Changes in Makefile

762f99f4f3cb41a775b5157dd761217beba65873 - Merge branch 'next' into for-linus

Sat, 15 Jan 2022 21:09:44 +0100

Merge branch 'next' into for-linusPrepare input updates for 5.17 merge window. List of files: /linux/tools/testing/selftests/rlimits/Makefile

5d8dfaa71d87f742c53309b95cb6a8b274119027 - Merge tag 'v5.15' into next

Thu, 09 Dec 2021 08:43:50 +0100

Merge tag 'v5.15' into nextSync up with the mainline to get the latest APIs and DT bindings. List of files: /linux/tools/testing/selftests/rlimits/Makefile

46466ae3a105d9620e1355e33125a413b8c6ce18 - Merge branch 'perf/urgent' into perf/core, to pick up fixes

Thu, 26 Aug 2021 09:14:05 +0200

Merge branch 'perf/urgent' into perf/core, to pick up fixesSigned-off-by: Ingo Molnar List of files: /linux/tools/testing/selftests/rlimits/Makefile

c87866ede44ad7da6b296d732221dc34ce1b154d - Merge tag 'v5.14-rc6' into locking/core, to pick up fixes

Tue, 17 Aug 2021 16:16:29 +0200

Merge tag 'v5.14-rc6' into locking/core, to pick up fixesSigned-off-by: Ingo Molnar List of files: /linux/tools/testing/selftests/rlimits/Makefile

ca31fef11dc83e672415d5925a134749761329bd - Backmerge remote-tracking branch 'drm/drm-next' into drm-misc-next

Tue, 27 Jul 2021 12:48:17 +0200

Backmerge remote-tracking branch 'drm/drm-next' into drm-misc-nextRequired bump from v5.13-rc3 to v5.14-rc3, and to pick up sysfb compilation fixes.Signed-off-by: Maarten Lankhorst List of files: /linux/tools/testing/selftests/rlimits/Makefile

611ac726f9ebbb12f2113e5345ef109660954eeb - Merge drm/drm-next into drm-intel-gt-next

Tue, 13 Jul 2021 21:52:51 +0200

Merge drm/drm-next into drm-intel-gt-nextCatching up with 5.14-rc1 and also preparing for aneeded common topic branch for the "Minor revid/steppingand workaround cleanup"Reference: https://patchwork.freedesktop.org/series/92299/Signed-off-by: Rodrigo Vivi List of files: /linux/tools/testing/selftests/rlimits/Makefile

d5bfbad214369f543958a1c6c55fa805e3f14976 - Merge drm/drm-next into drm-intel-next

Tue, 13 Jul 2021 21:51:31 +0200

Merge drm/drm-next into drm-intel-nextCatching up with 5.14-rc1Signed-off-by: Rodrigo Vivi List of files: /linux/tools/testing/selftests/rlimits/Makefile

353b7a55dcaf5fb8758e09ebe2ddf5f3adbac7c5 - Merge branch 'fixes-v5.14' into fixes

Tue, 27 Jul 2021 10:25:08 +0200

Merge branch 'fixes-v5.14' into fixes List of files: /linux/tools/testing/selftests/rlimits/Makefile

c503c193db7d7ccc0c58b1ef694eaef331318149 - Merge branch 'cpufreq/cppc-fie' into cpufreq/arm/linux-next

Thu, 01 Jul 2021 04:02:37 +0200

Merge branch 'cpufreq/cppc-fie' into cpufreq/arm/linux-next List of files: /linux/tools/testing/selftests/rlimits/Makefile

857286e4c5ae5d2e860fd15d4628e707b434d7e5 - Merge remote-tracking branch 'torvalds/master' into perf/core

Wed, 30 Jun 2021 20:27:32 +0200

Merge remote-tracking branch 'torvalds/master' into perf/coreTo pick up fixes.Signed-off-by: Arnaldo Carvalho de Melo List of files: /linux/tools/testing/selftests/rlimits/Makefile

c54b245d011855ea91c5beff07f1db74143ce614 - Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace

Tue, 29 Jun 2021 05:39:26 +0200

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespacePull user namespace rlimit handling update from Eric Biederman: "This is the work mainly by Alexey Gladkov to limit rlimits to the rlimits of the user that created a user namespace, and to allow users to have stricter limits on the resources created within a user namespace."* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: cred: add missing return error code when set_cred_ucounts() failed ucounts: Silence warning in dec_rlimit_ucounts ucounts: Set ucount_max to the largest positive value the type can hold kselftests: Add test to check for rlimit changes in different user namespaces Reimplement RLIMIT_MEMLOCK on top of ucounts Reimplement RLIMIT_SIGPENDING on top of ucounts Reimplement RLIMIT_MSGQUEUE on top of ucounts Reimplement RLIMIT_NPROC on top of ucounts Use atomic_t for ucounts reference counting Add a reference to ucounts for each cred Increase size of ucounts to atomic_long_t List of files: /linux/tools/testing/selftests/rlimits/Makefile

9b624988221b7cb259da77dd67ef0ee4d6b56d12 - ucounts: Count rlimits in each user namespace

Fri, 30 Apr 2021 21:15:34 +0200

ucounts: Count rlimits in each user namespacePreface-------These patches are for binding the rlimit counters to a user in user namespace.This patch set can be applied on top of:git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git v5.12-rc4Problem-------The RLIMIT_NPROC, RLIMIT_MEMLOCK, RLIMIT_SIGPENDING, RLIMIT_MSGQUEUE rlimitsimplementation places the counters in user_struct [1]. These limits are globalbetween processes and persists for the lifetime of the process, even ifprocesses are in different user namespaces.To illustrate the impact of rlimits, let's say there is a program that does notfork. Some service-A wants to run this program as user X in multiple containers.Since the program never fork the service wants to set RLIMIT_NPROC=1.service-A \- program (uid=1000, container1, rlimit_nproc=1) \- program (uid=1000, container2, rlimit_nproc=1)The service-A sets RLIMIT_NPROC=1 and runs the program in container1. When theservice-A tries to run a program with RLIMIT_NPROC=1 in container2 it failssince user X already has one running process.The problem is not that the limit from container1 affects container2. Theproblem is that limit is verified against the global counter that reflectsthe number of processes in all containers.This problem can be worked around by using different users for each containerbut in this case we face a different problem of uid mapping when transferringfiles from one container to another.Eric W. Biederman mentioned this issue [2][3].Introduced changes------------------To address the problem, we bind rlimit counters to user namespace. Each counterreflects the number of processes in a given uid in a given user namespace. Theresult is a tree of rlimit counters with the biggest value at the root (akainit_user_ns). The limit is considered exceeded if it's exceeded up in the tree.[1]: https://lore.kernel.org/containers/87imd2incs.fsf@x220.int.ebiederm.org/[2]: https://lists.linuxfoundation.org/pipermail/containers/2020-August/042096.html[3]: https://lists.linuxfoundation.org/pipermail/containers/2020-October/042524.htmlChangelog---------v11:* Revert most of changes in signal.c to fix performance issues and remove unnecessary memory allocations.* Fixed issue found by lkp robot (again).v10:* Fixed memory leak in __sigqueue_alloc.* Handled an unlikely situation when all consumers will return ucounts at once.* Addressed other review comments from Eric W. Biederman.v9:* Used a negative value to check that the ucounts->count is close to overflow.* Rebased onto v5.12-rc4.v8:* Used atomic_t for ucounts reference counting. Also added counter overflow check (thanks to Linus Torvalds for the idea).* Fixed other issues found by lkp-tests project in the patch that Reimplements RLIMIT_MEMLOCK on top of ucounts.v7:* Fixed issues found by lkp-tests project in the patch that Reimplements RLIMIT_MEMLOCK on top of ucounts.v6:* Fixed issues found by lkp-tests project.* Rebased onto v5.11.v5:* Split the first commit into two commits: change ucounts.count type to atomic_long_t and add ucounts to cred. These commits were merged by mistake during the rebase.* The __get_ucounts() renamed to alloc_ucounts().* The cred.ucounts update has been moved from commit_creds() as it did not allow to handle errors.* Added error handling of set_cred_ucounts().v4:* Reverted the type change of ucounts.count to refcount_t.* Fixed typo in the kernel/cred.cv3:* Added get_ucounts() function to increase the reference count. The existing get_counts() function renamed to __get_ucounts().* The type of ucounts.count changed from atomic_t to refcount_t.* Dropped 'const' from set_cred_ucounts() arguments.* Fixed a bug with freeing the cred structure after calling cred_alloc_blank().* Commit messages have been updated.* Added selftest.v2:* RLIMIT_MEMLOCK, RLIMIT_SIGPENDING and RLIMIT_MSGQUEUE are migrated to ucounts.* Added ucounts for pair uid and user namespace into cred.* Added the ability to increase ucount by more than 1.v1:* After discussion with Eric W. Biederman, I increased the size of ucounts to atomic_long_t.* Added ucount_max to avoid the fork bomb.--Alexey Gladkov (9): Increase size of ucounts to atomic_long_t Add a reference to ucounts for each cred Use atomic_t for ucounts reference counting Reimplement RLIMIT_NPROC on top of ucounts Reimplement RLIMIT_MSGQUEUE on top of ucounts Reimplement RLIMIT_SIGPENDING on top of ucounts Reimplement RLIMIT_MEMLOCK on top of ucounts kselftests: Add test to check for rlimit changes in different user namespaces ucounts: Set ucount_max to the largest positive value the type can hold fs/exec.c | 6 +- fs/hugetlbfs/inode.c | 16 +- fs/proc/array.c | 2 +- include/linux/cred.h | 4 + include/linux/hugetlb.h | 4 +- include/linux/mm.h | 4 +- include/linux/sched/user.h | 7 - include/linux/shmem_fs.h | 2 +- include/linux/signal_types.h | 4 +- include/linux/user_namespace.h | 31 +++- ipc/mqueue.c | 40 ++--- ipc/shm.c | 26 +-- kernel/cred.c | 50 +++++- kernel/exit.c | 2 +- kernel/fork.c | 18 +- kernel/signal.c | 25 +-- kernel/sys.c | 14 +- kernel/ucount.c | 116 ++++++++++--- kernel/user.c | 3 - kernel/user_namespace.c | 9 +- mm/memfd.c | 4 +- mm/mlock.c | 22 ++- mm/mmap.c | 4 +- mm/shmem.c | 10 +- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/rlimits/.gitignore | 2 + tools/testing/selftests/rlimits/Makefile | 6 + tools/testing/selftests/rlimits/config | 1 + .../selftests/rlimits/rlimits-per-userns.c | 161 ++++++++++++++++++ 29 files changed, 467 insertions(+), 127 deletions(-) create mode 100644 tools/testing/selftests/rlimits/.gitignore create mode 100644 tools/testing/selftests/rlimits/Makefile create mode 100644 tools/testing/selftests/rlimits/config create mode 100644 tools/testing/selftests/rlimits/rlimits-per-userns.cLink: https://lkml.kernel.org/r/cover.1619094428.git.legion@kernel.org List of files: /linux/tools/testing/selftests/rlimits/Makefile

e4aebf06695c32d49f1007f9d252f97b5b2998a7 - kselftests: Add test to check for rlimit changes in different user namespaces

Thu, 22 Apr 2021 14:27:15 +0200

kselftests: Add test to check for rlimit changes in different user namespacesThe testcase runs few instances of the program with RLIMIT_NPROC=1 fromuser uid=60000, in different user namespaces.Signed-off-by: Alexey Gladkov Link: https://lkml.kernel.org/r/28cafdcdd4abd8494b34a27f1970b666b30de8bf.1619094428.git.legion@kernel.orgSigned-off-by: Eric W. Biederman List of files: /linux/tools/testing/selftests/rlimits/Makefile