Commit 758f8758 authored by Linus Torvalds's avatar Linus Torvalds

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace

Pull user namespace update from Eric Biederman:
 "The only change that is production ready this round is the work to
  increase the number of uid and gid mappings a user namespace can
  support from 5 to 340.

  This code was carefully benchmarked and it was confirmed that in the
  existing cases the performance remains the same. In the worst case
  with 340 mappings an cache cold stat times go from 158ns to 248ns.
  That is noticable but still quite small, and only the people who are
  doing crazy things pay the cost.

  This work uncovered some documentation and cleanup opportunities in
  the mapping code, and patches to make those cleanups and improve the
  documentation will be coming in the next merge window"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
  userns: Simplify insert_extent
  userns: Make map_id_down a wrapper for map_id_range_down
  userns: Don't read extents twice in m_start
  userns: Simplify the user and group mapping functions
  userns: Don't special case a count of 0
  userns: bump idmap limits to 340
  userns: use union in {g,u}idmap struct
parents a02cd422 3fda0e73
...@@ -11,15 +11,24 @@ ...@@ -11,15 +11,24 @@
#include <linux/sysctl.h> #include <linux/sysctl.h>
#include <linux/err.h> #include <linux/err.h>
#define UID_GID_MAP_MAX_EXTENTS 5 #define UID_GID_MAP_MAX_BASE_EXTENTS 5
#define UID_GID_MAP_MAX_EXTENTS 340
struct uid_gid_map { /* 64 bytes -- 1 cache line */ struct uid_gid_extent {
u32 nr_extents;
struct uid_gid_extent {
u32 first; u32 first;
u32 lower_first; u32 lower_first;
u32 count; u32 count;
} extent[UID_GID_MAP_MAX_EXTENTS]; };
struct uid_gid_map { /* 64 bytes -- 1 cache line */
u32 nr_extents;
union {
struct uid_gid_extent extent[UID_GID_MAP_MAX_BASE_EXTENTS];
struct {
struct uid_gid_extent *forward;
struct uid_gid_extent *reverse;
};
};
}; };
#define USERNS_SETGROUPS_ALLOWED 1UL #define USERNS_SETGROUPS_ALLOWED 1UL
......
...@@ -26,28 +26,34 @@ ...@@ -26,28 +26,34 @@
struct user_namespace init_user_ns = { struct user_namespace init_user_ns = {
.uid_map = { .uid_map = {
.nr_extents = 1, .nr_extents = 1,
{
.extent[0] = { .extent[0] = {
.first = 0, .first = 0,
.lower_first = 0, .lower_first = 0,
.count = 4294967295U, .count = 4294967295U,
}, },
}, },
},
.gid_map = { .gid_map = {
.nr_extents = 1, .nr_extents = 1,
{
.extent[0] = { .extent[0] = {
.first = 0, .first = 0,
.lower_first = 0, .lower_first = 0,
.count = 4294967295U, .count = 4294967295U,
}, },
}, },
},
.projid_map = { .projid_map = {
.nr_extents = 1, .nr_extents = 1,
{
.extent[0] = { .extent[0] = {
.first = 0, .first = 0,
.lower_first = 0, .lower_first = 0,
.count = 4294967295U, .count = 4294967295U,
}, },
}, },
},
.count = ATOMIC_INIT(3), .count = ATOMIC_INIT(3),
.owner = GLOBAL_ROOT_UID, .owner = GLOBAL_ROOT_UID,
.group = GLOBAL_ROOT_GID, .group = GLOBAL_ROOT_GID,
......
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment