On Tue, 7 Apr 2020 at 05:31, Andrei Vagin <avagin@xxxxxxxxx> wrote:
>
> On Mon, Apr 06, 2020 at 06:13:42PM +0100, Dmitry Safonov via Containers wrote:
> > Introduce missing time namespaces limit per-userns.
> > Michael noticed that userns limit for number of time namespaces is
> > missing.
> >
> > Furthermore, time namespace introduced UCOUNT_TIME_NAMESPACES, but
> > didn't introduce an array member in user_table[]. It would make array's
> > initialisation OOB write, but by luck the user_table array has
> > an excessive empty member (all accesses to the array are limited with
> > UCOUNT_COUNTS - so it silently reuses the last free member.
> >
> > Fixes user-visible regression: max_inotify_instances by reason of the
> > missing UCOUNT_ENTRY() has limited max number of namespaces instead of
> > the number of inotify instances.
> >
> > Fixes: 769071ac9f20 ("ns: Introduce Time Namespace")
> > Cc: Adrian Reber <adrian@xxxxxxxx>
> > Cc: Andrey Vagin <avagin@xxxxxxxxxx>
> > Cc: Christian Brauner <christian.brauner@xxxxxxxxxx>
> > Cc: Eric W. Biederman <ebiederm@xxxxxxxxxxxx>
> > Cc: Ingo Molnar <mingo@xxxxxxxxxx>
> > Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
> > Cc: Vincenzo Frascino <vincenzo.frascino@xxxxxxx>
> > Cc: Containers <containers@xxxxxxxxxxxxxxxxxxxxxxxxxx>
> > Cc: Linux API <linux-api@xxxxxxxxxxxxxxx>
> > Cc: stable@xxxxxxxxxx # v5.6+
> > Reported-by: Michael Kerrisk (man-pages) <mtk.manpages@xxxxxxxxx>
>
> Acked-by: Andrei Vagin <avagin@xxxxxxxxx>
Acked-by: Michael Kerrisk <mtk.manpages@xxxxxxxxx>
--
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
