Re: [PATCH 1/2] namespaces: give each namespace a serial number
Quoting Richard Guy Briggs (r...@redhat.com):
> On 14/05/02, Serge E. Hallyn wrote:
> > Quoting Richard Guy Briggs (r...@redhat.com):
> >
> > Most of this looks reasonable, but I'm curious about something,
> >
> > > +/**
> > > + * ns_serial - compute a serial number for the namespace
> > > + *
> > > + * Compute a serial number for the namespace to uniquely identify it in
> > > + * audit records.
> > > + */
> > > +unsigned int ns_serial(void)
> > > +{
> > > + static DEFINE_SPINLOCK(serial_lock);
> > > + static unsigned int serial = 4; /* reserved for IPC, UTS, user, PID */
> > > +
> > > + unsigned long flags;
> > > + unsigned int ret;
> > > +
> > > + spin_lock_irqsave(_lock, flags);
> > > + do {
> > > + ret = ++serial;
> > > + } while (unlikely(!ret));
> >
> > Why exactly are you doing this? Surely if serial is going to
> > wrap around we've got a bigger problem than just wanting go
> > bump one more time?
>
> Thanks for catching this.
> The code was templated off audit_serial() which tries to solve a
> different problem and rolling it is much more likely. I hadn't noticed
> that rollover protection. However, I *had* thought of making it a long
> (which would be the same size on 32-bit arches, but larger on 64-bit)
> since a 64-bit system is more likely to roll it out of sheer speed and
> resource availability. But perhaps a long long would be safer.
Sounds good, and perhaps a BUG_ON(!serial) for good measure.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 1/2] namespaces: give each namespace a serial number
On 14/05/02, Serge E. Hallyn wrote:
> Quoting Richard Guy Briggs (r...@redhat.com):
>
> Most of this looks reasonable, but I'm curious about something,
>
> > +/**
> > + * ns_serial - compute a serial number for the namespace
> > + *
> > + * Compute a serial number for the namespace to uniquely identify it in
> > + * audit records.
> > + */
> > +unsigned int ns_serial(void)
> > +{
> > + static DEFINE_SPINLOCK(serial_lock);
> > + static unsigned int serial = 4; /* reserved for IPC, UTS, user, PID */
> > +
> > + unsigned long flags;
> > + unsigned int ret;
> > +
> > + spin_lock_irqsave(_lock, flags);
> > + do {
> > + ret = ++serial;
> > + } while (unlikely(!ret));
>
> Why exactly are you doing this? Surely if serial is going to
> wrap around we've got a bigger problem than just wanting go
> bump one more time?
Thanks for catching this.
The code was templated off audit_serial() which tries to solve a
different problem and rolling it is much more likely. I hadn't noticed
that rollover protection. However, I *had* thought of making it a long
(which would be the same size on 32-bit arches, but larger on 64-bit)
since a 64-bit system is more likely to roll it out of sheer speed and
resource availability. But perhaps a long long would be safer.
> > + spin_unlock_irqrestore(_lock, flags);
> > +
> > + return ret;
> > +}
- RGB
--
Richard Guy Briggs
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red
Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 1/2] namespaces: give each namespace a serial number
On 14/05/02, Serge E. Hallyn wrote:
Quoting Richard Guy Briggs (r...@redhat.com):
Most of this looks reasonable, but I'm curious about something,
+/**
+ * ns_serial - compute a serial number for the namespace
+ *
+ * Compute a serial number for the namespace to uniquely identify it in
+ * audit records.
+ */
+unsigned int ns_serial(void)
+{
+ static DEFINE_SPINLOCK(serial_lock);
+ static unsigned int serial = 4; /* reserved for IPC, UTS, user, PID */
+
+ unsigned long flags;
+ unsigned int ret;
+
+ spin_lock_irqsave(serial_lock, flags);
+ do {
+ ret = ++serial;
+ } while (unlikely(!ret));
Why exactly are you doing this? Surely if serial is going to
wrap around we've got a bigger problem than just wanting go
bump one more time?
Thanks for catching this.
The code was templated off audit_serial() which tries to solve a
different problem and rolling it is much more likely. I hadn't noticed
that rollover protection. However, I *had* thought of making it a long
(which would be the same size on 32-bit arches, but larger on 64-bit)
since a 64-bit system is more likely to roll it out of sheer speed and
resource availability. But perhaps a long long would be safer.
+ spin_unlock_irqrestore(serial_lock, flags);
+
+ return ret;
+}
- RGB
--
Richard Guy Briggs rbri...@redhat.com
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red
Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 1/2] namespaces: give each namespace a serial number
Quoting Richard Guy Briggs (r...@redhat.com):
On 14/05/02, Serge E. Hallyn wrote:
Quoting Richard Guy Briggs (r...@redhat.com):
Most of this looks reasonable, but I'm curious about something,
+/**
+ * ns_serial - compute a serial number for the namespace
+ *
+ * Compute a serial number for the namespace to uniquely identify it in
+ * audit records.
+ */
+unsigned int ns_serial(void)
+{
+ static DEFINE_SPINLOCK(serial_lock);
+ static unsigned int serial = 4; /* reserved for IPC, UTS, user, PID */
+
+ unsigned long flags;
+ unsigned int ret;
+
+ spin_lock_irqsave(serial_lock, flags);
+ do {
+ ret = ++serial;
+ } while (unlikely(!ret));
Why exactly are you doing this? Surely if serial is going to
wrap around we've got a bigger problem than just wanting go
bump one more time?
Thanks for catching this.
The code was templated off audit_serial() which tries to solve a
different problem and rolling it is much more likely. I hadn't noticed
that rollover protection. However, I *had* thought of making it a long
(which would be the same size on 32-bit arches, but larger on 64-bit)
since a 64-bit system is more likely to roll it out of sheer speed and
resource availability. But perhaps a long long would be safer.
Sounds good, and perhaps a BUG_ON(!serial) for good measure.
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 1/2] namespaces: give each namespace a serial number
Quoting Richard Guy Briggs (r...@redhat.com):
Most of this looks reasonable, but I'm curious about something,
> +/**
> + * ns_serial - compute a serial number for the namespace
> + *
> + * Compute a serial number for the namespace to uniquely identify it in
> + * audit records.
> + */
> +unsigned int ns_serial(void)
> +{
> + static DEFINE_SPINLOCK(serial_lock);
> + static unsigned int serial = 4; /* reserved for IPC, UTS, user, PID */
> +
> + unsigned long flags;
> + unsigned int ret;
> +
> + spin_lock_irqsave(_lock, flags);
> + do {
> + ret = ++serial;
> + } while (unlikely(!ret));
Why exactly are you doing this? Surely if serial is going to
wrap around we've got a bigger problem than just wanting go
bump one more time?
> + spin_unlock_irqrestore(_lock, flags);
> +
> + return ret;
> +}
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 1/2] namespaces: give each namespace a serial number
Quoting Richard Guy Briggs (r...@redhat.com):
Most of this looks reasonable, but I'm curious about something,
+/**
+ * ns_serial - compute a serial number for the namespace
+ *
+ * Compute a serial number for the namespace to uniquely identify it in
+ * audit records.
+ */
+unsigned int ns_serial(void)
+{
+ static DEFINE_SPINLOCK(serial_lock);
+ static unsigned int serial = 4; /* reserved for IPC, UTS, user, PID */
+
+ unsigned long flags;
+ unsigned int ret;
+
+ spin_lock_irqsave(serial_lock, flags);
+ do {
+ ret = ++serial;
+ } while (unlikely(!ret));
Why exactly are you doing this? Surely if serial is going to
wrap around we've got a bigger problem than just wanting go
bump one more time?
+ spin_unlock_irqrestore(serial_lock, flags);
+
+ return ret;
+}
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
