On Mon, Apr 06, 2020 at 06:13:42PM +0100, Dmitry Safonov via Containers wrote:
> Introduce missing time namespaces limit per-userns.
> Michael noticed that userns limit for number of time namespaces is
> missing.
>
> Furthermore, time namespace introduced UCOUNT_TIME_NAMESPACES, but
> didn't introduce an array member in user_table[]. It would make array's
> initialisation OOB write, but by luck the user_table array has
> an excessive empty member (all accesses to the array are limited with
> UCOUNT_COUNTS - so it silently reuses the last free member.
>
> Fixes user-visible regression: max_inotify_instances by reason of the
> missing UCOUNT_ENTRY() has limited max number of namespaces instead of
> the number of inotify instances.
>
> Fixes: 769071ac9f20 ("ns: Introduce Time Namespace")
> Cc: Adrian Reber <adrian@xxxxxxxx>
> Cc: Andrey Vagin <avagin@xxxxxxxxxx>
> Cc: Christian Brauner <christian.brauner@xxxxxxxxxx>
> Cc: Eric W. Biederman <ebiederm@xxxxxxxxxxxx>
> Cc: Ingo Molnar <mingo@xxxxxxxxxx>
> Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
> Cc: Vincenzo Frascino <vincenzo.frascino@xxxxxxx>
> Cc: Containers <containers@xxxxxxxxxxxxxxxxxxxxxxxxxx>
> Cc: Linux API <linux-api@xxxxxxxxxxxxxxx>
> Cc: stable@xxxxxxxxxx # v5.6+
> Reported-by: Michael Kerrisk (man-pages) <mtk.manpages@xxxxxxxxx>
> Signed-off-by: Dmitry Safonov <dima@xxxxxxxxxx>
Acked-by: Christian Brauner <christian.brauner@xxxxxxxxxx>
