Commit eeec26d5 authored by Dmitry Safonov's avatar Dmitry Safonov Committed by Thomas Gleixner
Browse files

time/namespace: Add max_time_namespaces ucount 



Michael noticed that userns limit for number of time namespaces is missing.

Furthermore, time namespace introduced UCOUNT_TIME_NAMESPACES, but didn't
introduce an array member in user_table[]. It would make array's
initialisation OOB write, but by luck the user_table array has an excessive
empty member (all accesses to the array are limited with UCOUNT_COUNTS - so
it silently reuses the last free member.

Fixes user-visible regression: max_inotify_instances by reason of the
missing UCOUNT_ENTRY() has limited max number of namespaces instead of the
number of inotify instances.

Fixes: 769071ac ("ns: Introduce Time Namespace")
Reported-by: default avatarMichael Kerrisk (man-pages) <mtk.manpages@gmail.com>
Signed-off-by: default avatarDmitry Safonov <dima@arista.com>
Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
Acked-by: default avatarAndrei Vagin <avagin@gmail.com>
Acked-by: default avatarVincenzo Frascino <vincenzo.frascino@arm.com>
Cc: stable@kernel.org
Link: https://lkml.kernel.org/r/20200406171342.128733-1-dima@arista.com
parent b801f1e2

Documentation/admin-guide/sysctl/user.rst

+6 −0
Original line number Original line Diff line number Diff line
@@ -65,6 +65,12 @@ max_pid_namespaces 
  The maximum number of pid namespaces that any user in the current

  The maximum number of pid namespaces that any user in the current

  user namespace may create.

  user namespace may create.





max_time_namespaces

===================



  The maximum number of time namespaces that any user in the current

  user namespace may create.



max_user_namespaces

max_user_namespaces

===================

===================

kernel/ucount.c

+1 −0
Original line number Original line Diff line number Diff line
@@ -69,6 +69,7 @@ static struct ctl_table user_table[] = { 
	UCOUNT_ENTRY("max_net_namespaces"),

	UCOUNT_ENTRY("max_net_namespaces"),

	UCOUNT_ENTRY("max_mnt_namespaces"),

	UCOUNT_ENTRY("max_mnt_namespaces"),

	UCOUNT_ENTRY("max_cgroup_namespaces"),

	UCOUNT_ENTRY("max_cgroup_namespaces"),

	UCOUNT_ENTRY("max_time_namespaces"),

#ifdef CONFIG_INOTIFY_USER

#ifdef CONFIG_INOTIFY_USER

	UCOUNT_ENTRY("max_inotify_instances"),

	UCOUNT_ENTRY("max_inotify_instances"),

	UCOUNT_ENTRY("max_inotify_watches"),

	UCOUNT_ENTRY("max_inotify_watches"),