From: "Eric W. Biederman" <ebiederm@xmission.com>
To: Linux Containers <containers@lists.linux-foundation.org>
Cc: Andy Lutomirski <luto@amacapital.net>, Jann Horn <jann@thejh.net>,
Kees Cook <keescook@chromium.org>,
Nikolay Borisov <kernel@kyup.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
Seth Forshee <seth.forshee@canonical.com>,
linux-fsdevel@vger.kernel.org, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-api@vger.kernel.org,
"Eric W. Biederman" <ebiederm@xmission.com>
Subject: [PATCH v2 01/10] sysctl: Stop implicitly passing current into sysctl_table_root.lookup
Date: Thu, 21 Jul 2016 11:40:05 -0500 [thread overview]
Message-ID: <20160721164014.17534-1-ebiederm@xmission.com> (raw)
In-Reply-To: <87d1m754jc.fsf@x220.int.ebiederm.org>
Passing nsproxy into sysctl_table_root.lookup was a premature
optimization in attempt to avoid depending on current. The
directory /proc/self/sys has not appeared and if and when
it does this code will need to be reviewed closely and reworked
anyway. So remove the premature optimization.
Acked-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
fs/proc/proc_sysctl.c | 14 +++++++-------
include/linux/sysctl.h | 3 +--
net/sysctl_net.c | 4 ++--
3 files changed, 10 insertions(+), 11 deletions(-)
diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
index 5e57c3e46e1d..534630687489 100644
--- a/fs/proc/proc_sysctl.c
+++ b/fs/proc/proc_sysctl.c
@@ -72,7 +72,7 @@ static DEFINE_SPINLOCK(sysctl_lock);
static void drop_sysctl_table(struct ctl_table_header *header);
static int sysctl_follow_link(struct ctl_table_header **phead,
- struct ctl_table **pentry, struct nsproxy *namespaces);
+ struct ctl_table **pentry);
static int insert_links(struct ctl_table_header *head);
static void put_links(struct ctl_table_header *header);
@@ -319,11 +319,11 @@ static void sysctl_head_finish(struct ctl_table_header *head)
}
static struct ctl_table_set *
-lookup_header_set(struct ctl_table_root *root, struct nsproxy *namespaces)
+lookup_header_set(struct ctl_table_root *root)
{
struct ctl_table_set *set = &root->default_set;
if (root->lookup)
- set = root->lookup(root, namespaces);
+ set = root->lookup(root);
return set;
}
@@ -491,7 +491,7 @@ static struct dentry *proc_sys_lookup(struct inode *dir, struct dentry *dentry,
goto out;
if (S_ISLNK(p->mode)) {
- ret = sysctl_follow_link(&h, &p, current->nsproxy);
+ ret = sysctl_follow_link(&h, &p);
err = ERR_PTR(ret);
if (ret)
goto out;
@@ -659,7 +659,7 @@ static bool proc_sys_link_fill_cache(struct file *file,
if (S_ISLNK(table->mode)) {
/* It is not an error if we can not follow the link ignore it */
- int err = sysctl_follow_link(&head, &table, current->nsproxy);
+ int err = sysctl_follow_link(&head, &table);
if (err)
goto out;
}
@@ -976,7 +976,7 @@ static struct ctl_dir *xlate_dir(struct ctl_table_set *set, struct ctl_dir *dir)
}
static int sysctl_follow_link(struct ctl_table_header **phead,
- struct ctl_table **pentry, struct nsproxy *namespaces)
+ struct ctl_table **pentry)
{
struct ctl_table_header *head;
struct ctl_table_root *root;
@@ -988,7 +988,7 @@ static int sysctl_follow_link(struct ctl_table_header **phead,
ret = 0;
spin_lock(&sysctl_lock);
root = (*pentry)->data;
- set = lookup_header_set(root, namespaces);
+ set = lookup_header_set(root);
dir = xlate_dir(set, (*phead)->parent);
if (IS_ERR(dir))
ret = PTR_ERR(dir);
diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
index fa7bc29925c9..6385b331f2b9 100644
--- a/include/linux/sysctl.h
+++ b/include/linux/sysctl.h
@@ -154,8 +154,7 @@ struct ctl_table_set {
struct ctl_table_root {
struct ctl_table_set default_set;
- struct ctl_table_set *(*lookup)(struct ctl_table_root *root,
- struct nsproxy *namespaces);
+ struct ctl_table_set *(*lookup)(struct ctl_table_root *root);
int (*permissions)(struct ctl_table_header *head, struct ctl_table *table);
};
diff --git a/net/sysctl_net.c b/net/sysctl_net.c
index ed98c1fc3de1..2951f229a855 100644
--- a/net/sysctl_net.c
+++ b/net/sysctl_net.c
@@ -27,9 +27,9 @@
#endif
static struct ctl_table_set *
-net_ctl_header_lookup(struct ctl_table_root *root, struct nsproxy *namespaces)
+net_ctl_header_lookup(struct ctl_table_root *root)
{
- return &namespaces->net_ns->sysctls;
+ return ¤t->nsproxy->net_ns->sysctls;
}
static int is_seen(struct ctl_table_set *set)
--
2.8.3
next prev parent reply other threads:[~2016-07-21 16:53 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <8737n5dscy.fsf@x220.int.ebiederm.org>
2016-07-21 16:39 ` [PATCH v2 00/10] userns: sysctl limits for namespaces Eric W. Biederman
2016-07-21 16:40 ` Eric W. Biederman [this message]
2016-07-21 16:40 ` [PATCH v2 02/10] userns: Add per user namespace sysctls Eric W. Biederman
2016-07-26 0:02 ` Eric W. Biederman
2016-07-26 0:24 ` David Miller
2016-07-26 0:44 ` Eric W. Biederman
2016-07-26 2:58 ` David Miller
2016-07-26 4:00 ` Eric W. Biederman
2016-07-21 16:40 ` [PATCH v2 03/10] userns: Add a limit on the number of user namespaces Eric W. Biederman
2016-07-25 23:05 ` Serge E. Hallyn
2016-07-21 16:40 ` [PATCH v2 04/10] userns: Generalize the user namespace count into ucount Eric W. Biederman
2016-07-25 23:09 ` Serge E. Hallyn
2016-07-21 16:40 ` [PATCH v2 05/10] pidns: Add a limit on the number of pid namespaces Eric W. Biederman
2016-07-25 23:09 ` Serge E. Hallyn
2016-07-21 16:40 ` [PATCH v2 06/10] utsns: Add a limit on the number of uts namespaces Eric W. Biederman
2016-07-25 23:09 ` Serge E. Hallyn
2016-07-21 16:40 ` [PATCH v2 07/10] ipcns: Add a limit on the number of ipc namespaces Eric W. Biederman
2016-07-25 23:10 ` Serge E. Hallyn
2016-07-21 16:40 ` [PATCH v2 08/10] cgroupns: Add a limit on the number of cgroup namespaces Eric W. Biederman
2016-07-25 23:12 ` Serge E. Hallyn
2016-07-21 16:40 ` [PATCH v2 09/10] netns: Add a limit on the number of net namespaces Eric W. Biederman
2016-07-25 23:13 ` Serge E. Hallyn
2016-07-26 6:01 ` Andrei Vagin
2016-07-26 20:00 ` Eric W. Biederman
2016-07-21 16:40 ` [PATCH v2 10/10] mntns: Add a limit on the number of mount namespaces Eric W. Biederman
2016-07-25 23:15 ` Serge E. Hallyn
2016-07-22 13:33 ` [PATCH v2 00/10] userns: sysctl limits for namespaces Colin Walters
2016-07-22 18:45 ` Eric W. Biederman
2016-07-22 21:46 ` Kees Cook
2016-07-23 2:11 ` Eric W. Biederman
2016-07-26 10:27 ` Michael Kerrisk (man-pages)
2016-07-26 15:14 ` Eric W. Biederman
2016-07-26 10:30 ` Michael Kerrisk (man-pages)
2016-07-26 15:06 ` Eric W. Biederman
2016-07-26 16:52 ` Kees Cook
2016-07-26 17:29 ` Michael Kerrisk (man-pages)
2016-07-26 20:44 ` Kees Cook
2016-08-08 21:16 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160721164014.17534-1-ebiederm@xmission.com \
--to=ebiederm@xmission.com \
--cc=containers@lists.linux-foundation.org \
--cc=jann@thejh.net \
--cc=keescook@chromium.org \
--cc=kernel@kyup.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=netdev@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=seth.forshee@canonical.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).