These are a number of patches inspired by ebiederman's container work that were
included by me 2013-08-20 as the patchset:
RFC: steps to make audit pid namespace-safe
They have been seperated out for the pid maintainer since there are no direct
dependencies from the audit pid namespace patchset with the exception of:
pid: get pid_t ppid of task in init_pid_ns
Andrew, are you willing to adopt these?
In particular, there is discussion around read-only task_struct::pid here:
https://lkml.org/lkml/2013/12/16/552
Richard Guy Briggs (7):
pid: change task_struct::pid to read-only
compiler: CONST_CAST makes writing const vars easier and obvious
pid: use the CONST_CAST macro instead to write to const
task_struct::pid
pid: modify task_tgid_nr to work without task->tgid.
pid: rewrite task helper function is_global_init() avoiding task->pid
pid: mark struct task const in helper functions
pid: get pid_t ppid of task in init_pid_ns
arch/x86/kernel/process.c | 2 +-
fs/exec.c | 2 +-
include/linux/compiler.h | 8 ++++++
include/linux/sched.h | 60 +++++++++++++++++++++++++++++---------------
kernel/fork.c | 5 ++-
kernel/pid.c | 4 +-
6 files changed, 54 insertions(+), 27 deletions(-)
On Thu, Jan 23, 2014 at 02:32:33PM -0500, Richard Guy Briggs wrote:
> These are a number of patches inspired by ebiederman's container work that were
> included by me 2013-08-20 as the patchset:
> RFC: steps to make audit pid namespace-safe
>
> They have been seperated out for the pid maintainer since there are no direct
> dependencies from the audit pid namespace patchset with the exception of:
> pid: get pid_t ppid of task in init_pid_ns
>
> Andrew, are you willing to adopt these?
>
> In particular, there is discussion around read-only task_struct::pid here:
> https://lkml.org/lkml/2013/12/16/552
>
I would have ordered them slightly different, but:
Acked-by: Peter Zijlstra <[email protected]>
On 14/01/23, Peter Zijlstra wrote:
> On Thu, Jan 23, 2014 at 02:32:33PM -0500, Richard Guy Briggs wrote:
> > These are a number of patches inspired by ebiederman's container work that were
> > included by me 2013-08-20 as the patchset:
> > RFC: steps to make audit pid namespace-safe
> >
> > They have been seperated out for the pid maintainer since there are no direct
> > dependencies from the audit pid namespace patchset with the exception of:
> > pid: get pid_t ppid of task in init_pid_ns
> >
> > Andrew, are you willing to adopt these?
> >
> > In particular, there is discussion around read-only task_struct::pid here:
> > https://lkml.org/lkml/2013/12/16/552
>
> I would have ordered them slightly different, but:
Can you briefly explain how and why so I can understand for next time?
I originally had the ppid patch first...
> Acked-by: Peter Zijlstra <[email protected]>
- RGB
--
Richard Guy Briggs <[email protected]>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
On Fri, Jan 24, 2014 at 01:14:47AM -0500, Richard Guy Briggs wrote:
> On 14/01/23, Peter Zijlstra wrote:
> > On Thu, Jan 23, 2014 at 02:32:33PM -0500, Richard Guy Briggs wrote:
> > > These are a number of patches inspired by ebiederman's container work that were
> > > included by me 2013-08-20 as the patchset:
> > > RFC: steps to make audit pid namespace-safe
> > >
> > > They have been seperated out for the pid maintainer since there are no direct
> > > dependencies from the audit pid namespace patchset with the exception of:
> > > pid: get pid_t ppid of task in init_pid_ns
> > >
> > > Andrew, are you willing to adopt these?
> > >
> > > In particular, there is discussion around read-only task_struct::pid here:
> > > https://lkml.org/lkml/2013/12/16/552
> >
> > I would have ordered them slightly different, but:
>
> Can you briefly explain how and why so I can understand for next time?
> I originally had the ppid patch first...
Ah, I would have introduced CONST_CAST() earlier, then used it in the
make pid const and then avoided the conversion patch.
On 14/01/24, Peter Zijlstra wrote:
> On Fri, Jan 24, 2014 at 01:14:47AM -0500, Richard Guy Briggs wrote:
> > On 14/01/23, Peter Zijlstra wrote:
> > > On Thu, Jan 23, 2014 at 02:32:33PM -0500, Richard Guy Briggs wrote:
> > > > These are a number of patches inspired by ebiederman's container work that were
> > > > included by me 2013-08-20 as the patchset:
> > > > RFC: steps to make audit pid namespace-safe
> > > >
> > > > They have been seperated out for the pid maintainer since there are no direct
> > > > dependencies from the audit pid namespace patchset with the exception of:
> > > > pid: get pid_t ppid of task in init_pid_ns
> > > >
> > > > Andrew, are you willing to adopt these?
> > > >
> > > > In particular, there is discussion around read-only task_struct::pid here:
> > > > https://lkml.org/lkml/2013/12/16/552
> > >
> > > I would have ordered them slightly different, but:
> >
> > Can you briefly explain how and why so I can understand for next time?
> > I originally had the ppid patch first...
>
> Ah, I would have introduced CONST_CAST() earlier, then used it in the
> make pid const and then avoided the conversion patch.
Ah, fair enough. It does serve to show how much ugliness can be avoided
though...
- RGB
--
Richard Guy Briggs <[email protected]>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
Andrew,
Are you willing to shepherd this patchset?
On 14/01/23, Richard Guy Briggs wrote:
> These are a number of patches inspired by ebiederman's container work that were
> included by me 2013-08-20 as the patchset:
> RFC: steps to make audit pid namespace-safe
>
> They have been seperated out for the pid maintainer since there are no direct
> dependencies from the audit pid namespace patchset with the exception of:
> pid: get pid_t ppid of task in init_pid_ns
>
> Andrew, are you willing to adopt these?
>
> In particular, there is discussion around read-only task_struct::pid here:
> https://lkml.org/lkml/2013/12/16/552
>
> Richard Guy Briggs (7):
> pid: change task_struct::pid to read-only
> compiler: CONST_CAST makes writing const vars easier and obvious
> pid: use the CONST_CAST macro instead to write to const
> task_struct::pid
> pid: modify task_tgid_nr to work without task->tgid.
> pid: rewrite task helper function is_global_init() avoiding task->pid
> pid: mark struct task const in helper functions
> pid: get pid_t ppid of task in init_pid_ns
>
> arch/x86/kernel/process.c | 2 +-
> fs/exec.c | 2 +-
> include/linux/compiler.h | 8 ++++++
> include/linux/sched.h | 60 +++++++++++++++++++++++++++++---------------
> kernel/fork.c | 5 ++-
> kernel/pid.c | 4 +-
> 6 files changed, 54 insertions(+), 27 deletions(-)
>
- RGB
--
Richard Guy Briggs <[email protected]>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
Richard,
I am sorry for delay, I'll try to review this series tomorrow.
But at first glance, can't you send 2/7 first and join 1/7 and 3/7?
And since you change is_global_init() perhaps you can also fix it?
It actually needs tgid.
On 02/19, Richard Guy Briggs wrote:
>
> Andrew,
>
> Are you willing to shepherd this patchset?
>
> On 14/01/23, Richard Guy Briggs wrote:
> > These are a number of patches inspired by ebiederman's container work that were
> > included by me 2013-08-20 as the patchset:
> > RFC: steps to make audit pid namespace-safe
> >
> > They have been seperated out for the pid maintainer since there are no direct
> > dependencies from the audit pid namespace patchset with the exception of:
> > pid: get pid_t ppid of task in init_pid_ns
> >
> > Andrew, are you willing to adopt these?
> >
> > In particular, there is discussion around read-only task_struct::pid here:
> > https://lkml.org/lkml/2013/12/16/552
> >
> > Richard Guy Briggs (7):
> > pid: change task_struct::pid to read-only
> > compiler: CONST_CAST makes writing const vars easier and obvious
> > pid: use the CONST_CAST macro instead to write to const
> > task_struct::pid
> > pid: modify task_tgid_nr to work without task->tgid.
> > pid: rewrite task helper function is_global_init() avoiding task->pid
> > pid: mark struct task const in helper functions
> > pid: get pid_t ppid of task in init_pid_ns
> >
> > arch/x86/kernel/process.c | 2 +-
> > fs/exec.c | 2 +-
> > include/linux/compiler.h | 8 ++++++
> > include/linux/sched.h | 60 +++++++++++++++++++++++++++++---------------
> > kernel/fork.c | 5 ++-
> > kernel/pid.c | 4 +-
> > 6 files changed, 54 insertions(+), 27 deletions(-)
> >
>
> - RGB
>
> --
> Richard Guy Briggs <[email protected]>
> Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
> Remote, Ottawa, Canada
> Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
On 14/02/19, Oleg Nesterov wrote:
> Richard,
Hi Oleg,
> I am sorry for delay, I'll try to review this series tomorrow.
>
> But at first glance, can't you send 2/7 first and join 1/7 and 3/7?
Yes, Peter made the same observation. I thought it was more useful to
have them seperated out, but I'll join them.
> And since you change is_global_init() perhaps you can also fix it?
> It actually needs tgid.
Sure. Can you explain why? We only want init killing off its own
threads?
> On 02/19, Richard Guy Briggs wrote:
> > Andrew,
> >
> > Are you willing to shepherd this patchset?
> >
> > On 14/01/23, Richard Guy Briggs wrote:
> > > These are a number of patches inspired by ebiederman's container work that were
> > > included by me 2013-08-20 as the patchset:
> > > RFC: steps to make audit pid namespace-safe
> > >
> > > They have been seperated out for the pid maintainer since there are no direct
> > > dependencies from the audit pid namespace patchset with the exception of:
> > > pid: get pid_t ppid of task in init_pid_ns
> > >
> > > Andrew, are you willing to adopt these?
> > >
> > > In particular, there is discussion around read-only task_struct::pid here:
> > > https://lkml.org/lkml/2013/12/16/552
> > >
> > > Richard Guy Briggs (7):
> > > pid: change task_struct::pid to read-only
> > > compiler: CONST_CAST makes writing const vars easier and obvious
> > > pid: use the CONST_CAST macro instead to write to const
> > > task_struct::pid
> > > pid: modify task_tgid_nr to work without task->tgid.
> > > pid: rewrite task helper function is_global_init() avoiding task->pid
> > > pid: mark struct task const in helper functions
> > > pid: get pid_t ppid of task in init_pid_ns
> > >
> > > arch/x86/kernel/process.c | 2 +-
> > > fs/exec.c | 2 +-
> > > include/linux/compiler.h | 8 ++++++
> > > include/linux/sched.h | 60 +++++++++++++++++++++++++++++---------------
> > > kernel/fork.c | 5 ++-
> > > kernel/pid.c | 4 +-
> > > 6 files changed, 54 insertions(+), 27 deletions(-)
> >
> > - RGB
- RGB
--
Richard Guy Briggs <[email protected]>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
On 02/19, Richard Guy Briggs wrote:
>
> On 14/02/19, Oleg Nesterov wrote:
> >
> > But at first glance, can't you send 2/7 first and join 1/7 and 3/7?
>
> Yes, Peter made the same observation. I thought it was more useful to
> have them seperated out, but I'll join them.
Yes, thanks, I think it doesn't make sense to uglify the code in 1/7
and then fix it in 2/7.
> > And since you change is_global_init() perhaps you can also fix it?
> > It actually needs tgid.
>
> Sure. Can you explain why? We only want init killing off its own
> threads?
Please see my reply to 5/7.
Oleg.