8I3I0E7480Y4vE14v26r106r1rMI8E67AF67 kF1VAFwI0_GFv_WrylIxkGc2Ij64vIr41lIxAIcVC0I7IYx2IY67AKxVWUJVWUCwCI42IY 6xIIjxv20xvEc7CjxVAFwI0_Cr0_Gr1UMIIF0xvE42xK8VAvwI8IcIk0rVWUJVWUCwCI42 IY6I8E87Iv67AKxVWUJVW8JwCI42IY6I8E87Iv6xkF7I0E14v26r4j6r4UJbIYCTnIWIev Ja73UjIFyTuYvjTRNiSHDUUUU X-CM-SenderInfo: hfkh02xlgr0w46kxt4xhlfz01xgou0bp/ Content-Type: text/plain; charset="utf-8" From: Chen Ridong To ensure a safe top-down iteration, the user namespace should be made RCU safe. This way, it is safe to iterate over all the child namespaces of a root namespace while holding an RCU read lock. Signed-off-by: Chen Ridong --- include/linux/user_namespace.h | 1 + kernel/user_namespace.c | 12 ++++++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h index 7b1e180227c8..d84b2703caab 100644 --- a/include/linux/user_namespace.h +++ b/include/linux/user_namespace.h @@ -80,6 +80,7 @@ struct user_namespace { struct user_namespace *parent; struct list_head ns_node; struct list_head children; + struct rcu_head rcu; int level; kuid_t owner; kgid_t group; diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c index b570536934cc..cbe8f96c3e60 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c @@ -196,6 +196,15 @@ int unshare_userns(unsigned long unshare_flags, struct= cred **new_cred) return err; } =20 +static void __free_user_ns(struct rcu_head *p) +{ + struct user_namespace *ns =3D + container_of(p, struct user_namespace, rcu); + + list_del_rcu(&ns->ns_node); + kmem_cache_free(user_ns_cachep, ns); +} + static void free_user_ns(struct work_struct *work) { struct user_namespace *parent, *ns =3D @@ -220,10 +229,9 @@ static void free_user_ns(struct work_struct *work) kfree(ns->binfmt_misc); #endif retire_userns_sysctls(ns); - list_del_rcu(&ns->ns_node); key_free_user_ns(ns); ns_free_inum(&ns->ns); - kmem_cache_free(user_ns_cachep, ns); + call_rcu(&ns->rcu, __free_user_ns); dec_user_namespaces(ucounts); ns =3D parent; } while (refcount_dec_and_test(&parent->ns.count)); --=20 2.34.1 From nobody Mon Feb 9 00:46:17 2026 Received: from dggsgout12.his.huawei.com (dggsgout12.his.huawei.com [45.249.212.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7911B26FDA8 for ; Fri, 9 May 2025 07:06:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=45.249.212.56 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746774419; cv=none; b=uwq+7MsQmqOO5NtVJD2X+qvx1ThqK3sg/DKIIq9ifKUzLHcNVkpkHyQKj3O1KDeprwOKLWTwapRrJYmu3sGrtPXftbYCPZsNsNfidjcZNBYWu9XSB6IlrA2azSUXaWHqP1Vtun/Lr2GY86uHBdOM/Ot4eQUR2YMt/4pYNFvZTJw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746774419; c=relaxed/simple; bh=ty5BFu9gW6qxlgzjuzhCGDP4r6MgxNpDMaV/Ale1lok=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=m9T5Z05kSOJWu4tzrLeP072MKA72UYTnvZ9jZbVXsEbFf+03R5XVwNtnVmBBt8U7bFW+wnXNReWITYO42SNv269LdKZcmF7hhsvhiJytSkYEdtJnppYFXYJ/ARuW+r+KZnAqsqGFoRb+pTImbn6Yq/ql1kx+mJHh2497xusiwrI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com; spf=pass smtp.mailfrom=huaweicloud.com; arc=none smtp.client-ip=45.249.212.56 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huaweicloud.com Received: from mail.maildlp.com (unknown [172.19.163.216]) by dggsgout12.his.huawei.com (SkyGuard) with ESMTP id 4Zv0R95CXtz4f3jcl for ; Fri, 9 May 2025 15:06:29 +0800 (CST) Received: from mail02.huawei.com (unknown [10.116.40.252]) by mail.maildlp.com (Postfix) with ESMTP id 41F251A1C25 for ; Fri, 9 May 2025 15:06:54 +0800 (CST) Received: from hulk-vt.huawei.com (unknown [10.67.174.121]) by APP3 (Coremail) with SMTP id _Ch0CgAnesR4qR1ofcXLLg--.60961S10; Fri, 09 May 2025 15:06:53 +0800 (CST) From: Chen Ridong To: akpm@linux-foundation.org, paulmck@kernel.org, bigeasy@linutronix.de, legion@kernel.org, roman.gushchin@linux.dev, brauner@kernel.org, tglx@linutronix.de, frederic@kernel.org, peterz@infradead.org, oleg@redhat.com, joel.granados@kernel.org, viro@zeniv.linux.org.uk, lorenzo.stoakes@oracle.com, avagin@google.com, mengensun@tencent.com, linux@weissschuh.net, jlayton@kernel.org, ruanjinjie@huawei.com, kees@kernel.org Cc: linux-kernel@vger.kernel.org, lujialin4@huawei.com, chenridong@huaweicloud.com Subject: [RFC next 2/5] usernamespace: make usernamespace rcu safe Date: Fri, 9 May 2025 06:54:14 +0000 Message-Id: <20250509065417.147515-9-chenridong@huaweicloud.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250509065417.147515-1-chenridong@huaweicloud.com> References: <20250509065417.147515-1-chenridong@huaweicloud.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: _Ch0CgAnesR4qR1ofcXLLg--.60961S10 X-Coremail-Antispam: 1UD129KBjvJXoW7Cw4rKw1DZryrKF43Kr4UJwb_yoW8CFyrpF 92kr9xGa1xJr1qkw1UZFs5u34fWr4FqFyUCa1ku3s5tFyagryjyr4xAa48Zr15Gr48G3y3 XFWjgrWDKr4UW37anT9S1TB71UUUUUDqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUmS14x267AKxVWrJVCq3wAFc2x0x2IEx4CE42xK8VAvwI8IcIk0 rVWrJVCq3wAFIxvE14AKwVWUJVWUGwA2048vs2IY020E87I2jVAFwI0_JF0E3s1l82xGYI kIc2x26xkF7I0E14v26ryj6s0DM28lY4IEw2IIxxk0rwA2F7IY1VAKz4vEj48ve4kI8wA2 z4x0Y4vE2Ix0cI8IcVAFwI0_tr0E3s1l84ACjcxK6xIIjxv20xvEc7CjxVAFwI0_Gr1j6F 4UJwA2z4x0Y4vEx4A2jsIE14v26rxl6s0DM28EF7xvwVC2z280aVCY1x0267AKxVW0oVCq 3wAS0I0E0xvYzxvE52x082IY62kv0487Mc02F40EFcxC0VAKzVAqx4xG6I80ewAv7VC0I7 IYx2IY67AKxVWUJVWUGwAv7VC2z280aVAFwI0_Jr0_Gr1lOx8S6xCaFVCjc4AY6r1j6r4U M4x0Y48IcxkI7VAKI48JM4x0x7Aq67IIx4CEVc8vx2IErcIFxwACI402YVCY1x02628vn2 kIc2xKxwCY1x0262kKe7AKxVWrXVW3AwCF04k20xvY0x0EwIxGrwCFx2IqxVCFs4IE7xkE bVWUJVW8JwC20s026c02F40E14v26r1j6r18MI8I3I0E7480Y4vE14v26r106r1rMI8E67 AF67kF1VAFwI0_GFv_WrylIxkGc2Ij64vIr41lIxAIcVC0I7IYx2IY67AKxVWUCVW8JwCI 42IY6xIIjxv20xvEc7CjxVAFwI0_Gr1j6F4UJwCI42IY6xAIw20EY4v20xvaj40_Jr0_JF 4lIxAIcVC2z280aVAFwI0_Jr0_Gr1lIxAIcVC2z280aVCY1x0267AKxVW8Jr0_Cr1UYxBI daVFxhVjvjDU0xZFpf9x0pRUDGrUUUUU= X-CM-SenderInfo: hfkh02xlgr0w46kxt4xhlfz01xgou0bp/ Content-Type: text/plain; charset="utf-8" From: Chen Ridong To ensure a safe top-down iteration, the user namespace should be made RCU safe. This way, it is safe to iterate over all the child namespaces of a root namespace while holding an RCU read lock. Signed-off-by: Chen Ridong --- include/linux/user_namespace.h | 1 + kernel/user_namespace.c | 12 ++++++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h index 7b1e180227c8..d84b2703caab 100644 --- a/include/linux/user_namespace.h +++ b/include/linux/user_namespace.h @@ -80,6 +80,7 @@ struct user_namespace { struct user_namespace *parent; struct list_head ns_node; struct list_head children; + struct rcu_head rcu; int level; kuid_t owner; kgid_t group; diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c index b570536934cc..cbe8f96c3e60 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c @@ -196,6 +196,15 @@ int unshare_userns(unsigned long unshare_flags, struct= cred **new_cred) return err; } =20 +static void __free_user_ns(struct rcu_head *p) +{ + struct user_namespace *ns =3D + container_of(p, struct user_namespace, rcu); + + list_del_rcu(&ns->ns_node); + kmem_cache_free(user_ns_cachep, ns); +} + static void free_user_ns(struct work_struct *work) { struct user_namespace *parent, *ns =3D @@ -220,10 +229,9 @@ static void free_user_ns(struct work_struct *work) kfree(ns->binfmt_misc); #endif retire_userns_sysctls(ns); - list_del_rcu(&ns->ns_node); key_free_user_ns(ns); ns_free_inum(&ns->ns); - kmem_cache_free(user_ns_cachep, ns); + call_rcu(&ns->rcu, __free_user_ns); dec_user_namespaces(ucounts); ns =3D parent; } while (refcount_dec_and_test(&parent->ns.count)); --=20 2.34.1 From nobody Mon Feb 9 00:46:17 2026 Received: from dggsgout12.his.huawei.com (dggsgout12.his.huawei.com [45.249.212.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 779EC26FDA7 for ; Fri, 9 May 2025 07:06:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=45.249.212.56 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746774419; cv=none; b=STalB10nXpEK+Pp8/9s/QeN6tuXK+DltAgFvbUFivYZp5wNdBAGmqZVke5xqqjo8HHLISSn1jecWlHth8i2b6Wc4lSaHBDQetitBrMi/c1JAasysx0cf8kZkWZGSfNUNPHcXIDav/3ZN18Y4DmlHRXF1AaMHxNWmgUjZnsMEnPU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746774419; c=relaxed/simple; bh=xuh3+d3PyJHPLx/vRAjNd3dPRlG+l4xvonJuqToDVxA=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=dnQn4OK+HPaloRkrt32NZA4izGwncqa/qprBk5RD8bhNUaxklcBk3fKcRPxRlq5+V60fq2ECCFrgYVBNhUtqFRYp1cJiyNdI3l9WjvOXtodCQfQaJpiZ6DOp1IMe+5YO3uX/DMlMj+LhSSI8zfnw0kB0GObHZTUw/zFk862JDDQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com; spf=pass smtp.mailfrom=huaweicloud.com; arc=none smtp.client-ip=45.249.212.56 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huaweicloud.com Received: from mail.maildlp.com (unknown [172.19.93.142]) by dggsgout12.his.huawei.com (SkyGuard) with ESMTP id 4Zv0R959F8z4f3jch for ; Fri, 9 May 2025 15:06:29 +0800 (CST) Received: from mail02.huawei.com (unknown [10.116.40.252]) by mail.maildlp.com (Postfix) with ESMTP id 4ED5B1A0847 for ; Fri, 9 May 2025 15:06:54 +0800 (CST) Received: from hulk-vt.huawei.com (unknown [10.67.174.121]) by APP3 (Coremail) with SMTP id _Ch0CgAnesR4qR1ofcXLLg--.60961S11; Fri, 09 May 2025 15:06:54 +0800 (CST) From: Chen Ridong To: akpm@linux-foundation.org, paulmck@kernel.org, bigeasy@linutronix.de, legion@kernel.org, roman.gushchin@linux.dev, brauner@kernel.org, tglx@linutronix.de, frederic@kernel.org, peterz@infradead.org, oleg@redhat.com, joel.granados@kernel.org, viro@zeniv.linux.org.uk, lorenzo.stoakes@oracle.com, avagin@google.com, mengensun@tencent.com, linux@weissschuh.net, jlayton@kernel.org, ruanjinjie@huawei.com, kees@kernel.org Cc: linux-kernel@vger.kernel.org, lujialin4@huawei.com, chenridong@huaweicloud.com Subject: [RFC next 3/5] user_namespace: add user_ns iteration helper Date: Fri, 9 May 2025 06:54:15 +0000 Message-Id: <20250509065417.147515-10-chenridong@huaweicloud.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250509065417.147515-1-chenridong@huaweicloud.com> References: <20250509065417.147515-1-chenridong@huaweicloud.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: _Ch0CgAnesR4qR1ofcXLLg--.60961S11 X-Coremail-Antispam: 1UD129KBjvJXoWxGF43KFWfZF1Utry7Gw4fGrg_yoW5XFWDpF 4Skr9xAw47JrnrKwn8ZFs5u34fWr10vFy8JFyxu3s3tF1agFy5Arn7A3WrZr9xGr4UGrW5 XFWUKws8Kr4Uu37anT9S1TB71UUUUUDqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUmS14x267AKxVWrJVCq3wAFc2x0x2IEx4CE42xK8VAvwI8IcIk0 rVWrJVCq3wAFIxvE14AKwVWUJVWUGwA2048vs2IY020E87I2jVAFwI0_JF0E3s1l82xGYI kIc2x26xkF7I0E14v26ryj6s0DM28lY4IEw2IIxxk0rwA2F7IY1VAKz4vEj48ve4kI8wA2 z4x0Y4vE2Ix0cI8IcVAFwI0_tr0E3s1l84ACjcxK6xIIjxv20xvEc7CjxVAFwI0_Gr1j6F 4UJwA2z4x0Y4vEx4A2jsIE14v26rxl6s0DM28EF7xvwVC2z280aVCY1x0267AKxVW0oVCq 3wAS0I0E0xvYzxvE52x082IY62kv0487Mc02F40EFcxC0VAKzVAqx4xG6I80ewAv7VC0I7 IYx2IY67AKxVWUJVWUGwAv7VC2z280aVAFwI0_Jr0_Gr1lOx8S6xCaFVCjc4AY6r1j6r4U M4x0Y48IcxkI7VAKI48JM4x0x7Aq67IIx4CEVc8vx2IErcIFxwACI402YVCY1x02628vn2 kIc2xKxwCY1x0262kKe7AKxVWrXVW3AwCF04k20xvY0x0EwIxGrwCFx2IqxVCFs4IE7xkE bVWUJVW8JwC20s026c02F40E14v26r1j6r18MI8I3I0E7480Y4vE14v26r106r1rMI8E67 AF67kF1VAFwI0_GFv_WrylIxkGc2Ij64vIr41lIxAIcVC0I7IYx2IY67AKxVWUCVW8JwCI 42IY6xIIjxv20xvEc7CjxVAFwI0_Gr1j6F4UJwCI42IY6xAIw20EY4v20xvaj40_Jr0_JF 4lIxAIcVC2z280aVAFwI0_Jr0_Gr1lIxAIcVC2z280aVCY1x0267AKxVW8Jr0_Cr1UYxBI daVFxhVjvjDU0xZFpf9x0pRUDGrUUUUU= X-CM-SenderInfo: hfkh02xlgr0w46kxt4xhlfz01xgou0bp/ Content-Type: text/plain; charset="utf-8" From: Chen Ridong Add a helper function named 'ns_next_child_pre' that performs a pre-order traversal of a namespace's descendants. Signed-off-by: Chen Ridong --- include/linux/user_namespace.h | 9 +++++++ kernel/user_namespace.c | 44 ++++++++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+) diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h index d84b2703caab..823df9267a4a 100644 --- a/include/linux/user_namespace.h +++ b/include/linux/user_namespace.h @@ -169,6 +169,15 @@ static inline void set_userns_rlimit_max(struct user_n= amespace *ns, ns->rlimit_max[type] =3D max <=3D LONG_MAX ? max : LONG_MAX; } =20 +struct user_namespace *ns_next_child(struct user_namespace *pos, + struct user_namespace *parent); +struct user_namespace *ns_next_child_pre(struct user_namespace *pos, + struct user_namespace *root); + +#define ns_for_each_child_pre(pos, ns) \ + for ((pos) =3D ns_next_child_pre(NULL, (ns)); (pos); \ + (pos) =3D ns_next_child_pre((pos), (ns))) + #ifdef CONFIG_USER_NS =20 static inline struct user_namespace *get_user_ns(struct user_namespace *ns) diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c index cbe8f96c3e60..9a2e77505b97 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c @@ -30,6 +30,50 @@ static bool new_idmap_permitted(const struct file *file, struct uid_gid_map *map); static void free_user_ns(struct work_struct *work); =20 +struct user_namespace *ns_next_child(struct user_namespace *pos, + struct user_namespace *parent) +{ + struct user_namespace *next; + + if (!pos) + /* Get the first child of the parent. */ + next =3D list_entry_rcu(parent->children.next, struct user_namespace, ns= _node); + else + next =3D list_entry_rcu(pos->ns_node.next, struct user_namespace, ns_nod= e); + + if (&next->ns_node !=3D &parent->children) + return next; + + return NULL; +} + +/* Should be called under rcu_read_lock() */ +struct user_namespace *ns_next_child_pre(struct user_namespace *pos, + struct user_namespace *root) +{ + struct user_namespace *next; + + + /* if first iteration, visit @root */ + if (!pos) + return root; + + /* visit the first child if exists */ + next =3D ns_next_child(NULL, pos); + if (next) + return next; + + /* no child, visit my or the closest ancestor's next ns_node */ + while (pos !=3D root) { + next =3D ns_next_child(pos, pos->parent); + if (next) + return next; + pos =3D pos->parent; + } + + return NULL; +} + static struct ucounts *inc_user_namespaces(struct user_namespace *ns, kuid= _t uid) { return inc_ucount(ns, uid, UCOUNT_USER_NAMESPACES); --=20 2.34.1 From nobody Mon Feb 9 00:46:17 2026 Received: from dggsgout11.his.huawei.com (dggsgout11.his.huawei.com [45.249.212.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EB13026FD9A for ; Fri, 9 May 2025 07:06:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=45.249.212.51 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746774419; cv=none; b=WarO8RUDTlPZsX7slP3G5wJiE11MNE1zQkbasH8VrOKw3qCOiXxiQ0RbWZ2uFIfr5tC53XaqsfKSEgZeZCiirmW1wmU/lgi2+KSb96HtHwr/6Tr0EbUXNcvNYwLe8usAr5iWGyO3jVUs4AUiEyGD4NOVVzpRSM+iUF+AbRyO6SQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746774419; c=relaxed/simple; bh=xuh3+d3PyJHPLx/vRAjNd3dPRlG+l4xvonJuqToDVxA=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=m9nTJWentX99VOiDNGojb6GhEhfdJu3LA93sNhszATm6FtU6U94l3b6621b4Z7+Ea1pGEJQtKfutWIlSZRY1bDThsSHyiQLehEDzIi3ty0pwCTSGd0xmDrskSNozDlbXvpBjbhq5zzyqBioqQ7ys+3Ma0rXIp4JqQirc5w5yE+o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com; spf=pass smtp.mailfrom=huaweicloud.com; arc=none smtp.client-ip=45.249.212.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huaweicloud.com Received: from mail.maildlp.com (unknown [172.19.163.216]) by dggsgout11.his.huawei.com (SkyGuard) with ESMTP id 4Zv0R757jFz4f3lWG for ; Fri, 9 May 2025 15:06:27 +0800 (CST) Received: from mail02.huawei.com (unknown [10.116.40.252]) by mail.maildlp.com (Postfix) with ESMTP id B8E771A1C20 for ; Fri, 9 May 2025 15:06:53 +0800 (CST) Received: from hulk-vt.huawei.com (unknown [10.67.174.121]) by APP3 (Coremail) with SMTP id _Ch0CgAnesR4qR1ofcXLLg--.60961S5; Fri, 09 May 2025 15:06:53 +0800 (CST) From: Chen Ridong To: akpm@linux-foundation.org, paulmck@kernel.org, bigeasy@linutronix.de, legion@kernel.org, roman.gushchin@linux.dev, brauner@kernel.org, tglx@linutronix.de, frederic@kernel.org, peterz@infradead.org, oleg@redhat.com, joel.granados@kernel.org, viro@zeniv.linux.org.uk, lorenzo.stoakes@oracle.com, avagin@google.com, mengensun@tencent.com, linux@weissschuh.net, jlayton@kernel.org, ruanjinjie@huawei.com, kees@kernel.org Cc: linux-kernel@vger.kernel.org, lujialin4@huawei.com, chenridong@huaweicloud.com Subject: [RFC next 3/5] user_namespace: add user_ns iteration helper Date: Fri, 9 May 2025 06:54:09 +0000 Message-Id: <20250509065417.147515-4-chenridong@huaweicloud.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250509065417.147515-1-chenridong@huaweicloud.com> References: <20250509065417.147515-1-chenridong@huaweicloud.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: _Ch0CgAnesR4qR1ofcXLLg--.60961S5 X-Coremail-Antispam: 1UD129KBjvJXoWxGF43KFWfZF1Utry7Gw4fGrg_yoW5XFWDpF 4Skr9xAw47JrnrKwn8ZFs5u34fWr10vFy8JFyxu3s3tF1agFy5Arn7A3WrZr9xGr4UGrW5 XFWUKws8Kr4Uu37anT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUmY14x267AKxVWrJVCq3wAFc2x0x2IEx4CE42xK8VAvwI8IcIk0 rVWrJVCq3wAFIxvE14AKwVWUJVWUGwA2048vs2IY020E87I2jVAFwI0_JrWl82xGYIkIc2 x26xkF7I0E14v26ryj6s0DM28lY4IEw2IIxxk0rwA2F7IY1VAKz4vEj48ve4kI8wA2z4x0 Y4vE2Ix0cI8IcVAFwI0_tr0E3s1l84ACjcxK6xIIjxv20xvEc7CjxVAFwI0_Gr1j6F4UJw A2z4x0Y4vEx4A2jsIE14v26rxl6s0DM28EF7xvwVC2z280aVCY1x0267AKxVW0oVCq3wAS 0I0E0xvYzxvE52x082IY62kv0487Mc02F40EFcxC0VAKzVAqx4xG6I80ewAv7VC0I7IYx2 IY67AKxVWUJVWUGwAv7VC2z280aVAFwI0_Jr0_Gr1lOx8S6xCaFVCjc4AY6r1j6r4UM4x0 Y48IcxkI7VAKI48JM4x0x7Aq67IIx4CEVc8vx2IErcIFxwACI402YVCY1x02628vn2kIc2 xKxwCY1x0262kKe7AKxVW8ZVWrXwCF04k20xvY0x0EwIxGrwCFx2IqxVCFs4IE7xkEbVWU JVW8JwC20s026c02F40E14v26r1j6r18MI8I3I0E7480Y4vE14v26r106r1rMI8E67AF67 kF1VAFwI0_GFv_WrylIxkGc2Ij64vIr41lIxAIcVC0I7IYx2IY67AKxVWUJVWUCwCI42IY 6xIIjxv20xvEc7CjxVAFwI0_Cr0_Gr1UMIIF0xvE42xK8VAvwI8IcIk0rVWUJVWUCwCI42 IY6I8E87Iv67AKxVWUJVW8JwCI42IY6I8E87Iv6xkF7I0E14v26r4j6r4UJbIYCTnIWIev Ja73UjIFyTuYvjTRM6wCDUUUU X-CM-SenderInfo: hfkh02xlgr0w46kxt4xhlfz01xgou0bp/ Content-Type: text/plain; charset="utf-8" From: Chen Ridong Add a helper function named 'ns_next_child_pre' that performs a pre-order traversal of a namespace's descendants. Signed-off-by: Chen Ridong --- include/linux/user_namespace.h | 9 +++++++ kernel/user_namespace.c | 44 ++++++++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+) diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h index d84b2703caab..823df9267a4a 100644 --- a/include/linux/user_namespace.h +++ b/include/linux/user_namespace.h @@ -169,6 +169,15 @@ static inline void set_userns_rlimit_max(struct user_n= amespace *ns, ns->rlimit_max[type] =3D max <=3D LONG_MAX ? max : LONG_MAX; } =20 +struct user_namespace *ns_next_child(struct user_namespace *pos, + struct user_namespace *parent); +struct user_namespace *ns_next_child_pre(struct user_namespace *pos, + struct user_namespace *root); + +#define ns_for_each_child_pre(pos, ns) \ + for ((pos) =3D ns_next_child_pre(NULL, (ns)); (pos); \ + (pos) =3D ns_next_child_pre((pos), (ns))) + #ifdef CONFIG_USER_NS =20 static inline struct user_namespace *get_user_ns(struct user_namespace *ns) diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c index cbe8f96c3e60..9a2e77505b97 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c @@ -30,6 +30,50 @@ static bool new_idmap_permitted(const struct file *file, struct uid_gid_map *map); static void free_user_ns(struct work_struct *work); =20 +struct user_namespace *ns_next_child(struct user_namespace *pos, + struct user_namespace *parent) +{ + struct user_namespace *next; + + if (!pos) + /* Get the first child of the parent. */ + next =3D list_entry_rcu(parent->children.next, struct user_namespace, ns= _node); + else + next =3D list_entry_rcu(pos->ns_node.next, struct user_namespace, ns_nod= e); + + if (&next->ns_node !=3D &parent->children) + return next; + + return NULL; +} + +/* Should be called under rcu_read_lock() */ +struct user_namespace *ns_next_child_pre(struct user_namespace *pos, + struct user_namespace *root) +{ + struct user_namespace *next; + + + /* if first iteration, visit @root */ + if (!pos) + return root; + + /* visit the first child if exists */ + next =3D ns_next_child(NULL, pos); + if (next) + return next; + + /* no child, visit my or the closest ancestor's next ns_node */ + while (pos !=3D root) { + next =3D ns_next_child(pos, pos->parent); + if (next) + return next; + pos =3D pos->parent; + } + + return NULL; +} + static struct ucounts *inc_user_namespaces(struct user_namespace *ns, kuid= _t uid) { return inc_ucount(ns, uid, UCOUNT_USER_NAMESPACES); --=20 2.34.1 From nobody Mon Feb 9 00:46:17 2026 Received: from dggsgout11.his.huawei.com (dggsgout11.his.huawei.com [45.249.212.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 68C5226FDA2 for ; Fri, 9 May 2025 07:06:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=45.249.212.51 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746774419; cv=none; b=IlTauybJw57PoaJmMZQG2yh+8x9ji2gS9kWluIOGdQGGIfZiTqNhIofYxlk0K1QK5n6ZHSwepKXNj5WndJKv66GV8aqeNT7hvSmJUPZTGUaSJSg5GWE+X5nqkijTlvQ4aMibC30rck7xVpwbhdui7xr3NaWjLakRl4+kUMEwYys= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746774419; c=relaxed/simple; bh=us+ZJ6WIK8Ixr9HGqe8c7I6zbm6KW5ujWB5Obyd2WO8=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=NL2cmsXmT8jpSluJLHssWlCsucGHT3R9q2FlUdQbowjjsxOYOFyKbc9RDwwK1pn9xI56hmQGfT2Lwuy9JTPAjgrQfAcG5u8j63EnXMEu2W5TIdoNZqp5cY13AInd6YKekzRzLkd92H0gkkgcKnXRFhPZ7t3qjL1sH9G1mAggtZ4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com; spf=pass smtp.mailfrom=huaweicloud.com; arc=none smtp.client-ip=45.249.212.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huaweicloud.com Received: from mail.maildlp.com (unknown [172.19.93.142]) by dggsgout11.his.huawei.com (SkyGuard) with ESMTP id 4Zv0RH1B8Dz4f3jtT for ; Fri, 9 May 2025 15:06:35 +0800 (CST) Received: from mail02.huawei.com (unknown [10.116.40.252]) by mail.maildlp.com (Postfix) with ESMTP id 831A31A07C0 for ; Fri, 9 May 2025 15:06:54 +0800 (CST) Received: from hulk-vt.huawei.com (unknown [10.67.174.121]) by APP3 (Coremail) with SMTP id _Ch0CgAnesR4qR1ofcXLLg--.60961S12; Fri, 09 May 2025 15:06:54 +0800 (CST) From: Chen Ridong To: akpm@linux-foundation.org, paulmck@kernel.org, bigeasy@linutronix.de, legion@kernel.org, roman.gushchin@linux.dev, brauner@kernel.org, tglx@linutronix.de, frederic@kernel.org, peterz@infradead.org, oleg@redhat.com, joel.granados@kernel.org, viro@zeniv.linux.org.uk, lorenzo.stoakes@oracle.com, avagin@google.com, mengensun@tencent.com, linux@weissschuh.net, jlayton@kernel.org, ruanjinjie@huawei.com, kees@kernel.org Cc: linux-kernel@vger.kernel.org, lujialin4@huawei.com, chenridong@huaweicloud.com Subject: [RFC next 4/5] uounts: factor out __inc_rlimit_get_ucounts/__dec_rlimit_put_ucounts Date: Fri, 9 May 2025 06:54:16 +0000 Message-Id: <20250509065417.147515-11-chenridong@huaweicloud.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250509065417.147515-1-chenridong@huaweicloud.com> References: <20250509065417.147515-1-chenridong@huaweicloud.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: _Ch0CgAnesR4qR1ofcXLLg--.60961S12 X-Coremail-Antispam: 1UD129KBjvJXoWxGF1Dtr15Jr47WrWruw1UAwb_yoW5trW7pr 4xJ34UAw4kJF43trn5Ja95AryrArWSvry5AFy7Wrn3t3W3tr1Fgw12vryYga47t3yrJ34a qasrWFWqk3WUZrUanT9S1TB71UUUUUDqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUmS14x267AKxVWrJVCq3wAFc2x0x2IEx4CE42xK8VAvwI8IcIk0 rVWrJVCq3wAFIxvE14AKwVWUJVWUGwA2048vs2IY020E87I2jVAFwI0_JF0E3s1l82xGYI kIc2x26xkF7I0E14v26ryj6s0DM28lY4IEw2IIxxk0rwA2F7IY1VAKz4vEj48ve4kI8wA2 z4x0Y4vE2Ix0cI8IcVAFwI0_tr0E3s1l84ACjcxK6xIIjxv20xvEc7CjxVAFwI0_Gr1j6F 4UJwA2z4x0Y4vEx4A2jsIE14v26rxl6s0DM28EF7xvwVC2z280aVCY1x0267AKxVW0oVCq 3wAS0I0E0xvYzxvE52x082IY62kv0487Mc02F40EFcxC0VAKzVAqx4xG6I80ewAv7VC0I7 IYx2IY67AKxVWUJVWUGwAv7VC2z280aVAFwI0_Jr0_Gr1lOx8S6xCaFVCjc4AY6r1j6r4U M4x0Y48IcxkI7VAKI48JM4x0x7Aq67IIx4CEVc8vx2IErcIFxwACI402YVCY1x02628vn2 kIc2xKxwCY1x0262kKe7AKxVWrXVW3AwCF04k20xvY0x0EwIxGrwCFx2IqxVCFs4IE7xkE bVWUJVW8JwC20s026c02F40E14v26r1j6r18MI8I3I0E7480Y4vE14v26r106r1rMI8E67 AF67kF1VAFwI0_GFv_WrylIxkGc2Ij64vIr41lIxAIcVC0I7IYx2IY67AKxVW8JVW5JwCI 42IY6xIIjxv20xvEc7CjxVAFwI0_Gr1j6F4UJwCI42IY6xAIw20EY4v20xvaj40_Jr0_JF 4lIxAIcVC2z280aVAFwI0_Gr0_Cr1lIxAIcVC2z280aVCY1x0267AKxVW8Jr0_Cr1UYxBI daVFxhVjvjDU0xZFpf9x0pRUDGrUUUUU= X-CM-SenderInfo: hfkh02xlgr0w46kxt4xhlfz01xgou0bp/ Content-Type: text/plain; charset="utf-8" From: Chen Ridong The __inc_rlimit_get_ucounts function has been factored out. This function can increment the rlimit by a variable number and acquires an additional ucount reference when the rlimit count was previously zero. Correspondingly, the __dec_rlimit_put_ucounts function has also been factored out. This function releases the ucount reference when the rlimit reaches zero. These functions not only make the code more concise but also serve as a foundation for subsequent patches. Signed-off-by: Chen Ridong --- kernel/ucount.c | 56 +++++++++++++++++++++++++++++++------------------ 1 file changed, 36 insertions(+), 20 deletions(-) diff --git a/kernel/ucount.c b/kernel/ucount.c index 8686e329b8f2..33605e416724 100644 --- a/kernel/ucount.c +++ b/kernel/ucount.c @@ -276,22 +276,46 @@ bool dec_rlimit_ucounts(struct ucounts *ucounts, enum= rlimit_type type, long v) return (new =3D=3D 0); } =20 +static void __dec_rlimit_put_ucounts(struct ucounts *ucounts, + enum rlimit_type type, long v) +{ + long dec =3D atomic_long_sub_return(v, &ucounts->rlimit[type]); + + WARN_ON_ONCE(dec < 0); + if (dec =3D=3D 0) + put_ucounts(ucounts); +} + +static long __inc_rlimit_get_ucounts(struct ucounts *ucounts, enum rlimit_= type type, long v) +{ + long new =3D atomic_long_add_return(v, &ucounts->rlimit[type]); + + /* + * Grab an extra ucount reference for the caller when + * the rlimit count was previously 0. + */ + if (new =3D=3D v && !get_ucounts(ucounts)) { + long dec =3D atomic_long_sub_return(v, &ucounts->rlimit[type]); + + WARN_ON_ONCE(dec < 0); + return 0; + } + return new; +} + static void do_dec_rlimit_put_ucounts(struct ucounts *ucounts, - struct ucounts *last, enum rlimit_type type) + struct ucounts *last, enum rlimit_type type, long v) { struct ucounts *iter, *next; for (iter =3D ucounts; iter !=3D last; iter =3D next) { - long dec =3D atomic_long_sub_return(1, &iter->rlimit[type]); - WARN_ON_ONCE(dec < 0); next =3D iter->ns->ucounts; - if (dec =3D=3D 0) - put_ucounts(iter); + __dec_rlimit_put_ucounts(ucounts, type, v); } } =20 void dec_rlimit_put_ucounts(struct ucounts *ucounts, enum rlimit_type type) { - do_dec_rlimit_put_ucounts(ucounts, NULL, type); + do_dec_rlimit_put_ucounts(ucounts, NULL, type, 1); } =20 long inc_rlimit_get_ucounts(struct ucounts *ucounts, enum rlimit_type type, @@ -300,30 +324,22 @@ long inc_rlimit_get_ucounts(struct ucounts *ucounts, = enum rlimit_type type, /* Caller must hold a reference to ucounts */ struct ucounts *iter; long max =3D LONG_MAX; - long dec, ret =3D 0; + long ret =3D 0; =20 for (iter =3D ucounts; iter; iter =3D iter->ns->ucounts) { - long new =3D atomic_long_add_return(1, &iter->rlimit[type]); - if (new < 0 || new > max) + long new =3D __inc_rlimit_get_ucounts(iter, type, 1); + + if (new <=3D 0 || new > max) goto dec_unwind; if (iter =3D=3D ucounts) ret =3D new; if (!override_rlimit) max =3D get_userns_rlimit_max(iter->ns, type); - /* - * Grab an extra ucount reference for the caller when - * the rlimit count was previously 0. - */ - if (new !=3D 1) - continue; - if (!get_ucounts(iter)) - goto dec_unwind; } return ret; + dec_unwind: - dec =3D atomic_long_sub_return(1, &iter->rlimit[type]); - WARN_ON_ONCE(dec < 0); - do_dec_rlimit_put_ucounts(ucounts, iter, type); + do_dec_rlimit_put_ucounts(ucounts, iter, type, 1); return 0; } =20 --=20 2.34.1 From nobody Mon Feb 9 00:46:17 2026 Received: from dggsgout11.his.huawei.com (dggsgout11.his.huawei.com [45.249.212.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E9A8126FD95 for ; Fri, 9 May 2025 07:06:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=45.249.212.51 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746774420; cv=none; b=um7twtmVt4yhhsZ7XAkJ9jK8hHPNYii8IpwuTeYa/pnE0HbFJ1S53fcl8dU3r0wv51IN9auwT7JzI9Vfbp3fa5p70Agj9fpANpEbQVcU1LVGe4doc7Op+F+pPM3pIb1LxuXwgaHLNhk504v12GKSAa9rPXZcJ2egBkrWqfrqlKc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746774420; c=relaxed/simple; bh=us+ZJ6WIK8Ixr9HGqe8c7I6zbm6KW5ujWB5Obyd2WO8=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=u1Tlt2LD3muZhbAP8ME37u0UVV+X7+2FSNwDbpIHETNfF5ccP/npddw7L0ZaBzqIUjY1VKyJc6RZzv61vS0eQk7j0OE1x/oWCwuSEdE4vhiLwTAOav7GtiszXUsSaCN1cnb1zEK8VExaCFMqbnUnO+eCfpYh456IkhxBtVA1rlU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com; spf=pass smtp.mailfrom=huaweicloud.com; arc=none smtp.client-ip=45.249.212.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huaweicloud.com Received: from mail.maildlp.com (unknown [172.19.93.142]) by dggsgout11.his.huawei.com (SkyGuard) with ESMTP id 4Zv0R75bGJz4f3lg9 for ; Fri, 9 May 2025 15:06:27 +0800 (CST) Received: from mail02.huawei.com (unknown [10.116.40.252]) by mail.maildlp.com (Postfix) with ESMTP id D50FA1A07BD for ; Fri, 9 May 2025 15:06:53 +0800 (CST) Received: from hulk-vt.huawei.com (unknown [10.67.174.121]) by APP3 (Coremail) with SMTP id _Ch0CgAnesR4qR1ofcXLLg--.60961S6; Fri, 09 May 2025 15:06:53 +0800 (CST) From: Chen Ridong To: akpm@linux-foundation.org, paulmck@kernel.org, bigeasy@linutronix.de, legion@kernel.org, roman.gushchin@linux.dev, brauner@kernel.org, tglx@linutronix.de, frederic@kernel.org, peterz@infradead.org, oleg@redhat.com, joel.granados@kernel.org, viro@zeniv.linux.org.uk, lorenzo.stoakes@oracle.com, avagin@google.com, mengensun@tencent.com, linux@weissschuh.net, jlayton@kernel.org, ruanjinjie@huawei.com, kees@kernel.org Cc: linux-kernel@vger.kernel.org, lujialin4@huawei.com, chenridong@huaweicloud.com Subject: [RFC next 4/5] uounts: factor out __inc_rlimit_get_ucounts/__dec_rlimit_put_ucounts Date: Fri, 9 May 2025 06:54:10 +0000 Message-Id: <20250509065417.147515-5-chenridong@huaweicloud.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250509065417.147515-1-chenridong@huaweicloud.com> References: <20250509065417.147515-1-chenridong@huaweicloud.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: _Ch0CgAnesR4qR1ofcXLLg--.60961S6 X-Coremail-Antispam: 1UD129KBjvJXoWxGF1Dtr15Jr47WrWruw1UAwb_yoW5trW7pr 4xJ34UAw4kJF43trn5Ja95AryrArWSvry5AFy7Wrn3t3W3tr1Fgw12vryYga47t3yrJ34a qasrWFWqk3WUZrUanT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUmS14x267AKxVWrJVCq3wAFc2x0x2IEx4CE42xK8VAvwI8IcIk0 rVWrJVCq3wAFIxvE14AKwVWUJVWUGwA2048vs2IY020E87I2jVAFwI0_JF0E3s1l82xGYI kIc2x26xkF7I0E14v26ryj6s0DM28lY4IEw2IIxxk0rwA2F7IY1VAKz4vEj48ve4kI8wA2 z4x0Y4vE2Ix0cI8IcVAFwI0_tr0E3s1l84ACjcxK6xIIjxv20xvEc7CjxVAFwI0_Gr1j6F 4UJwA2z4x0Y4vEx4A2jsIE14v26rxl6s0DM28EF7xvwVC2z280aVCY1x0267AKxVW0oVCq 3wAS0I0E0xvYzxvE52x082IY62kv0487Mc02F40EFcxC0VAKzVAqx4xG6I80ewAv7VC0I7 IYx2IY67AKxVWUJVWUGwAv7VC2z280aVAFwI0_Jr0_Gr1lOx8S6xCaFVCjc4AY6r1j6r4U M4x0Y48IcxkI7VAKI48JM4x0x7Aq67IIx4CEVc8vx2IErcIFxwACI402YVCY1x02628vn2 kIc2xKxwCY1x0262kKe7AKxVW8ZVWrXwCF04k20xvY0x0EwIxGrwCFx2IqxVCFs4IE7xkE bVWUJVW8JwC20s026c02F40E14v26r1j6r18MI8I3I0E7480Y4vE14v26r106r1rMI8E67 AF67kF1VAFwI0_GFv_WrylIxkGc2Ij64vIr41lIxAIcVC0I7IYx2IY67AKxVWUJVWUCwCI 42IY6xIIjxv20xvEc7CjxVAFwI0_Gr1j6F4UJwCI42IY6xAIw20EY4v20xvaj40_Jr0_JF 4lIxAIcVC2z280aVAFwI0_Jr0_Gr1lIxAIcVC2z280aVCY1x0267AKxVW8Jr0_Cr1UYxBI daVFxhVjvjDU0xZFpf9x0pRQJ5wUUUUU= X-CM-SenderInfo: hfkh02xlgr0w46kxt4xhlfz01xgou0bp/ Content-Type: text/plain; charset="utf-8" From: Chen Ridong The __inc_rlimit_get_ucounts function has been factored out. This function can increment the rlimit by a variable number and acquires an additional ucount reference when the rlimit count was previously zero. Correspondingly, the __dec_rlimit_put_ucounts function has also been factored out. This function releases the ucount reference when the rlimit reaches zero. These functions not only make the code more concise but also serve as a foundation for subsequent patches. Signed-off-by: Chen Ridong --- kernel/ucount.c | 56 +++++++++++++++++++++++++++++++------------------ 1 file changed, 36 insertions(+), 20 deletions(-) diff --git a/kernel/ucount.c b/kernel/ucount.c index 8686e329b8f2..33605e416724 100644 --- a/kernel/ucount.c +++ b/kernel/ucount.c @@ -276,22 +276,46 @@ bool dec_rlimit_ucounts(struct ucounts *ucounts, enum= rlimit_type type, long v) return (new =3D=3D 0); } =20 +static void __dec_rlimit_put_ucounts(struct ucounts *ucounts, + enum rlimit_type type, long v) +{ + long dec =3D atomic_long_sub_return(v, &ucounts->rlimit[type]); + + WARN_ON_ONCE(dec < 0); + if (dec =3D=3D 0) + put_ucounts(ucounts); +} + +static long __inc_rlimit_get_ucounts(struct ucounts *ucounts, enum rlimit_= type type, long v) +{ + long new =3D atomic_long_add_return(v, &ucounts->rlimit[type]); + + /* + * Grab an extra ucount reference for the caller when + * the rlimit count was previously 0. + */ + if (new =3D=3D v && !get_ucounts(ucounts)) { + long dec =3D atomic_long_sub_return(v, &ucounts->rlimit[type]); + + WARN_ON_ONCE(dec < 0); + return 0; + } + return new; +} + static void do_dec_rlimit_put_ucounts(struct ucounts *ucounts, - struct ucounts *last, enum rlimit_type type) + struct ucounts *last, enum rlimit_type type, long v) { struct ucounts *iter, *next; for (iter =3D ucounts; iter !=3D last; iter =3D next) { - long dec =3D atomic_long_sub_return(1, &iter->rlimit[type]); - WARN_ON_ONCE(dec < 0); next =3D iter->ns->ucounts; - if (dec =3D=3D 0) - put_ucounts(iter); + __dec_rlimit_put_ucounts(ucounts, type, v); } } =20 void dec_rlimit_put_ucounts(struct ucounts *ucounts, enum rlimit_type type) { - do_dec_rlimit_put_ucounts(ucounts, NULL, type); + do_dec_rlimit_put_ucounts(ucounts, NULL, type, 1); } =20 long inc_rlimit_get_ucounts(struct ucounts *ucounts, enum rlimit_type type, @@ -300,30 +324,22 @@ long inc_rlimit_get_ucounts(struct ucounts *ucounts, = enum rlimit_type type, /* Caller must hold a reference to ucounts */ struct ucounts *iter; long max =3D LONG_MAX; - long dec, ret =3D 0; + long ret =3D 0; =20 for (iter =3D ucounts; iter; iter =3D iter->ns->ucounts) { - long new =3D atomic_long_add_return(1, &iter->rlimit[type]); - if (new < 0 || new > max) + long new =3D __inc_rlimit_get_ucounts(iter, type, 1); + + if (new <=3D 0 || new > max) goto dec_unwind; if (iter =3D=3D ucounts) ret =3D new; if (!override_rlimit) max =3D get_userns_rlimit_max(iter->ns, type); - /* - * Grab an extra ucount reference for the caller when - * the rlimit count was previously 0. - */ - if (new !=3D 1) - continue; - if (!get_ucounts(iter)) - goto dec_unwind; } return ret; + dec_unwind: - dec =3D atomic_long_sub_return(1, &iter->rlimit[type]); - WARN_ON_ONCE(dec < 0); - do_dec_rlimit_put_ucounts(ucounts, iter, type); + do_dec_rlimit_put_ucounts(ucounts, iter, type, 1); return 0; } =20 --=20 2.34.1 From nobody Mon Feb 9 00:46:17 2026 Received: from dggsgout11.his.huawei.com (dggsgout11.his.huawei.com [45.249.212.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 66FAF270EDB for ; Fri, 9 May 2025 07:07:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=45.249.212.51 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746774423; cv=none; b=CIw/KDCba1EuDlly4RF0+wlrVrYQKNuG8NpXEIvDWkV9G6E9ayR7qrZGlQ4yUJI+0ogAhT+DDZ6w1BVUzkm1aNMUzFdKo0N0SEpyx7oWktVCe08SstQ54xMhmNy/GOfM3bNpymYST31w/75Pk/FlzO0dBpuZx36J5DT+sKGF2BU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746774423; c=relaxed/simple; bh=DeBb3Y+XWScfnqwEU5Q9GlaoCLY2ynWxUuVwmcUq9kY=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=NnysXLthl2owpFiIPlcq16JDAS7/bw71RR0de0h5LZz0jTzPi83g8i5U3a/PxDZLpsHzC86PnZkNfjThv5tq1gHQ9CeUqBcxd8nPsBFX08BS3i20t4k3KRz6BCH+zUKmUVwcOYEzDJRq2FfNtr3t09eTrpnG9YS90sskR/0GS6Q= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com; spf=pass smtp.mailfrom=huaweicloud.com; arc=none smtp.client-ip=45.249.212.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huaweicloud.com Received: from mail.maildlp.com (unknown [172.19.163.235]) by dggsgout11.his.huawei.com (SkyGuard) with ESMTP id 4Zv0R83s9Zz4f3lVL for ; Fri, 9 May 2025 15:06:28 +0800 (CST) Received: from mail02.huawei.com (unknown [10.116.40.252]) by mail.maildlp.com (Postfix) with ESMTP id 994FF1A103E for ; Fri, 9 May 2025 15:06:54 +0800 (CST) Received: from hulk-vt.huawei.com (unknown [10.67.174.121]) by APP3 (Coremail) with SMTP id _Ch0CgAnesR4qR1ofcXLLg--.60961S13; Fri, 09 May 2025 15:06:54 +0800 (CST) From: Chen Ridong To: akpm@linux-foundation.org, paulmck@kernel.org, bigeasy@linutronix.de, legion@kernel.org, roman.gushchin@linux.dev, brauner@kernel.org, tglx@linutronix.de, frederic@kernel.org, peterz@infradead.org, oleg@redhat.com, joel.granados@kernel.org, viro@zeniv.linux.org.uk, lorenzo.stoakes@oracle.com, avagin@google.com, mengensun@tencent.com, linux@weissschuh.net, jlayton@kernel.org, ruanjinjie@huawei.com, kees@kernel.org Cc: linux-kernel@vger.kernel.org, lujialin4@huawei.com, chenridong@huaweicloud.com Subject: [RFC next 5/5] ucount: add rlimit cache for ucount Date: Fri, 9 May 2025 06:54:17 +0000 Message-Id: <20250509065417.147515-12-chenridong@huaweicloud.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250509065417.147515-1-chenridong@huaweicloud.com> References: <20250509065417.147515-1-chenridong@huaweicloud.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: _Ch0CgAnesR4qR1ofcXLLg--.60961S13 X-Coremail-Antispam: 1UD129KBjvJXoWfGrWfWr18Cr1kKw17AF1UWrg_yoWkZrWrpF WfG347Ar48XFsxtr1kt3yxZ34rGryrZry3JFWrG3sayF1agr1ruw17AFy5u343Jr4rJ3y2 qFW2gaykC3WUZ3DanT9S1TB71UUUUUDqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUmS14x267AKxVWrJVCq3wAFc2x0x2IEx4CE42xK8VAvwI8IcIk0 rVWrJVCq3wAFIxvE14AKwVWUJVWUGwA2048vs2IY020E87I2jVAFwI0_JF0E3s1l82xGYI kIc2x26xkF7I0E14v26ryj6s0DM28lY4IEw2IIxxk0rwA2F7IY1VAKz4vEj48ve4kI8wA2 z4x0Y4vE2Ix0cI8IcVAFwI0_tr0E3s1l84ACjcxK6xIIjxv20xvEc7CjxVAFwI0_Gr1j6F 4UJwA2z4x0Y4vEx4A2jsIE14v26rxl6s0DM28EF7xvwVC2z280aVCY1x0267AKxVW0oVCq 3wAS0I0E0xvYzxvE52x082IY62kv0487Mc02F40EFcxC0VAKzVAqx4xG6I80ewAv7VC0I7 IYx2IY67AKxVWUJVWUGwAv7VC2z280aVAFwI0_Jr0_Gr1lOx8S6xCaFVCjc4AY6r1j6r4U M4x0Y48IcxkI7VAKI48JM4x0x7Aq67IIx4CEVc8vx2IErcIFxwACI402YVCY1x02628vn2 kIc2xKxwCY1x0262kKe7AKxVWrXVW3AwCF04k20xvY0x0EwIxGrwCFx2IqxVCFs4IE7xkE bVWUJVW8JwC20s026c02F40E14v26r1j6r18MI8I3I0E7480Y4vE14v26r106r1rMI8E67 AF67kF1VAFwI0_GFv_WrylIxkGc2Ij64vIr41lIxAIcVC0I7IYx2IY67AKxVW8JVW5JwCI 42IY6xIIjxv20xvEc7CjxVAFwI0_Gr1j6F4UJwCI42IY6xAIw20EY4v20xvaj40_Jr0_JF 4lIxAIcVC2z280aVAFwI0_Gr0_Cr1lIxAIcVC2z280aVCY1x0267AKxVW8Jr0_Cr1UYxBI daVFxhVjvjDU0xZFpf9x0pRUDGrUUUUU= X-CM-SenderInfo: hfkh02xlgr0w46kxt4xhlfz01xgou0bp/ Content-Type: text/plain; charset="utf-8" From: Chen Ridong The will-it-scale test case signal1 [1] has been observed. and the test results reveal that the signal sending system call lacks linearity. To further investigate this issue, we initiated a series of tests by launching varying numbers of dockers and closely monitored the throughput of each individual docker. The detailed test outcomes are presented as follows: | Dockers |1 |4 |8 |16 |32 |64 | | Throughput |380068 |353204 |308948 |306453 |180659 |129152 | The data clearly demonstrates a discernible trend: as the quantity of dockers increases, the throughput per container progressively declines. In-depth analysis has identified the root cause of this performance degradation. The ucouts module conducts statistics on rlimit, which involves a significant number of atomic operations. These atomic operations, when acting on the same variable, trigger a substantial number of cache misses or remote accesses, ultimately resulting in a drop in performance. Notably, even though a new user_namespace is created upon docker startup, the problem persists. This is because all these dockers share the same parent node, meaning that rlimit statistics continuously modify the same atomic variable. Currently, when incrementing a specific rlimit within a child user namespace by 1, the corresponding rlimit in the parent node must also be incremented by 1. Specifically, if the ucounts corresponding to a task in Docker B is ucount_b_1, after incrementing the rlimit of ucount_b_1 by 1, the rlimit of the parent node, init_ucounts, must also be incremented by 1. This operation should be ensured to stay within the limits set for the user namespaces. init_user_ns init_ucounts ^ ^ | | | |<---- usr_ns_a(docker A)|usr_ns_a->ucount---->| | | | |<---- usr_ns_b(docker B)|usr_ns_b->ucount---->| ^ ^ | | (add) cache_rlimit--->| | ucount_b_1(user1) What is expected is that dockers operating within separate namespaces should remain isolated and not interfere with one another. Regrettably, the current signal system call fails to achieve this desired level of isolation. To address the aforementioned issues, the concept of implementing a cache for each namespace's rlimit has been proposed. If a cache is added for each user namespace's rlimit, a certain amount of rlimits can be allocated to a particular namespace in one go. When resources are abundant, these resources do not need to be immediately returned to the parent node. Within a user namespace, if there are available values in the cache, there is no need to request additional resources from the parent node. The ultimate objective of this solution is to achieve complete isolation among namespaces. After applying this patch set, the final test results indicate that in the signal1 test case, the performance does not deteriorate as the number of containers increases. This effectively meets the goal of linear scalability. | Dockers |1 |4 |8 |16 |32 |64 | | Throughput |381809 |382284 |380640 |383515 |381318 |380120 | [1] https://github.com/antonblanchard/will-it-scale/blob/master/tests/ Signed-off-by: Chen Ridong --- include/linux/user_namespace.h | 11 ++- kernel/signal.c | 2 +- kernel/ucount.c | 131 +++++++++++++++++++++++++++++++-- kernel/user_namespace.c | 2 + 4 files changed, 139 insertions(+), 7 deletions(-) diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h index 823df9267a4a..30e80d46ab5f 100644 --- a/include/linux/user_namespace.h +++ b/include/linux/user_namespace.h @@ -113,6 +113,7 @@ struct user_namespace { struct ucounts *ucounts; long ucount_max[UCOUNT_COUNTS]; long rlimit_max[UCOUNT_RLIMIT_COUNTS]; + atomic_t rlimit_cache[UCOUNT_RLIMIT_COUNTS]; =20 #if IS_ENABLED(CONFIG_BINFMT_MISC) struct binfmt_misc *binfmt_misc; @@ -139,6 +140,8 @@ void dec_ucount(struct ucounts *ucounts, enum ucount_ty= pe type); struct ucounts *alloc_ucounts(struct user_namespace *ns, kuid_t uid); void put_ucounts(struct ucounts *ucounts); =20 +void rlimit_drain_cache(struct user_namespace *root); + static inline struct ucounts * __must_check get_ucounts(struct ucounts *uc= ounts) { if (rcuref_get(&ucounts->count)) @@ -154,7 +157,7 @@ static inline long get_rlimit_value(struct ucounts *uco= unts, enum rlimit_type ty long inc_rlimit_ucounts(struct ucounts *ucounts, enum rlimit_type type, lo= ng v); bool dec_rlimit_ucounts(struct ucounts *ucounts, enum rlimit_type type, lo= ng v); long inc_rlimit_get_ucounts(struct ucounts *ucounts, enum rlimit_type type, - bool override_rlimit); + bool override_rlimit, long tlimit); void dec_rlimit_put_ucounts(struct ucounts *ucounts, enum rlimit_type type= ); bool is_rlimit_overlimit(struct ucounts *ucounts, enum rlimit_type type, u= nsigned long max); =20 @@ -169,6 +172,12 @@ static inline void set_userns_rlimit_max(struct user_n= amespace *ns, ns->rlimit_max[type] =3D max <=3D LONG_MAX ? max : LONG_MAX; } =20 +static inline void init_userns_rlimit_cache(struct user_namespace *ns) +{ + for (int i =3D 0; i < UCOUNT_RLIMIT_COUNTS; ++i) + atomic_set(&ns->rlimit_cache[i], 0); +} + struct user_namespace *ns_next_child(struct user_namespace *pos, struct user_namespace *parent); struct user_namespace *ns_next_child_pre(struct user_namespace *pos, diff --git a/kernel/signal.c b/kernel/signal.c index 148082db9a55..e7147fcaa55f 100644 --- a/kernel/signal.c +++ b/kernel/signal.c @@ -416,7 +416,7 @@ static struct ucounts *sig_get_ucounts(struct task_stru= ct *t, int sig, rcu_read_lock(); ucounts =3D task_ucounts(t); sigpending =3D inc_rlimit_get_ucounts(ucounts, UCOUNT_RLIMIT_SIGPENDING, - override_rlimit); + override_rlimit, task_rlimit(t, RLIMIT_SIGPENDING)); rcu_read_unlock(); if (!sigpending) return NULL; diff --git a/kernel/ucount.c b/kernel/ucount.c index 33605e416724..f29ed2d3b3c8 100644 --- a/kernel/ucount.c +++ b/kernel/ucount.c @@ -16,6 +16,8 @@ struct ucounts init_ucounts =3D { =20 #define UCOUNTS_HASHTABLE_BITS 10 #define UCOUNTS_HASHTABLE_ENTRIES (1 << UCOUNTS_HASHTABLE_BITS) +#define UCOUNT_BATCH_SIZE 16 + static struct hlist_nulls_head ucounts_hashtable[UCOUNTS_HASHTABLE_ENTRIES= ] =3D { [0 ... UCOUNTS_HASHTABLE_ENTRIES - 1] =3D HLIST_NULLS_HEAD_INIT(0) }; @@ -315,24 +317,143 @@ static void do_dec_rlimit_put_ucounts(struct ucounts= *ucounts, =20 void dec_rlimit_put_ucounts(struct ucounts *ucounts, enum rlimit_type type) { - do_dec_rlimit_put_ucounts(ucounts, NULL, type, 1); + struct user_namespace *ns =3D ucounts->ns; + int cache; + + if (ns !=3D &init_user_ns) { + __dec_rlimit_put_ucounts(ucounts, type, 1); + cache =3D atomic_add_return(1, &ns->rlimit_cache[type]); + if (cache > UCOUNT_BATCH_SIZE) { + cache =3D atomic_sub_return(UCOUNT_BATCH_SIZE, + &ns->rlimit_cache[type]); + if (cache > 0) + do_dec_rlimit_put_ucounts(ns->ucounts, NULL, + type, UCOUNT_BATCH_SIZE); + else + atomic_add(UCOUNT_BATCH_SIZE, &ns->rlimit_cache[type]); + } + } else { + do_dec_rlimit_put_ucounts(ucounts, NULL, type, 1); + } +} + +/* Drain the root cache, return how many cache have been relcaimed */ +static int rlimit_drain_type_cache(struct user_namespace *root, enum rlimi= t_type type) +{ + struct user_namespace *child; + int reclaim_cache =3D 0; + + rcu_read_lock(); + ns_for_each_child_pre(child, root) { + int cache; +retry: + cache =3D atomic_read(&child->rlimit_cache[type]); + if (cache > 0) { + int old =3D atomic_cmpxchg(&child->rlimit_cache[type], cache, 0); + + if (cache =3D=3D old) { + reclaim_cache +=3D cache; + do_dec_rlimit_put_ucounts(child->ucounts, NULL, type, cache); + } else { + goto retry; + } + } + } + rcu_read_unlock(); + return reclaim_cache; +} + +void rlimit_drain_cache(struct user_namespace *root) +{ + for (int i =3D 0; i < UCOUNT_RLIMIT_COUNTS; i++) + rlimit_drain_type_cache(root, i); +} + +static bool rlimit_charge_cache(struct ucounts *ucounts, enum rlimit_type = type) +{ + struct ucounts *iter; + long max =3D LONG_MAX; + long new; + struct user_namespace *ns =3D ucounts->ns; + + for (iter =3D ns->ucounts; iter; iter =3D iter->ns->ucounts) { + max =3D get_userns_rlimit_max(iter->ns, type); + new =3D __inc_rlimit_get_ucounts(iter, type, UCOUNT_BATCH_SIZE); + if (new <=3D 0 || new > max) + goto dec_unwind; + } + + /* charge ok, add the ns's cache */ + atomic_add_return(UCOUNT_BATCH_SIZE, &ucounts->ns->rlimit_cache[type]); + return true; + +dec_unwind: + do_dec_rlimit_put_ucounts(ns->ucounts, iter, type, UCOUNT_BATCH_SIZE); + return false; } =20 long inc_rlimit_get_ucounts(struct ucounts *ucounts, enum rlimit_type type, - bool override_rlimit) + bool override_rlimit, long tlimit) { /* Caller must hold a reference to ucounts */ struct ucounts *iter; long max =3D LONG_MAX; long ret =3D 0; + struct user_namespace *ns =3D ucounts->ns; + bool is_trying =3D false; + bool non_cache =3D false; + long new; + +try_cache: + /* If the ucounts.ns is not init_user_ns, and it has cache in its ns, con= sume cache */ + if (ns !=3D &init_user_ns) { + if (atomic_dec_return(&ns->rlimit_cache[type]) >=3D 0) { + new =3D __inc_rlimit_get_ucounts(ucounts, type, 1); + /* + * If new is below tlimit, return success + * Otherwise, goto non-cache logic. It should keep the + * rlimit below the tlimit as much as possible + */ + if (new <=3D tlimit) + return new; + non_cache =3D true; + } + /* Restore the previously incremented value */ + atomic_inc(&ns->rlimit_cache[type]); + + if (!non_cache && !is_trying && + rlimit_charge_cache(ucounts, type)) { + is_trying =3D true; + goto try_cache; + } + } =20 for (iter =3D ucounts; iter; iter =3D iter->ns->ucounts) { - long new =3D __inc_rlimit_get_ucounts(iter, type, 1); +retry_inc: + new =3D __inc_rlimit_get_ucounts(iter, type, 1); + + /* + * When the 'iter' is equal to 'ucounts', the 'new' value is what will b= e returned. + * + * Case 1: If the return value is larger than 'tlimit'. + * Case 2: If the 'new' value is larger than the maximum of 'rlimit_max'. + * + * In both cases, we need to drain the cache. This is because when the c= ache is + * present, the value might exceed the acceptable threshold. However, wh= en the + * cache is removed,the value should fall within the allowed limit + */ + if (iter =3D=3D ucounts) + ret =3D new; + + if ((new > max || ret > tlimit) && + rlimit_drain_type_cache(iter->ns, type) > 0) { + __dec_rlimit_put_ucounts(iter, type, 1); + goto retry_inc; + } =20 if (new <=3D 0 || new > max) goto dec_unwind; - if (iter =3D=3D ucounts) - ret =3D new; + if (!override_rlimit) max =3D get_userns_rlimit_max(iter->ns, type); } diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c index 9a2e77505b97..bc77c9acf426 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c @@ -190,6 +190,7 @@ int create_user_ns(struct cred *new) set_userns_rlimit_max(ns, UCOUNT_RLIMIT_MSGQUEUE, rlimit(RLIMIT_MSGQUEUE)= ); set_userns_rlimit_max(ns, UCOUNT_RLIMIT_SIGPENDING, rlimit(RLIMIT_SIGPEND= ING)); set_userns_rlimit_max(ns, UCOUNT_RLIMIT_MEMLOCK, rlimit(RLIMIT_MEMLOCK)); + init_userns_rlimit_cache(ns); ns->ucounts =3D ucounts; =20 /* Inherit USERNS_SETGROUPS_ALLOWED from our parent */ @@ -273,6 +274,7 @@ static void free_user_ns(struct work_struct *work) kfree(ns->binfmt_misc); #endif retire_userns_sysctls(ns); + rlimit_drain_cache(ns); key_free_user_ns(ns); ns_free_inum(&ns->ns); call_rcu(&ns->rcu, __free_user_ns); --=20 2.34.1 From nobody Mon Feb 9 00:46:17 2026 Received: from dggsgout11.his.huawei.com (dggsgout11.his.huawei.com [45.249.212.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0ED0D26FD9C for ; Fri, 9 May 2025 07:06:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=45.249.212.51 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746774419; cv=none; b=R65MYRDILiiFMYrrjx9VGgpGG67EpPMtA0kyMcRTH6nn7VQ4nV3L/UnWnfbIubuVP/rN7CmeJ5hyYJssAmSuWx6l5mLPomjfEYyiXF8/S1/tjZDmuqapQU6+wsGp8Ud3mC/NaaOJVtzGsWRoWvbrTIDxQpSKlzTAKK6cUAMOW5o= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746774419; c=relaxed/simple; bh=DeBb3Y+XWScfnqwEU5Q9GlaoCLY2ynWxUuVwmcUq9kY=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=UI/ti+X1j9osiAeVoT7vdV6afERyq6I1vt2UixE47zGFO0oDQbjOnAI1jY9OgqI/Tg73eqMYxwOsP7PitO8GFKUJKFEE0UGvIUc8AEuKCyZuewWL3ZgIiMCBJkonozYQFwVHbvRoektJpibZhV8iazKoxmgA3SGlFGeJBZpa9kY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com; spf=pass smtp.mailfrom=huaweicloud.com; arc=none smtp.client-ip=45.249.212.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huaweicloud.com Received: from mail.maildlp.com (unknown [172.19.163.235]) by dggsgout11.his.huawei.com (SkyGuard) with ESMTP id 4Zv0R767JKz4f3lgG for ; Fri, 9 May 2025 15:06:27 +0800 (CST) Received: from mail02.huawei.com (unknown [10.116.40.252]) by mail.maildlp.com (Postfix) with ESMTP id E875E1A1035 for ; Fri, 9 May 2025 15:06:53 +0800 (CST) Received: from hulk-vt.huawei.com (unknown [10.67.174.121]) by APP3 (Coremail) with SMTP id _Ch0CgAnesR4qR1ofcXLLg--.60961S7; Fri, 09 May 2025 15:06:53 +0800 (CST) From: Chen Ridong To: akpm@linux-foundation.org, paulmck@kernel.org, bigeasy@linutronix.de, legion@kernel.org, roman.gushchin@linux.dev, brauner@kernel.org, tglx@linutronix.de, frederic@kernel.org, peterz@infradead.org, oleg@redhat.com, joel.granados@kernel.org, viro@zeniv.linux.org.uk, lorenzo.stoakes@oracle.com, avagin@google.com, mengensun@tencent.com, linux@weissschuh.net, jlayton@kernel.org, ruanjinjie@huawei.com, kees@kernel.org Cc: linux-kernel@vger.kernel.org, lujialin4@huawei.com, chenridong@huaweicloud.com Subject: [RFC next 5/5] ucount: add rlimit cache for ucount Date: Fri, 9 May 2025 06:54:11 +0000 Message-Id: <20250509065417.147515-6-chenridong@huaweicloud.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250509065417.147515-1-chenridong@huaweicloud.com> References: <20250509065417.147515-1-chenridong@huaweicloud.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: _Ch0CgAnesR4qR1ofcXLLg--.60961S7 X-Coremail-Antispam: 1UD129KBjvJXoWfGrWfWr18Cr1kKw17AF1UWrg_yoWkZrWrpF WfG347Ar48XFsxtr1kt3yxZ34rGryrZry3JFWrG3sayF1agr1ruw17AFy5u343Jr4rJ3y2 qFW2gaykC3WUZ3DanT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUmS14x267AKxVWrJVCq3wAFc2x0x2IEx4CE42xK8VAvwI8IcIk0 rVWrJVCq3wAFIxvE14AKwVWUJVWUGwA2048vs2IY020E87I2jVAFwI0_JF0E3s1l82xGYI kIc2x26xkF7I0E14v26ryj6s0DM28lY4IEw2IIxxk0rwA2F7IY1VAKz4vEj48ve4kI8wA2 z4x0Y4vE2Ix0cI8IcVAFwI0_tr0E3s1l84ACjcxK6xIIjxv20xvEc7CjxVAFwI0_Gr1j6F 4UJwA2z4x0Y4vEx4A2jsIE14v26rxl6s0DM28EF7xvwVC2z280aVCY1x0267AKxVW0oVCq 3wAS0I0E0xvYzxvE52x082IY62kv0487Mc02F40EFcxC0VAKzVAqx4xG6I80ewAv7VC0I7 IYx2IY67AKxVWUJVWUGwAv7VC2z280aVAFwI0_Jr0_Gr1lOx8S6xCaFVCjc4AY6r1j6r4U M4x0Y48IcxkI7VAKI48JM4x0x7Aq67IIx4CEVc8vx2IErcIFxwACI402YVCY1x02628vn2 kIc2xKxwCY1x0262kKe7AKxVW8ZVWrXwCF04k20xvY0x0EwIxGrwCFx2IqxVCFs4IE7xkE bVWUJVW8JwC20s026c02F40E14v26r1j6r18MI8I3I0E7480Y4vE14v26r106r1rMI8E67 AF67kF1VAFwI0_GFv_WrylIxkGc2Ij64vIr41lIxAIcVC0I7IYx2IY67AKxVWUCVW8JwCI 42IY6xIIjxv20xvEc7CjxVAFwI0_Gr1j6F4UJwCI42IY6xAIw20EY4v20xvaj40_Jr0_JF 4lIxAIcVC2z280aVAFwI0_Jr0_Gr1lIxAIcVC2z280aVCY1x0267AKxVW8Jr0_Cr1UYxBI daVFxhVjvjDU0xZFpf9x0pRQJ5wUUUUU= X-CM-SenderInfo: hfkh02xlgr0w46kxt4xhlfz01xgou0bp/ Content-Type: text/plain; charset="utf-8" From: Chen Ridong The will-it-scale test case signal1 [1] has been observed. and the test results reveal that the signal sending system call lacks linearity. To further investigate this issue, we initiated a series of tests by launching varying numbers of dockers and closely monitored the throughput of each individual docker. The detailed test outcomes are presented as follows: | Dockers |1 |4 |8 |16 |32 |64 | | Throughput |380068 |353204 |308948 |306453 |180659 |129152 | The data clearly demonstrates a discernible trend: as the quantity of dockers increases, the throughput per container progressively declines. In-depth analysis has identified the root cause of this performance degradation. The ucouts module conducts statistics on rlimit, which involves a significant number of atomic operations. These atomic operations, when acting on the same variable, trigger a substantial number of cache misses or remote accesses, ultimately resulting in a drop in performance. Notably, even though a new user_namespace is created upon docker startup, the problem persists. This is because all these dockers share the same parent node, meaning that rlimit statistics continuously modify the same atomic variable. Currently, when incrementing a specific rlimit within a child user namespace by 1, the corresponding rlimit in the parent node must also be incremented by 1. Specifically, if the ucounts corresponding to a task in Docker B is ucount_b_1, after incrementing the rlimit of ucount_b_1 by 1, the rlimit of the parent node, init_ucounts, must also be incremented by 1. This operation should be ensured to stay within the limits set for the user namespaces. init_user_ns init_ucounts ^ ^ | | | |<---- usr_ns_a(docker A)|usr_ns_a->ucount---->| | | | |<---- usr_ns_b(docker B)|usr_ns_b->ucount---->| ^ ^ | | (add) cache_rlimit--->| | ucount_b_1(user1) What is expected is that dockers operating within separate namespaces should remain isolated and not interfere with one another. Regrettably, the current signal system call fails to achieve this desired level of isolation. To address the aforementioned issues, the concept of implementing a cache for each namespace's rlimit has been proposed. If a cache is added for each user namespace's rlimit, a certain amount of rlimits can be allocated to a particular namespace in one go. When resources are abundant, these resources do not need to be immediately returned to the parent node. Within a user namespace, if there are available values in the cache, there is no need to request additional resources from the parent node. The ultimate objective of this solution is to achieve complete isolation among namespaces. After applying this patch set, the final test results indicate that in the signal1 test case, the performance does not deteriorate as the number of containers increases. This effectively meets the goal of linear scalability. | Dockers |1 |4 |8 |16 |32 |64 | | Throughput |381809 |382284 |380640 |383515 |381318 |380120 | [1] https://github.com/antonblanchard/will-it-scale/blob/master/tests/ Signed-off-by: Chen Ridong --- include/linux/user_namespace.h | 11 ++- kernel/signal.c | 2 +- kernel/ucount.c | 131 +++++++++++++++++++++++++++++++-- kernel/user_namespace.c | 2 + 4 files changed, 139 insertions(+), 7 deletions(-) diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h index 823df9267a4a..30e80d46ab5f 100644 --- a/include/linux/user_namespace.h +++ b/include/linux/user_namespace.h @@ -113,6 +113,7 @@ struct user_namespace { struct ucounts *ucounts; long ucount_max[UCOUNT_COUNTS]; long rlimit_max[UCOUNT_RLIMIT_COUNTS]; + atomic_t rlimit_cache[UCOUNT_RLIMIT_COUNTS]; =20 #if IS_ENABLED(CONFIG_BINFMT_MISC) struct binfmt_misc *binfmt_misc; @@ -139,6 +140,8 @@ void dec_ucount(struct ucounts *ucounts, enum ucount_ty= pe type); struct ucounts *alloc_ucounts(struct user_namespace *ns, kuid_t uid); void put_ucounts(struct ucounts *ucounts); =20 +void rlimit_drain_cache(struct user_namespace *root); + static inline struct ucounts * __must_check get_ucounts(struct ucounts *uc= ounts) { if (rcuref_get(&ucounts->count)) @@ -154,7 +157,7 @@ static inline long get_rlimit_value(struct ucounts *uco= unts, enum rlimit_type ty long inc_rlimit_ucounts(struct ucounts *ucounts, enum rlimit_type type, lo= ng v); bool dec_rlimit_ucounts(struct ucounts *ucounts, enum rlimit_type type, lo= ng v); long inc_rlimit_get_ucounts(struct ucounts *ucounts, enum rlimit_type type, - bool override_rlimit); + bool override_rlimit, long tlimit); void dec_rlimit_put_ucounts(struct ucounts *ucounts, enum rlimit_type type= ); bool is_rlimit_overlimit(struct ucounts *ucounts, enum rlimit_type type, u= nsigned long max); =20 @@ -169,6 +172,12 @@ static inline void set_userns_rlimit_max(struct user_n= amespace *ns, ns->rlimit_max[type] =3D max <=3D LONG_MAX ? max : LONG_MAX; } =20 +static inline void init_userns_rlimit_cache(struct user_namespace *ns) +{ + for (int i =3D 0; i < UCOUNT_RLIMIT_COUNTS; ++i) + atomic_set(&ns->rlimit_cache[i], 0); +} + struct user_namespace *ns_next_child(struct user_namespace *pos, struct user_namespace *parent); struct user_namespace *ns_next_child_pre(struct user_namespace *pos, diff --git a/kernel/signal.c b/kernel/signal.c index 148082db9a55..e7147fcaa55f 100644 --- a/kernel/signal.c +++ b/kernel/signal.c @@ -416,7 +416,7 @@ static struct ucounts *sig_get_ucounts(struct task_stru= ct *t, int sig, rcu_read_lock(); ucounts =3D task_ucounts(t); sigpending =3D inc_rlimit_get_ucounts(ucounts, UCOUNT_RLIMIT_SIGPENDING, - override_rlimit); + override_rlimit, task_rlimit(t, RLIMIT_SIGPENDING)); rcu_read_unlock(); if (!sigpending) return NULL; diff --git a/kernel/ucount.c b/kernel/ucount.c index 33605e416724..f29ed2d3b3c8 100644 --- a/kernel/ucount.c +++ b/kernel/ucount.c @@ -16,6 +16,8 @@ struct ucounts init_ucounts =3D { =20 #define UCOUNTS_HASHTABLE_BITS 10 #define UCOUNTS_HASHTABLE_ENTRIES (1 << UCOUNTS_HASHTABLE_BITS) +#define UCOUNT_BATCH_SIZE 16 + static struct hlist_nulls_head ucounts_hashtable[UCOUNTS_HASHTABLE_ENTRIES= ] =3D { [0 ... UCOUNTS_HASHTABLE_ENTRIES - 1] =3D HLIST_NULLS_HEAD_INIT(0) }; @@ -315,24 +317,143 @@ static void do_dec_rlimit_put_ucounts(struct ucounts= *ucounts, =20 void dec_rlimit_put_ucounts(struct ucounts *ucounts, enum rlimit_type type) { - do_dec_rlimit_put_ucounts(ucounts, NULL, type, 1); + struct user_namespace *ns =3D ucounts->ns; + int cache; + + if (ns !=3D &init_user_ns) { + __dec_rlimit_put_ucounts(ucounts, type, 1); + cache =3D atomic_add_return(1, &ns->rlimit_cache[type]); + if (cache > UCOUNT_BATCH_SIZE) { + cache =3D atomic_sub_return(UCOUNT_BATCH_SIZE, + &ns->rlimit_cache[type]); + if (cache > 0) + do_dec_rlimit_put_ucounts(ns->ucounts, NULL, + type, UCOUNT_BATCH_SIZE); + else + atomic_add(UCOUNT_BATCH_SIZE, &ns->rlimit_cache[type]); + } + } else { + do_dec_rlimit_put_ucounts(ucounts, NULL, type, 1); + } +} + +/* Drain the root cache, return how many cache have been relcaimed */ +static int rlimit_drain_type_cache(struct user_namespace *root, enum rlimi= t_type type) +{ + struct user_namespace *child; + int reclaim_cache =3D 0; + + rcu_read_lock(); + ns_for_each_child_pre(child, root) { + int cache; +retry: + cache =3D atomic_read(&child->rlimit_cache[type]); + if (cache > 0) { + int old =3D atomic_cmpxchg(&child->rlimit_cache[type], cache, 0); + + if (cache =3D=3D old) { + reclaim_cache +=3D cache; + do_dec_rlimit_put_ucounts(child->ucounts, NULL, type, cache); + } else { + goto retry; + } + } + } + rcu_read_unlock(); + return reclaim_cache; +} + +void rlimit_drain_cache(struct user_namespace *root) +{ + for (int i =3D 0; i < UCOUNT_RLIMIT_COUNTS; i++) + rlimit_drain_type_cache(root, i); +} + +static bool rlimit_charge_cache(struct ucounts *ucounts, enum rlimit_type = type) +{ + struct ucounts *iter; + long max =3D LONG_MAX; + long new; + struct user_namespace *ns =3D ucounts->ns; + + for (iter =3D ns->ucounts; iter; iter =3D iter->ns->ucounts) { + max =3D get_userns_rlimit_max(iter->ns, type); + new =3D __inc_rlimit_get_ucounts(iter, type, UCOUNT_BATCH_SIZE); + if (new <=3D 0 || new > max) + goto dec_unwind; + } + + /* charge ok, add the ns's cache */ + atomic_add_return(UCOUNT_BATCH_SIZE, &ucounts->ns->rlimit_cache[type]); + return true; + +dec_unwind: + do_dec_rlimit_put_ucounts(ns->ucounts, iter, type, UCOUNT_BATCH_SIZE); + return false; } =20 long inc_rlimit_get_ucounts(struct ucounts *ucounts, enum rlimit_type type, - bool override_rlimit) + bool override_rlimit, long tlimit) { /* Caller must hold a reference to ucounts */ struct ucounts *iter; long max =3D LONG_MAX; long ret =3D 0; + struct user_namespace *ns =3D ucounts->ns; + bool is_trying =3D false; + bool non_cache =3D false; + long new; + +try_cache: + /* If the ucounts.ns is not init_user_ns, and it has cache in its ns, con= sume cache */ + if (ns !=3D &init_user_ns) { + if (atomic_dec_return(&ns->rlimit_cache[type]) >=3D 0) { + new =3D __inc_rlimit_get_ucounts(ucounts, type, 1); + /* + * If new is below tlimit, return success + * Otherwise, goto non-cache logic. It should keep the + * rlimit below the tlimit as much as possible + */ + if (new <=3D tlimit) + return new; + non_cache =3D true; + } + /* Restore the previously incremented value */ + atomic_inc(&ns->rlimit_cache[type]); + + if (!non_cache && !is_trying && + rlimit_charge_cache(ucounts, type)) { + is_trying =3D true; + goto try_cache; + } + } =20 for (iter =3D ucounts; iter; iter =3D iter->ns->ucounts) { - long new =3D __inc_rlimit_get_ucounts(iter, type, 1); +retry_inc: + new =3D __inc_rlimit_get_ucounts(iter, type, 1); + + /* + * When the 'iter' is equal to 'ucounts', the 'new' value is what will b= e returned. + * + * Case 1: If the return value is larger than 'tlimit'. + * Case 2: If the 'new' value is larger than the maximum of 'rlimit_max'. + * + * In both cases, we need to drain the cache. This is because when the c= ache is + * present, the value might exceed the acceptable threshold. However, wh= en the + * cache is removed,the value should fall within the allowed limit + */ + if (iter =3D=3D ucounts) + ret =3D new; + + if ((new > max || ret > tlimit) && + rlimit_drain_type_cache(iter->ns, type) > 0) { + __dec_rlimit_put_ucounts(iter, type, 1); + goto retry_inc; + } =20 if (new <=3D 0 || new > max) goto dec_unwind; - if (iter =3D=3D ucounts) - ret =3D new; + if (!override_rlimit) max =3D get_userns_rlimit_max(iter->ns, type); } diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c index 9a2e77505b97..bc77c9acf426 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c @@ -190,6 +190,7 @@ int create_user_ns(struct cred *new) set_userns_rlimit_max(ns, UCOUNT_RLIMIT_MSGQUEUE, rlimit(RLIMIT_MSGQUEUE)= ); set_userns_rlimit_max(ns, UCOUNT_RLIMIT_SIGPENDING, rlimit(RLIMIT_SIGPEND= ING)); set_userns_rlimit_max(ns, UCOUNT_RLIMIT_MEMLOCK, rlimit(RLIMIT_MEMLOCK)); + init_userns_rlimit_cache(ns); ns->ucounts =3D ucounts; =20 /* Inherit USERNS_SETGROUPS_ALLOWED from our parent */ @@ -273,6 +274,7 @@ static void free_user_ns(struct work_struct *work) kfree(ns->binfmt_misc); #endif retire_userns_sysctls(ns); + rlimit_drain_cache(ns); key_free_user_ns(ns); ns_free_inum(&ns->ns); call_rcu(&ns->rcu, __free_user_ns); --=20 2.34.1