Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754048AbdDZQoJ (ORCPT ); Wed, 26 Apr 2017 12:44:09 -0400 Received: from mail-eopbgr20092.outbound.protection.outlook.com ([40.107.2.92]:43352 "EHLO EUR02-VE1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S932366AbdDZQnj (ORCPT ); Wed, 26 Apr 2017 12:43:39 -0400 Authentication-Results: chromium.org; dkim=none (message not signed) header.d=none;chromium.org; dmarc=none action=none header.from=virtuozzo.com; Subject: Re: [PATCH 2/2] pid_ns: Introduce ioctl to set vector of ns_last_pid's on ns hierarhy To: "Eric W. Biederman" References: <149245014695.17600.12640895883798122726.stgit@localhost.localdomain> <149245057248.17600.1341652606136269734.stgit@localhost.localdomain> <20170426155352.GA12131@redhat.com> <785e1986-da03-72aa-06c0-234ed2dbc0fd@virtuozzo.com> <005f52d9-efbe-9eaa-7f36-19945c8b06c3@virtuozzo.com> <87h91bcep5.fsf@xmission.com> CC: Oleg Nesterov , , , , , , , , , , , , , , From: Kirill Tkhai Message-ID: Date: Wed, 26 Apr 2017 19:43:33 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <87h91bcep5.fsf@xmission.com> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [195.214.232.6] X-ClientProxiedBy: DB5PR03CA0019.eurprd03.prod.outlook.com (10.162.150.29) To DB6PR0802MB2280.eurprd08.prod.outlook.com (10.172.228.8) X-MS-Office365-Filtering-Correlation-Id: ad9bba55-87c7-49ce-362d-08d48cc361df X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(201703131423075)(201703031133081);SRVR:DB6PR0802MB2280; X-Microsoft-Exchange-Diagnostics: 1;DB6PR0802MB2280;3:WnCgNPX9HzHGiKPbccKrlesO9sejOPalQx9Su9GxT9soAx/W/zX7tKdeekGQygxAeD1OE4T0NI/aAcnoI4y7Wu5iSfj0FANVQyVRwBzwd8jzjMkyzgTXmSolwXAObxNOaIFi81cgylvKgbcoZH5UAi78bZZRWlnoAANi5pYwYcCg+rPuEhxqYS9gv8x/kdU6QdyLhOps9u0oBi7Oc6QLZQKbSQWNUwNrfTGZsxonpQuH3j0d+84OquY32iFlwvicnkg4/o/lzrI308Uw2VUlvvn/mXmM7pWHz1+kKWt0XVrMTUgv33qWhySdH/lu9YYJGQCgGGjVNDw73qMdUGnftQ==;25:0LFYtaRrvl19rdxmxY2kAEvj8sCnP5R2nQ9so6woHpBVZCWixZVOnU8ynFZw/LGJKHXBZbe5nQ7EZ0h17oEmiGt2CscwhynCZ+IGqIr3k4VIsX+8DY2CzSDRBZ7EVrtlKAHeWv7VMGSrrqqrYgXe8YZQTI7HpeWTR4Nd97h7X2JXfCXVeCmNYBb31OR5L2GB8M2wcyQpiISsN0YywhARAbwGnNoyc/idaLQzE5Iew49J/j2kr0n2VhInlGRpbFopD/x2DhxgX7MEZqmJLPZ594ki4oX9tbx/nKoqbX/DyBxkDofkNrGCFJyxFt9NC8pOlfCpuqQAQo3uRPJBC1UN7ePf7j6wcHgnZ/MJNP9u5S6sBbFc57cathk35nUGAR14jkXAmoQbVXhB6aDm+jAgiRaFaXzk9PTgOXpu4DLVqowTJgRouepIT6jTg4OJCFMlGd5WbPz8YU9+MUaR8RGfsg== X-Microsoft-Exchange-Diagnostics: 1;DB6PR0802MB2280;31:RJQJ87pBJPSEHSdnb7u4D9MGl3ULmJeGEVDfJqx7Hrlv9dYJLB3HDBRrIWB37XS7MeA+dugRU254HvV5D1rpramq0+Uc+HKOP57HRdcVnMNF7NN4Ez8kbohWk9BUBs9tJ0sK1Wf1BJ+BpmpqRzyGcqVy1SJB3+Z7NRM/XXuKWBZKGnuTHj/6DCz9kRzsWawQrtNR30H0oYiP/qJkvUMm78WU8UY6Ukj1GW5HOVF/gOx8aOpWCzvWE69P/bokmusH;20:QXrjKYm/EFELt8eH3kuIgqTIzO9UPljPHSGFUAU0FfMEp99ST3Yvf3gC+vMqsvN2C95d+RfOs2XVQ0TqVQfl9iH5DOrj/0CVbW4B6kM4LO3rys8MpLuJjSYE9CGQeCeIQJQTfbamAGfNvUoNnN6yz6qOM2V/riyU3P5qe5bc81SSi5ywe9PfbMlomy92tTIllMyk/OA36bcas0ml3M0IfMyp2SJ0BBA6X5lPYYeCdCpiuIcHiX3zsryM6viLaU91ug0bNh9j8vh9SSuUrzqtoP6MCUSN5cUPpzJMbzRZTHu4aFX7JAahcu8+0kc5VO6OKqRn1FtMjsfY0+Z8VVd0191HYubjSJOl8ADiTo8MaPp30jxY0W6O7sWaG6q7Kxpp81esJKJSam5o4LDKHAv2nktN2iaAeMmLgUn/tVdehNw= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(84791874153150); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040450)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(93006095)(93001095)(6041248)(20161123564025)(20161123560025)(20161123562025)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(6072148);SRVR:DB6PR0802MB2280;BCL:0;PCL:0;RULEID:;SRVR:DB6PR0802MB2280; X-Microsoft-Exchange-Diagnostics: 1;DB6PR0802MB2280;4:WPAEb++ZBmsWcHVgfUUCqX85vTtqbmjXJUH1gqnt3OKWCda9oO6yYSdea1w/GH6i7GtSVvu0vTD2fKAPJGUwXZdMjcJS/4gfEn+5nG42pukBQPsdatS9UQ8vLiiwkriG91a6ty7UEpjTW97/fWmtFVqp34d8ORAdX2rfVll5rYz8BmHK1i9rw1tsyMC/cbJKmoZ/i5p7KqtN5XoR0v9rxnFKKp4UQp5j6pgudwuuDI5MZq/Y4477F61HiNFGArTmI3qguT7qQiRYGF3GEtqdaXVimqttQ+gCIwncpaCMlTEdrPUzfIwTMwrv7TIx/FssyXjDjSRjEZZYo7tn15jDu8qT7ZcCfqHT3ixGPyX9HO8SThzPguogzLdg9q1qPJFgR9oEWCFyZROl7vJTKpFtL2ol8tv6eQhREXja/jLj4zt5+J9RyRWAag4O1zYqRJfCM5fEL+lVvry2xieK3PFedcQV4WsL7jWkgF/6GsZuxQsLImQ3G0TAfR6dTWc6KgbAiu2B1jsa1axVyJYWU678mJkkgMtxCb2TxAK68int+qXNfQ6RfrmEnOdc64vV1OV41D02nTnHd6WrPHW3x/TltRt5BWj9gCsmdoWStYGpflPbBsNCAKOnHU1sIWz6pYx7lxzNn37AzHJvI7v3qI2c29w+RXSTOd2N+1hKK/YUMJroC35GCss87xX7PjQX8wu0BMZGajbbUAlHXGSMdV08naEmV8QjmpU07OP+Cr+HD397Uu8DFQqGgMf7NDWBu7kWUZSw9b8yhVbBMc/CvBFr4g== X-Forefront-PRVS: 0289B6431E X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(4630300001)(6009001)(6049001)(39400400002)(39840400002)(39410400002)(39450400003)(24454002)(305945005)(7736002)(31686004)(42186005)(50466002)(64126003)(189998001)(2950100002)(36756003)(6916009)(4326008)(53546009)(38730400002)(65826007)(83506001)(31696002)(90366009)(25786009)(86362001)(110136004)(6306002)(53936002)(6246003)(6486002)(77096006)(54906002)(33646002)(8676002)(23676002)(54356999)(76176999)(2906002)(229853002)(81166006)(93886004)(230700001)(50986999)(65956001)(66066001)(4001350100001)(3846002)(47776003)(65806001)(6116002);DIR:OUT;SFP:1102;SCL:1;SRVR:DB6PR0802MB2280;H:[172.16.25.137];FPR:;SPF:None;MLV:sfv;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtEQjZQUjA4MDJNQjIyODA7MjM6aERUdEd5b1RiazVSeEg0aVlLTzRyeHp0?= =?utf-8?B?dDhoRVYzZ1J6MmRFNDBnNm5rQ3VUR3luSnFiNTdiRkdrUXpXeEw2eW94bHlO?= =?utf-8?B?S0dBWm5aOTY3MWhtakt0SFN2Qno1b01XbkJxaGdUTGJCTnpGTHNlWnhmVGNw?= =?utf-8?B?K0JIemY4UEhRK2pPTE1Ic3JyZ2VZcDM0d0doZm80WnR1b2VRTHFld1RSSG9X?= =?utf-8?B?bjVtZzRsRVRDWG50UnREYlh5ZTFnMWM0WExjZ1hNOVJjZWxaa3UyK2lGMjZz?= =?utf-8?B?ZkpHMWtRRUx2ZXplTGZZMW84cm1JSmIvU2ZtUGZYZ2RTM3cxTmxSRlBSdDlP?= =?utf-8?B?VzB5SW9oS0FZWFlCV0ZCdlVBVHY3Wm1uVFJ0ZFBkL2VjUFN0ejdQZGlxdU9s?= =?utf-8?B?ZmZRSTNESVI5bDR4TzFSK2srakEzdUttMDBUK1RGRU1FcXA0cmJUeVlLUkIz?= =?utf-8?B?YmJVRlJuVjZtOE5EVkNkVkkzeThKejNHL3lVeThFaUZyczcvZTdCUWVLN0ZN?= =?utf-8?B?Q1R4NWI4bUpHdmZWT3RaemRyUmhkcFFBQzdiUFN5Qk9MK0Q3Z1JBYmhYUVhk?= =?utf-8?B?QVJEckwranhBL0p5d3F6bGNFWGY1MS9qczNIRXJET3F6Sy9TQUlwdWJwOUtO?= =?utf-8?B?TTd6Z2xMTVMrTWFpMWZ6YngySkp1UGxrdFZKMEk3TzNBSzRHVUJDTTVlUkdS?= =?utf-8?B?bU8xdHhpRVZvUllsS0EvY3U3NlR2YU1hSUlwQmcxMExBLzhPTTlRS0o4SlRu?= =?utf-8?B?eG1MZzBKbmpNN0tDNHRJR2ZqeVpZWHQxRHlTZzVJYmxuaVNEa2ViQ29oZHNQ?= =?utf-8?B?Y2dPa3lWZjRld2YyS0dTNjd0R3ZGRGxydHNIQjVGYXFhclBIVjFQQUljQ05L?= =?utf-8?B?NWFSRjNxUG1DcEpTNXQ4UmpKZm9mT2FnYXljdHFiUHcxT0Y1ODVGTFE0S2RK?= =?utf-8?B?K2t1RHJIaCtEeHQwa1JnTmsva1cxeG5kM25Dam8xRkVUQlRMNnhiMS9mYkp3?= =?utf-8?B?QW9KNFRSTmNxZTZVRnl6UWRTckZmR3JyWnJmQ3hzOUNCcXQ5ZVFHRHVLRWhm?= =?utf-8?B?WW5oSmVIcWU2aHk0d0ZZR21KS2ZSY1E1OXpJL2tWaEtNLzZZdjRUaFVVcVoy?= =?utf-8?B?WTBVMkE3Vjcwc2xiODVoWXVwMnBGS29lSU55TEZWZ1FEY2M0enFzSUFjTXVx?= =?utf-8?B?OG5oOU1tWGt0RnNhN1NqQVFidEFWYzBTVXdydk1ENDI0WlhPS1dxOURMbnJp?= =?utf-8?B?SUQzL2dqVlUzV0k2ZkdPY2hhWjZtbzdWMkgxa2NwSHJKYlNZQm9TN3ByZldT?= =?utf-8?B?Uk0rZUdOY1YvTUdrRGlYVFp1UldFVGszdU5FVy9pZXpzVVo1ZWlhRUZOclBq?= =?utf-8?B?YnhZcm5uQTlhQkNmaGpDUGpDWmliSnhRSkMxem84ckNPcGVQeWJ4NXozcmJS?= =?utf-8?B?L1IvTjYvR3NTdmlDamxKT2lKclFkeHRKUm5FZ1hWRmdIa3IyZ3BvVGxwaGNP?= =?utf-8?B?akR4UFMyMWJKUVM4L0tOZXRkc3BlN1UweHBsUVVQNnN1NlpkTFVpNU1kN2sz?= =?utf-8?B?Y2REenVBbzh5MEkrZ1Z4aE55aFpHN1Y4czdoN1FEdVdlTkN3OWFGZjlnNVpy?= =?utf-8?B?Y2E5V0drbXBkeUYzcXQ1ZU1YRWRiU2kyZFVjRUtjLytmSDJDdGFlUFlEc3hZ?= =?utf-8?Q?D5119DVh1H4v/nRN589lg4Uxs7H/wQ4XFETJ03XfO?= X-Microsoft-Exchange-Diagnostics: 1;DB6PR0802MB2280;6:ELIW81geYcv9qEaqwDdcPC10gEi8UhRzVcjMhZkjfkBxY/AxcU/TY9rAD6E2sgRj/GR6cJp4dZpHVcju6+WAnW3/NHugoDujECwwHH38IHKXzujqCuvd3piKeCittCBSmxfsgNEvJkxIhJG3ojVi0e09XRaEQ5+HmlCQ2m3ioR/L1ZppGgy85zrpD0JODL6wGQngPZETD+uxPOucMKW5LXubS30fCUAq/H2mQIt6oOc4YvD/yVE8z3hNfVqCisyFLtQpFxkKrqmjmgOuu/raiF0cxA2UDIZqR+XyMbetPtT3uAj72xv3eJIM9L4IKRbX4UPFOF5gdxsaP1+bwn39CNiqCrvz1rnibhEbOEZBuNXQMC+UXgULTsmyw7lf2rjD/WbB13pjtgb9n/4OuLOsCHWcvvZz6a9iS6P4F6ZHTDduPDjs69o27/jp9XRzXAywJ3nGrhf8yBA5gXjYtn2gAue1twed3Px+K6G/CSzr/znhgYKZRAVC1HMxCYixhSewLsiOEAzH+imiGyDWdawm9w==;5:LYNQuk3d7IT+WNDQt9DoGVc4tF44REceAJoZHIc6wdQw5TYo/GXdNNCWOz7rXdbLZT6C5Eqh4UhLF5nB0hHi+uKp6ODQ4ItlD+t5YcMJVDEIDl04BFAjqk0WfLQEDqqKYc+YTYjUSX4LlB2dgSb8wZTH1obE5WD0KGaoc1+R/CI=;24:G9v+rl9IC7sym2g6oDJzL/Id13/rYW3mfEYX5JLydvEK6GvObB6Eefb+xmDV+h5cet1ntInMCQbMKlHCNLwonocTUkZE6yfFYLUrLvbfaf4= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;DB6PR0802MB2280;7:4hmX6WtQg1DE0t1HGlGJnrtzqJkGHB7GUN1Ik36Oqf+lkDiem5siN+GYiVttQEbw+qvc4RvK2uiNZoEILKAt87E+fHSS5DFW1cnLCh8hRFe930Cjo2kPDNctxG+5QV0hdc7qJsGppKy+hjyInwmIaGMbb5mz3IXZHTZXQPhr4QYPk2xKg3HVCplTgTfWGOlK5+EJIircOCxBdam0dXK4+ho9+ZgDPwjapCQiMInJTrcn54dhoVmScuuYHEGwfO+hPJky9aAXRXtyqgQA7/7iKETWWXJMllO6iOcySXrrK9ukdIPtGpfvQGuZOpjKAQm5+R4L96cHaRwc6lgROBzf+g==;20:CakwhleRaXwoLYKorPS2Y5IItDYFzK0U2TcI3MnX8OpEYo8xfIZr+G8cg3vd9iw4x2xTz9ksvEVx3MnSa4Ra/jSd/nU1+Tk81v4RuI4PKf6RlWZgxyYSulpJTZZ7jHueNMGcDDwVF1YsrQkiRFPH57VsZACUtpsCIN8YKGWRShE= X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Apr 2017 16:43:34.2632 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0802MB2280 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 3461 Lines: 110 On 26.04.2017 19:32, Eric W. Biederman wrote: > Kirill Tkhai writes: > >> On 26.04.2017 19:11, Kirill Tkhai wrote: >>> On 26.04.2017 18:53, Oleg Nesterov wrote: >>>> On 04/17, Kirill Tkhai wrote: >>>>> >>>>> +struct pidns_ioc_req { >>>>> +/* Set vector of last pids in namespace hierarchy */ >>>>> +#define PIDNS_REQ_SET_LAST_PID_VEC 0x1 >>>>> + unsigned int req; >>>>> + void __user *data; >>>>> + unsigned int data_size; >>>>> + char std_fields[0]; >>>>> +}; >>>> >>>> see below, >>>> >>>>> +static long set_last_pid_vec(struct pid_namespace *pid_ns, >>>>> + struct pidns_ioc_req *req) >>>>> +{ >>>>> + char *str, *p; >>>>> + int ret = 0; >>>>> + pid_t pid; >>>>> + >>>>> + read_lock(&tasklist_lock); >>>>> + if (!pid_ns->child_reaper) >>>>> + ret = -EINVAL; >>>>> + read_unlock(&tasklist_lock); >>>>> + if (ret) >>>>> + return ret; >>>> >>>> why do you need to check ->child_reaper under tasklist_lock? this looks pointless. >>>> >>>> In fact I do not understand how it is possible to hit pid_ns->child_reaper == NULL, >>>> there must be at least one task in this namespace, otherwise you can't open a file >>>> which has f_op == ns_file_operations, no? >>> >>> Sure, it's impossible to pick a pid_ns, if there is no the pid_ns's tasks. I added >>> it under impression of >>> https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=dfda351c729733a401981e8738ce497eaffcaa00 >>> but here it's completely wrong. It will be removed in v2. >>> >>>>> + if (req->data_size >= PAGE_SIZE) >>>>> + return -EINVAL; >>>>> + str = vmalloc(req->data_size + 1); >>>> >>>> then I don't understand why it makes sense to use vmalloc() >>>> >>>>> + if (!str) >>>>> + return -ENOMEM; >>>>> + if (copy_from_user(str, req->data, req->data_size)) { >>>>> + ret = -EFAULT; >>>>> + goto out_vfree; >>>>> + } >>>>> + str[req->data_size] = '\0'; >>>>> + >>>>> + p = str; >>>>> + while (p && *p != '\0') { >>>>> + if (!ns_capable(pid_ns->user_ns, CAP_SYS_ADMIN)) { >>>>> + ret = -EPERM; >>>>> + goto out_vfree; >>>>> + } >>>>> + >>>>> + if (sscanf(p, "%d", &pid) != 1 || pid < 0 || pid > pid_max) { >>>>> + ret = -EINVAL; >>>>> + goto out_vfree; >>>>> + } >>>> >>>> Well, this is ioctl(), do we really want to parse the strings? >>>> >>>> Can't we make >>>> >>>> struct pidns_ioc_req { >>>> ... >>>> int nr_pids; >>>> pid_t pids[0]; >>>> } >>>> >>>> and just use get_user() in a loop? This way we can avoid vmalloc() or anything >>>> else altogether. >>> >>> Since it's a generic structure for different types of the requests, it may be extended >>> in the future. We won't be able to add new fields, if we compose the structure the way >>> you suggested, will we? >> >> Though, we may go this way if just do the fields generic: >> >> struct pidns_ioc_req { >> unsigned int req; >> unsigned int data_size; >> union { >> pid_t pid[0]; >> }; >> }; >> >> Ok, I'll rework the patchset in this way. > > You don't need that. That is what new ioctl numbers are for. > > Interfaces to the kernel don't need to become multiplexors to prepare > for the future when there is already an appropriate multiplexing > interface in place. That is, do you suggest to not introduce NS_SPECIFIC_IO from the first patch, and add PIDNS_REQ_SET_LAST_PID_VEC to the list of generic ns ioctls? ... #define NS_GET_OWNER_UID _IO(NSIO, 0x4) #define PIDNS_REQ_SET_LAST_PID_VEC _IO(NSIO, 0x5)