kernel_optimize_test/include/net
Linus Torvalds 14986a34e1 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
Pull namespace updates from Eric Biederman:
 "This set of changes is a number of smaller things that have been
  overlooked in other development cycles focused on more fundamental
  change. The devpts changes are small things that were a distraction
  until we managed to kill off DEVPTS_MULTPLE_INSTANCES. There is an
  trivial regression fix to autofs for the unprivileged mount changes
  that went in last cycle. A pair of ioctls has been added by Andrey
  Vagin making it is possible to discover the relationships between
  namespaces when referring to them through file descriptors.

  The big user visible change is starting to add simple resource limits
  to catch programs that misbehave. With namespaces in general and user
  namespaces in particular allowing users to use more kinds of
  resources, it has become important to have something to limit errant
  programs. Because the purpose of these limits is to catch errant
  programs the code needs to be inexpensive to use as it always on, and
  the default limits need to be high enough that well behaved programs
  on well behaved systems don't encounter them.

  To this end, after some review I have implemented per user per user
  namespace limits, and use them to limit the number of namespaces. The
  limits being per user mean that one user can not exhause the limits of
  another user. The limits being per user namespace allow contexts where
  the limit is 0 and security conscious folks can remove from their
  threat anlysis the code used to manage namespaces (as they have
  historically done as it root only). At the same time the limits being
  per user namespace allow other parts of the system to use namespaces.

  Namespaces are increasingly being used in application sand boxing
  scenarios so an all or nothing disable for the entire system for the
  security conscious folks makes increasing use of these sandboxes
  impossible.

  There is also added a limit on the maximum number of mounts present in
  a single mount namespace. It is nontrivial to guess what a reasonable
  system wide limit on the number of mount structure in the kernel would
  be, especially as it various based on how a system is using
  containers. A limit on the number of mounts in a mount namespace
  however is much easier to understand and set. In most cases in
  practice only about 1000 mounts are used. Given that some autofs
  scenarious have the potential to be 30,000 to 50,000 mounts I have set
  the default limit for the number of mounts at 100,000 which is well
  above every known set of users but low enough that the mount hash
  tables don't degrade unreaonsably.

  These limits are a start. I expect this estabilishes a pattern that
  other limits for resources that namespaces use will follow. There has
  been interest in making inotify event limits per user per user
  namespace as well as interest expressed in making details about what
  is going on in the kernel more visible"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: (28 commits)
  autofs:  Fix automounts by using current_real_cred()->uid
  mnt: Add a per mount namespace limit on the number of mounts
  netns: move {inc,dec}_net_namespaces into #ifdef
  nsfs: Simplify __ns_get_path
  tools/testing: add a test to check nsfs ioctl-s
  nsfs: add ioctl to get a parent namespace
  nsfs: add ioctl to get an owning user namespace for ns file descriptor
  kernel: add a helper to get an owning user namespace for a namespace
  devpts: Change the owner of /dev/pts/ptmx to the mounter of /dev/pts
  devpts: Remove sync_filesystems
  devpts: Make devpts_kill_sb safe if fsi is NULL
  devpts: Simplify devpts_mount by using mount_nodev
  devpts: Move the creation of /dev/pts/ptmx into fill_super
  devpts: Move parse_mount_options into fill_super
  userns: When the per user per user namespace limit is reached return ENOSPC
  userns; Document per user per user namespace limits.
  mntns: Add a limit on the number of mount namespaces.
  netns: Add a limit on the number of net namespaces
  cgroupns: Add a limit on the number of cgroup namespaces
  ipcns: Add a  limit on the number of ipc namespaces
  ...
2016-10-06 09:52:23 -07:00
..
9p
bluetooth Bluetooth: Add support for appearance in scan rsp 2016-09-19 20:19:34 +02:00
caif
irda
iucv
netfilter netfilter: merge fixup for "nf_tables_netdev: remove redundant ip_hdr assignment" 2016-10-05 20:25:48 -04:00
netns Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2016-09-25 23:34:19 +02:00
nfc NFC: digital: Add support for NFC DEP Response Waiting Time 2016-07-11 02:01:14 +02:00
phonet
sctp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-10-02 22:20:41 -04:00
tc_act net_sched: act_vlan: add helper inlines to access tcf_vlan info 2016-09-23 07:22:11 -04:00
6lowpan.h 6lowpan: add 802.15.4 short addr slaac 2016-06-15 20:41:22 -07:00
act_api.h net_sched: convert tcf_exts from list to pointer array 2016-08-17 19:27:51 -04:00
addrconf.h ipv6 addrconf: implement RFC7559 router solicitation backoff 2016-09-30 01:54:28 -04:00
af_ieee802154.h
af_rxrpc.h rxrpc: Rewrite the data and ack handling code 2016-09-08 11:10:12 +01:00
af_unix.h af_unix: split 'u->readlock' into two: 'iolock' and 'bindlock' 2016-09-04 13:29:29 -07:00
af_vsock.h VSOCK: Introduce virtio_vsock_common.ko 2016-08-02 02:57:29 +03:00
ah.h
arp.h
atmclip.h
ax25.h
ax88796.h
bond_3ad.h
bond_alb.h
bond_options.h
bonding.h bonding: prevent out of bound accesses 2016-07-01 06:06:09 -04:00
busy_poll.h
calipso.h calipso: Add a label cache. 2016-06-27 15:06:17 -04:00
cfg80211-wext.h
cfg80211.h cfg80211: Provide an API to report NAN function termination 2016-09-30 13:21:37 +02:00
cfg802154.h ieee802154: add netns support 2016-07-08 12:20:57 +02:00
checksum.h
cipso_ipv4.h
cls_cgroup.h
codel_impl.h codel: split into multiple files 2016-04-25 16:44:27 -04:00
codel_qdisc.h net_sched: fq_codel: cache skb->truesize into skb->cb 2016-06-25 12:19:35 -04:00
codel.h codel: split into multiple files 2016-04-25 16:44:27 -04:00
compat.h packet: compat support for sock_fprog 2016-06-09 23:41:03 -07:00
datalink.h
dcbevent.h
dcbnl.h
devlink.h devlink: remove unused priv_size 2016-08-26 11:55:18 -07:00
dn_dev.h
dn_fib.h
dn_neigh.h
dn_nsp.h
dn_route.h
dn.h
dsa.h net: dsa: add port fast ageing 2016-09-23 08:38:50 -04:00
dsfield.h
dst_cache.h
dst_metadata.h net/dst: Utility functions to build dst_metadata without supplying an skb 2016-09-10 20:53:55 -07:00
dst_ops.h
dst.h route: move lwtunnel state to a single place 2016-04-25 16:20:09 -04:00
esp.h
ethoc.h
fib_rules.h net: Add l3mdev rule 2016-06-08 11:36:02 -07:00
firewire.h
flow_dissector.h rps: flow_dissector: Add the const for the parameter of flow_keys_have_l4 2016-09-01 16:51:08 -07:00
flow.h net: flow: Remove FLOWI_FLAG_L3MDEV_SRC flag 2016-09-10 23:12:53 -07:00
flowcache.h
fou.h fou: Add encap ops for IPv6 tunnels 2016-05-20 18:03:16 -04:00
fq_impl.h fq.h: Port memory limit mechanism from fq_codel 2016-09-30 13:29:21 +02:00
fq.h fq.h: Port memory limit mechanism from fq_codel 2016-09-30 13:29:21 +02:00
garp.h
gen_stats.h net: sched: do not acquire qdisc spinlock in qdisc/class stats dump 2016-06-07 16:37:14 -07:00
genetlink.h
geneve.h net: Remove deprecated tunnel specific UDP offload functions 2016-06-17 20:23:32 -07:00
gre.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-08-18 01:17:32 -04:00
gro_cells.h gro_cells: gro_cells_receive now return error code 2016-07-22 00:50:41 -04:00
gtp.h gtp: #define #define _GTP_H_ and not #define _GTP_H 2016-07-25 17:55:43 -07:00
gue.h
hwbm.h
icmp.h net: snmp: kill STATS_BH macros 2016-04-27 22:48:25 -04:00
ieee80211_radiotap.h mac80211: add support for radiotap timestamp field 2016-09-12 11:45:45 +02:00
ieee802154_netdev.h
if_inet6.h ipv6 addrconf: implement RFC7559 router solicitation backoff 2016-09-30 01:54:28 -04:00
ila.h
inet_common.h ip4ip6: Support for GSO/GRO 2016-05-20 18:03:17 -04:00
inet_connection_sock.h tcp: increase ICSK_CA_PRIV_SIZE from 64 bytes to 88 2016-09-21 00:23:01 -04:00
inet_ecn.h ipv6: suppress sparse warnings in IP6_ECN_set_ce() 2016-08-13 15:08:00 -07:00
inet_frag.h
inet_hashtables.h
inet_sock.h ipv6: Allow request socks to contain IPv6 options. 2016-06-27 15:05:28 -04:00
inet_timewait_sock.h
inet6_connection_sock.h
inet6_hashtables.h
inetpeer.h
ip_fib.h switchdev: remove FIB offload infrastructure 2016-09-28 04:48:00 -04:00
ip_tunnels.h ip_tunnel: add collect_md mode to IPIP tunnel 2016-09-17 10:13:07 -04:00
ip_vs.h ipvs: update real-server binding of outgoing connections in SIP-pe 2016-06-06 09:47:25 +09:00
ip.h net:snmp: Introduce generic interfaces for snmp_get_cpu_field{, 64} 2016-09-30 01:50:44 -04:00
ip6_checksum.h
ip6_fib.h
ip6_route.h ipv6: Export p6_route_input_lookup symbol 2016-09-19 01:25:22 -04:00
ip6_tunnel.h ip6_tunnel: add collect_md mode to IPv6 tunnels 2016-09-17 10:13:07 -04:00
ipcomp.h
ipconfig.h
ipv6.h Merge branch 'stable-4.8' of git://git.infradead.org/users/pcmoore/selinux into next 2016-07-07 10:15:34 +10:00
ipx.h
iw_handler.h
kcm.h kcm: Use stream parser 2016-08-17 19:36:23 -04:00
l3mdev.h net: l3mdev: Remove netif_index_is_l3_master 2016-09-17 10:05:05 -04:00
lapb.h
lib80211.h
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h
llc_if.h
llc_pdu.h
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
llc.h
lwtunnel.h net: lwtunnel: Handle fragmentation 2016-08-30 22:27:18 -07:00
mac80211.h mac80211: Move reorder-sensitive TX handlers to after TXQ dequeue 2016-09-30 14:46:57 +02:00
mac802154.h ieee802154: cleanup WARN_ON for fc fetch 2016-07-08 13:23:12 +02:00
mip6.h
mld.h
mpls_iptunnel.h
mpls.h openvswitch: use mpls_hdr 2016-10-03 02:00:22 -04:00
mrp.h
ncsi.h net/ncsi: Introduce ncsi_stop_dev() 2016-10-04 02:11:51 -04:00
ndisc.h 6lowpan: introduce 6lowpan-nd 2016-06-15 20:41:23 -07:00
neighbour.h
net_namespace.h netns: Add a limit on the number of net namespaces 2016-08-08 14:42:04 -05:00
net_ratelimit.h
netevent.h neigh: Send a notification when DELAY_PROBE_TIME changes 2016-07-05 09:06:29 -07:00
netlabel.h netlabel: Implement CALIPSO config functions for SMACK. 2016-06-27 15:06:18 -04:00
netlink.h netlink: kill nla_put_u64() 2016-05-16 13:46:23 -04:00
netprio_cgroup.h
netrom.h
nexthop.h
nl802154.h ieee802154: add netns support 2016-07-08 12:20:57 +02:00
p8022.h
ping.h
pkt_cls.h net/sched: pkt_cls: change tc actions order to be as the user sets 2016-09-28 05:02:44 -04:00
pkt_sched.h net: sched: convert qdisc linked list to hashtable 2016-08-10 17:19:02 -07:00
pptp.h pptp: Refactor the struct and macros of PPTP codes 2016-08-15 10:55:53 -07:00
protocol.h
psnap.h
raw.h
rawv6.h
red.h
regulatory.h
request_sock.h
rose.h
route.h net: ipv4: Remove l3mdev_get_saddr 2016-09-10 23:12:53 -07:00
rtnetlink.h net: rtnetlink: add support for the IFLA_STATS_LINK_XSTATS_SLAVE attribute 2016-06-30 06:15:04 -04:00
sch_generic.h sched: add and use qdisc_skb_head helpers 2016-09-19 01:47:18 -04:00
scm.h
secure_seq.h
slhc_vj.h
snmp.h net: snmp: fix 64bit stats on 32bit arches 2016-04-28 11:49:45 -04:00
sock_reuseport.h
sock.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-09-23 06:46:57 -04:00
Space.h
stp.h
strparser.h kcm: Remove TCP specific references from kcm and strparser 2016-08-28 23:32:41 -04:00
switchdev.h switchdev: remove FIB offload infrastructure 2016-09-28 04:48:00 -04:00
tcp_states.h
tcp.h tcp: new CC hook to set sending rate with rate_sample in any CA state 2016-09-21 00:23:01 -04:00
timewait_sock.h
transp_v6.h ipv6: add new struct ipcm6_cookie 2016-05-03 16:08:14 -04:00
tso.h
udp_tunnel.h vxlan: Add new UDP encapsulation offload type for VXLAN-GPE 2016-06-17 20:23:32 -07:00
udp.h net: diag: support SOCK_DESTROY for UDP sockets 2016-08-23 23:12:27 -07:00
udplite.h
vsock_addr.h
vxlan.h net/ip_tunnels: Introduce tunnel_id_to_key32() and key32_to_tunnel_id() 2016-09-10 20:53:55 -07:00
wext.h
wimax.h
x25.h
x25device.h
xfrm.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-09-23 06:46:57 -04:00