[RFC PATCH 6/7] tracing/user_events: Enable setting event limit within namespace

Beau Belgrave <beaub@xxxxxxxxxxxxxxxxxxx> · Thu, 7 Jul 2022 14:58:27 -0700

When granting non-admin users the ability to register and write data to
user events they should have a limit imposed. Using the namespace
options file, operators can change the limit of the events that are
allowed to be created.

There is also a new line in the user_events_status file to let users
know the current limit (and to ask the operator for more if required).

For example, to limit the namespace to only 256 events:
echo user_events_limit=256 > options

>From within the namespace root:
cat user_events_status
...
Limit: 256

Signed-off-by: Beau Belgrave <beaub@xxxxxxxxxxxxxxxxxxx>
---
 kernel/trace/trace_events_user.c | 54 +++++++++++++++++++++++++++++---
 1 file changed, 49 insertions(+), 5 deletions(-)

diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_user.c
index ef11706c310f..b3b6f14099fe 100644
--- a/kernel/trace/trace_events_user.c
+++ b/kernel/trace/trace_events_user.c
@@ -67,6 +67,7 @@ struct user_event_group {
 	DECLARE_BITMAP(page_bitmap, MAX_EVENTS);
 	refcount_t refcnt;
 	int id;
+	int reg_limit;
 };
 
 static DEFINE_HASHTABLE(group_table, 8);
@@ -234,6 +235,9 @@ static struct user_event_group *user_event_group_create(const char *name,
 			goto error;
 	}
 
+	/* Register limit is 1 under max for bitmap logic */
+	group->reg_limit = MAX_EVENTS - 1;
+
 	group->pages = alloc_pages(GFP_KERNEL | __GFP_ZERO, MAX_PAGE_ORDER);
 
 	if (!group->pages)
@@ -1258,8 +1262,7 @@ static int user_event_parse(struct user_event_group *group, char *name,
 			    char *args, char *flags,
 			    struct user_event **newuser)
 {
-	int ret;
-	int index;
+	int ret, index, limit;
 	u32 key;
 	struct user_event *user;
 
@@ -1278,9 +1281,18 @@ static int user_event_parse(struct user_event_group *group, char *name,
 		return 0;
 	}
 
-	index = find_first_zero_bit(group->page_bitmap, MAX_EVENTS);
+	/*
+	 * Bitmap returns actual max when too big:
+	 * We need to add 1 to this limit to ensure proper logic
+	 */
+	limit = group->reg_limit + 1;
+
+	if (limit > MAX_EVENTS)
+		return -E2BIG;
+
+	index = find_first_zero_bit(group->page_bitmap, limit);
 
-	if (index == MAX_EVENTS)
+	if (index == limit)
 		return -EMFILE;
 
 	user = kzalloc(sizeof(*user), GFP_KERNEL);
@@ -1813,6 +1825,7 @@ static int user_seq_show(struct seq_file *m, void *p)
 	seq_printf(m, "Active: %d\n", active);
 	seq_printf(m, "Busy: %d\n", busy);
 	seq_printf(m, "Max: %ld\n", MAX_EVENTS);
+	seq_printf(m, "Limit: %d\n", group->reg_limit);
 
 	return 0;
 }
@@ -1992,13 +2005,44 @@ static int user_event_ns_remove(struct trace_namespace *ns)
 	return ret;
 }
 
+#define NS_EVENT_LIMIT_PREFIX "user_events_limit="
+
 static int user_event_ns_parse(struct trace_namespace *ns, const char *command)
 {
-	return 0;
+	struct user_event_group *group = user_event_group_find(ns->id);
+	int len, value, ret = -ECANCELED;
+
+	if (!group)
+		return -ECANCELED;
+
+	len = str_has_prefix(command, NS_EVENT_LIMIT_PREFIX);
+	if (len && !kstrtouint(command + len, 0, &value)) {
+		if (value <= 0 || value > MAX_EVENTS) {
+			ret = -EINVAL;
+			goto out;
+		}
+
+		group->reg_limit = value;
+		ret = 0;
+		goto out;
+	}
+out:
+	user_event_group_release(group);
+
+	return ret;
 }
 
 static int user_event_ns_show(struct trace_namespace *ns, struct seq_file *m)
 {
+	struct user_event_group *group = user_event_group_find(ns->id);
+
+	if (!group)
+		return 0;
+
+	seq_printf(m, "%s%d\n", NS_EVENT_LIMIT_PREFIX, group->reg_limit);
+
+	user_event_group_release(group);
+
 	return 0;
 }
 
-- 
2.25.1



