diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2017-11-16 12:20:15 -0800 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2017-11-16 12:20:15 -0800 |
commit | 758f875848d78148cf9a9cdb3ff1ddf29b234056 (patch) | |
tree | 78d6b1b0a1d82376f9dea8d73c2b900cb5b89679 /include/linux/user_namespace.h | |
parent | a02cd4229e298aadbe8f5cf286edee8058d87116 (diff) | |
parent | 3fda0e737e906ce73220b20c27e7f792d0aac6a8 (diff) |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
Pull user namespace update from Eric Biederman:
"The only change that is production ready this round is the work to
increase the number of uid and gid mappings a user namespace can
support from 5 to 340.
This code was carefully benchmarked and it was confirmed that in the
existing cases the performance remains the same. In the worst case
with 340 mappings an cache cold stat times go from 158ns to 248ns.
That is noticable but still quite small, and only the people who are
doing crazy things pay the cost.
This work uncovered some documentation and cleanup opportunities in
the mapping code, and patches to make those cleanups and improve the
documentation will be coming in the next merge window"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
userns: Simplify insert_extent
userns: Make map_id_down a wrapper for map_id_range_down
userns: Don't read extents twice in m_start
userns: Simplify the user and group mapping functions
userns: Don't special case a count of 0
userns: bump idmap limits to 340
userns: use union in {g,u}idmap struct
Diffstat (limited to 'include/linux/user_namespace.h')
-rw-r--r-- | include/linux/user_namespace.h | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h index 3fe714da7f5a..d6b74b91096b 100644 --- a/include/linux/user_namespace.h +++ b/include/linux/user_namespace.h @@ -11,15 +11,24 @@ #include <linux/sysctl.h> #include <linux/err.h> -#define UID_GID_MAP_MAX_EXTENTS 5 +#define UID_GID_MAP_MAX_BASE_EXTENTS 5 +#define UID_GID_MAP_MAX_EXTENTS 340 -struct uid_gid_map { /* 64 bytes -- 1 cache line */ +struct uid_gid_extent { + u32 first; + u32 lower_first; + u32 count; +}; + +struct uid_gid_map { /* 64 bytes -- 1 cache line */ u32 nr_extents; - struct uid_gid_extent { - u32 first; - u32 lower_first; - u32 count; - } extent[UID_GID_MAP_MAX_EXTENTS]; + union { + struct uid_gid_extent extent[UID_GID_MAP_MAX_BASE_EXTENTS]; + struct { + struct uid_gid_extent *forward; + struct uid_gid_extent *reverse; + }; + }; }; #define USERNS_SETGROUPS_ALLOWED 1UL |