Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1423727AbdD1JW7 (ORCPT ); Fri, 28 Apr 2017 05:22:59 -0400 Received: from mail-db5eur01on0098.outbound.protection.outlook.com ([104.47.2.98]:19632 "EHLO EUR01-DB5-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S968736AbdD1JWs (ORCPT ); Fri, 28 Apr 2017 05:22:48 -0400 Authentication-Results: chromium.org; dkim=none (message not signed) header.d=none;chromium.org; dmarc=none action=none header.from=virtuozzo.com; Subject: Re: [PATCH 2/2] pid_ns: Introduce ioctl to set vector of ns_last_pid's on ns hierarhy To: "Eric W. Biederman" References: <149245014695.17600.12640895883798122726.stgit@localhost.localdomain> <149245057248.17600.1341652606136269734.stgit@localhost.localdomain> <20170426155352.GA12131@redhat.com> <785e1986-da03-72aa-06c0-234ed2dbc0fd@virtuozzo.com> <20170427161255.GA19350@redhat.com> <87o9vhztwv.fsf@xmission.com> CC: Oleg Nesterov , , , , , , , , , , , , , , From: Kirill Tkhai Message-ID: <6a357c48-e771-4c63-6172-e2939f63181f@virtuozzo.com> Date: Fri, 28 Apr 2017 12:22:36 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <87o9vhztwv.fsf@xmission.com> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [195.214.232.6] X-ClientProxiedBy: HE1PR09CA0086.eurprd09.prod.outlook.com (10.174.50.158) To AM4PR0802MB2275.eurprd08.prod.outlook.com (10.172.218.8) X-MS-Office365-Filtering-Correlation-Id: 7644ef31-5b10-44bf-abae-08d48e1820e5 X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(201703131423075)(201703031133081);SRVR:AM4PR0802MB2275; X-Microsoft-Exchange-Diagnostics: 1;AM4PR0802MB2275;3:mQnasxsNwxOPa5F2RNivz+lor51gigbxBXdCmy+W6foFetiekhEbPVJdfPBBy+OpqqqcHZ51rq6bx2epBIOBdWetkmiFAgU3xNwoREr5MCN+ilWvNQGGWG073LC0GbXvXSJRaQFgC6mL7QDx9nsvM1hkBSzbe6O0imUQ5JLAyEV+oiwLXPNlQHAPrRZkTsIFn8lyNfrdESaCDqs2pXRS4zxhUgUOMPBaU5sBoiXATuu8EBKOhl4bTE/5M1Op7q/mH59r/Wbyhdx+YwGrIJiOZ5qK1zoDhudMSCAEZG9cwGT9uS4kzerK1WUA/uCDEP29zUYWNjdh4ZaYFeA+qD9WqQ==;25:lvWU/9ZkHHgcl30llLhbPxuRuQKEnFPM0ttoacXaCfpJXFcM9oFS3TTFmv9nZOo0dARjZJvxKk+F/YcrjePli62RUAhY7Psf4/GKed/F+UfrFliIQ9QD0+Ahp+r69LXTvM5upJsl14vxvVeAsxCukrTfsAQAxOZl49jdDpqkLhshnOlnIYtaWfcSvksVXcReo8lvE7AHxJRQJ9Zp9T/baYkKbQyUs7yeTy3y68LTeKVBwRxUlEdMx1MRtMuyElWJB6wxtOe4RML0fkDhGU6ubFOt9njrDKvYSChoI0w2VoMLmxHHQ0ZyU7Ie4hbHhtZDV7vRVv5jhjmgjSf0UL8Kkg/X0bdH7HYSYWZsXXZYZGDAMhDHqLCkA7dG2VXklHsCQ70KCpRWN5BTKeNy+YbXGwekq8BWF+yO/rH3TjFzQ8n5pMxw2mYGQtI/VMQgDcXhpbWCFpVIG1ncp5xfDAvbuA== X-Microsoft-Exchange-Diagnostics: 1;AM4PR0802MB2275;31:hVkAjrRlmERDD7CIs7FGSQfH3CrYJOG/InwruSdx7xGGL3DJxJbSgS1viJ57OtD86eR0kjUy9rbqXxa5SSuDYphpFiBvOW7jpi6g63RlBAoTF5IzIUbCaqZcbbTqgk5UbbaZIZnGu0Y6VdIuvWg+4amAgim0u0XdqhJCnppVwE9ovr403QyhlRa+jZaTD554uuna1s7w9ZTmv1ulldtmHXe8MmADRJUb9hLWOCKdmTHqB5O8FFD72b4fddtCgzu6;20:aX6DGBVCU42p9Ie+BTO3hqwps6wGPFFvW9VZ0UmaiVYUn9ZPggKgjxEm29fOgmvun+o52+tzH1GbnAojmf/PrMnZtjSoNluewItS1qcAfXQDk7opMYgDY2fAv8yBxK+r+ICYvx59ITXaEcraPgu3zWYmpqzOE/a0EGcAjoIwtL4qF3mZFZzNsJDVE6kS9AlgMNRFb83Ilgj64Lr6ZZrb/6rN4CFBZQh4MOQ019Z2bYzv5IfgdNDX8Nv3GoQSPfaE3pbKvFNzT08wtWmM8aXhwIGO/2Z0tpCDRxnZxWP3E4kxebnTAH1W4YUi06iQHdCDUgGous5lmO746bC3jzBkk3WQeag/ODAnMMdFjSp2ULl0VbbZN2LfWjdK6qd2t/OeXklGgAv1sT7BzrGci40nj5xTVnTUtkCTFfHA/N0Ryxs= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(84791874153150); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040450)(601004)(2401047)(5005006)(8121501046)(10201501046)(93006095)(93001095)(3002001)(6041248)(20161123562025)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(20161123564025)(20161123560025)(6072148);SRVR:AM4PR0802MB2275;BCL:0;PCL:0;RULEID:;SRVR:AM4PR0802MB2275; X-Microsoft-Exchange-Diagnostics: 1;AM4PR0802MB2275;4:mLq6b1QkloCa1kPeMCN/HHOc8cPG28wI1ECrdkujB/7Oumy4PsuoXlmb4JdrABoGJKwdRqJ2kaKNZQ3+LVDmnYxM86B2oFkLa34Wsn0ULyOow0NIpPg5CnDfQwhhwiDSAGWtQK1f2/cRROa+9PAz1Gn9jmxvbDPeHXWNKwrLyF8FF7ymdzfsZ+LCcZ74Kgog26nw3j9VOGtEhoRL5IJ+v5WzQzVWqrGZyYVC/YZj767uGYQpgwpQYnRT6TbMauGCplxgq5Jtq8J0G0aRmhZ38h5OQudisVu+Sg1a+r5YdAthkRrV0a135uVgAoV1s5Afpt8OpBH0I9tFPLJvwIc4OVEbdN+46sDZb2iqPr9KlOMU7dByauf/e0apwpP8aN4Gvdpk4bJfF/LoDImLaBUrVc0h8JR6cgzeRg5GPEM+hRY8o5pHeLpYaTK1doyWQ3128oJe0OuHLRXQ3k1JvYV4x5Ms5RPPKOMfr8cLzJoKhxLuwrxfkhDfmiLKZFOunzML33CaYi/1MABKZkmPq8PLB7hu8g9TGFaUAwm5dyHY5+DMbD78iG8p2gNsGXZ881UpsAzxPeqrooxQKpAqiH5VpwyNZ+xGsg0zKz8XWlWvUfwupQwbulUya/bIG1vggfVM5SWvnfvGcx0r5wIah8hy7ncAvXb8qVN0FAweYe7FqVDk0eGAVDlwzOxO1QIAQO7BycaX5X5KZct5nhs2t12pif4Qc8bAql6EpZQiSk6KxF9czsBVMQcbMZHBym5WvhmbP89WG4BDJbeHrC+Fv+DKew== X-Forefront-PRVS: 029174C036 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(4630300001)(6049001)(6009001)(39450400003)(39400400002)(39840400002)(39410400002)(24454002)(230700001)(2906002)(86362001)(6246003)(31696002)(36756003)(83506001)(50466002)(4001350100001)(81166006)(8676002)(189998001)(42186005)(50986999)(53546009)(6666003)(110136004)(76176999)(54356999)(5660300001)(23676002)(2950100002)(4326008)(47776003)(6306002)(6916009)(65956001)(229853002)(53936002)(65826007)(77096006)(25786009)(305945005)(6486002)(3846002)(90366009)(54906002)(38730400002)(66066001)(7736002)(33646002)(6116002)(93886004);DIR:OUT;SFP:1102;SCL:1;SRVR:AM4PR0802MB2275;H:[172.16.25.137];FPR:;SPF:None;MLV:sfv;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtBTTRQUjA4MDJNQjIyNzU7MjM6amQzZGhuYWtNZ1Uza0pqNER3ckxveDZl?= =?utf-8?B?R1FrV01vZzV3TTJjTlAxSDRxRHNwbG1wRUQvcVFTVWc2b3FLdlBJNG85b1du?= =?utf-8?B?UlQzaVNoc01OUFFROE9QdzRBaC9Sa2Q2em5xWm55TTJMY0E1QkdjU1Z6VkRH?= =?utf-8?B?WVU1VVR5RDNVME9vbFp6UWwwMWZiQmpIRlVCTzhid1FsUjU0MkUzTXE0NCtF?= =?utf-8?B?MGVxUkNvdDdacjhXUUNBQVBOV3ZRNGVZMEFFWlhyRGRrTmo1bEZONURKdkFx?= =?utf-8?B?RVhZSjJTcTNhc2dZbzFXb3JHM3Z5eGtJK2lpSksrSHRBNWFjVE0xVWlnQ0NK?= =?utf-8?B?WTkvKzE0MGc1RW9xc3JEWUFKd0N1N1FicjNqOHd2dTNuQ0lZeVplN1FGVjRL?= =?utf-8?B?a1ZKZ0gwQ0pieTJ0SFBBTjZIc2kwMUtRekF4Ync5UG1nLzRXdXIranJHdGJj?= =?utf-8?B?R1FzZEk0ZDNlNWNMclB6K2xyUkxtTHlIWjB2MXM4SUgybENibllVZkt0aERv?= =?utf-8?B?WnZlTWNxbnYxT01IQU9JdnpxYW1MUCtIWnpDbUlndFN0UmVYR0NIQTkzdS9k?= =?utf-8?B?WERyeVV2VUM4VlFnNUtsUzM0eWgyUEdid3kzZGprMkFmamFZOFBUOG5TQnRR?= =?utf-8?B?bmYwT0szbzNVck5CNDZleG9oUjBVdWpaZ24xbHpudHlPMk9SeU1HOGFtZU43?= =?utf-8?B?RjNEMlcxcUVMTElGSDcwcEJaSG91ZTFmaG43a3hFejlTYzJKRmk3TDUxYU5D?= =?utf-8?B?ME01Yno0QjlUYmltTng1N2twRjNHSFd1bG80VTZKbVRaMmNyR2U1dm9XSVgw?= =?utf-8?B?NklldzY0SFljdlg5U1NSYUVkcEZhcXF1K2ZxVENSTmdEL0ZXQ3hnWUxDYm5I?= =?utf-8?B?SVBsWnlhSWdURGwvL1RMaWg5WVpGTHU4TkE2QkZGYXkxQU4zTzM0TmVYMGNI?= =?utf-8?B?eGcxcWx5VHhzOXNKclNZNSt0a0thdnpBZmhRY3pjYnBqUkcvVGxUQklWNzJl?= =?utf-8?B?VVdDR1A2UUhaVC9obDdTejlJWXRzRGVrbWJpZHZZQlRqV0ZYbzlXTC9ScTMw?= =?utf-8?B?MlhGSnBITjVoYUh5VXN0RGtIK2REUHpzbGZNT0s0NnZ4V3VkZXpVNEVVbUZt?= =?utf-8?B?UEZ1akhxeDk0OHcxSUxGVkNYTktEYVA2bGJkMnJOeE05OHZ3VXBoQkRjdXVM?= =?utf-8?B?anBlRTc2YkNUa0N4YllBVGlxRTJ0Q0hrU0NnZCs2cnlRcmVOQndxbkg5elpT?= =?utf-8?B?SHI0eENseFBLL0lhamE2WURPUjZiRlgyN25Ca2hOazVSQ1dmYmplTStGVDNI?= =?utf-8?B?RGxSbmdUVHpOend4T09uZEdRNm9LZkJFZzZCbVc5WkJDN3JlMmUxOXZYNHoy?= =?utf-8?B?Q3grQm53MkRRcVFjSWhuMTdBTFhOeFZaMUZWMjNBUjFDQ2J2QUFkTnhmekFk?= =?utf-8?B?bDgwcmhBVHJFMHNqUmtydUtBSDZXWmdxZjh2OHArU29rV0NyWS9mSWRLQUFo?= =?utf-8?B?RlFnd0h5a2QxRmw4WG01M0RSb1JTamgvTERpTTJqbm1TcGtXTkZ6enZmK0h5?= =?utf-8?B?YzZhVGUzc2lSOGRwaUJ4Qm1neXZaaktvMlpqNlZpZlFJWTZibVJUdHlMVUZn?= =?utf-8?B?K2wzdDNvYm5aOVkybzd6c2oreHlzdnMyYmFscDE5MC93aHViRTRaNEVTV3Y3?= =?utf-8?Q?yomfepVhp5e1pl97eq+c=3D?= X-Microsoft-Exchange-Diagnostics: 1;AM4PR0802MB2275;6:eraatgtPrVrmny8b95El+f/MjsayZfyJwPd3VqBNESBxZSDBrIt3999zKqUcnVx02iQeo6dvHagFFfTMZEk2J8r1BQ5U++p62rL19BXuxRvW8NAHW4TmngGmzGR+zozgy4zDYsdf2/Vo1j7jaPaLv690+6p62AvloV+qT+8+JxC2JDAhAzExyHELSif4AO+s/P82Q/nBNfLia6rKR03WAlRFsKe4AMW3L6ER3aCxsPsZnvuuqMdscB/fC3JC55aSkhud1FvU+4oszFH4QwVumFHlklg5ktSgO1jN2/ckJT48dVw5l/n/FRDBl0F80BX4aOQ+hKfVebgFdNUKZFZAJTH6re15wjzj6S8pbrx4HPYJOCFIvzf75cVsdSgfOMFnEuoVSd4DgfSfeZKt1nhhN0MqsV9w8ZH4FltDgGbDT0YuNyZl/BwBl8f3FddJaOUF1UY1V25hpd/ef72Ne0cTbD9VfMRy40dwu5VZn6dyAtNAt2Wd+2qrM0VqkiauE8+S9FYPwJClADe0HN6rfR+M1A==;5:d+EtEMlfrvdD4AhkAuRZhsY9uVtqlp161emiQ486r9rBc60HaaGUxL5oaRD/4aRMKj8zjXGRR3Z7Wp7h15f9+6U8ph5z86/Rr+BKCuxJ6t5tjB6EgRZHt9hqmsZZFZjkqpgxr/4QlBALy/0ihq7Hig==;24:VT9JhCsDCiEy1kVR7owAiNpzC93+Dl9/EKnFL0KaV2l1rU7FgC1ksaI99q/tORhycZduaGMSQeD7fkJxu64kdf/Yf1qDnW0FooP6CSlpU+g= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;AM4PR0802MB2275;7:TpMlMXe6gaQjTR+yOr3n/LP2GTQx6TPxFHJOxiYZYdFT11V8aLMDdixDiYIS+bKdmVyvvP42YjjHrjiJYuPaaa/JIS8bB9xztR6v0ZpgBPPijfw7tcwi9UjxD58zTYYVVbtTteyPZeqQMMOt+pIcHYbShwlatTFEtZM4H6/BU09wuzGcZ4Vqo79MWUD27tu9pz75J55fnBQb6sK8P1F3QSPLLaI8IM7aa8vGW2CDULPBTox0O2J5KCCXqbZH2gs1fbjJ8CsFMDm47dMSrDhBK24ngvEftQwQxCjFIVv7rrfBbczZejrDrMHT5o7CpXBSk7oIL7hKL8np/GCst9t8VQ== X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Apr 2017 09:22:39.8682 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0802MB2275 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2743 Lines: 64 On 27.04.2017 19:39, Eric W. Biederman wrote: > Kirill Tkhai writes: > >> On 27.04.2017 19:12, Oleg Nesterov wrote: >>> On 04/26, Kirill Tkhai wrote: >>>> >>>> On 26.04.2017 18:53, Oleg Nesterov wrote: >>>>> >>>>>> +static long set_last_pid_vec(struct pid_namespace *pid_ns, >>>>>> + struct pidns_ioc_req *req) >>>>>> +{ >>>>>> + char *str, *p; >>>>>> + int ret = 0; >>>>>> + pid_t pid; >>>>>> + >>>>>> + read_lock(&tasklist_lock); >>>>>> + if (!pid_ns->child_reaper) >>>>>> + ret = -EINVAL; >>>>>> + read_unlock(&tasklist_lock); >>>>>> + if (ret) >>>>>> + return ret; >>>>> >>>>> why do you need to check ->child_reaper under tasklist_lock? this looks pointless. >>>>> >>>>> In fact I do not understand how it is possible to hit pid_ns->child_reaper == NULL, >>>>> there must be at least one task in this namespace, otherwise you can't open a file >>>>> which has f_op == ns_file_operations, no? >>>> >>>> Sure, it's impossible to pick a pid_ns, if there is no the pid_ns's tasks. I added >>>> it under impression of >>>> https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=dfda351c729733a401981e8738ce497eaffcaa00 >>>> but here it's completely wrong. It will be removed in v2. >>> >>> Hmm. But if I read this commit correctly then we really need to check >>> pid_ns->child_reaper != NULL ? >>> >>> Currently we can't pick an "empty" pid_ns. But after the commit above a task >>> can do sys_unshare(CLONE_NEWPID), another (or the same) task can open its >>> /proc/$pid/ns/pid_for_children and call ns_ioctl() before the 1st alloc_pid() ? >> >> Another task can't open /proc/$pid/ns/pid_for_children before the 1st alloc_pid(), >> because pid_for_children is available to open only after the 1st alloc_pid(). >> So, it's impossible to call ioctl() on it. > > That sounds reasonable. > > There is definitely the chance of the child_reaper dying after we have > joined a pid namespace. So child_reaper can be stale if not NULL. > > As long as we don't mess up the first pid allocation I don't > see any reason why we should care about last_pid in a pid_namespace. > And this ioctl can be used to set all of the other pids on the first > pid allocation by calling it in the parent pid namespace. > > There is still the chance of racing with a pid reaper dying. Why do we > care about child_reaper in this case? > > Changing last_pid is completely pointless if child_reaper is dead or > missing but why would we care? I'm agree with you, there is no a reason we should care about died child_reaper. The protection is already made in pidns_for_children_get(). It's only need to prohibit creation of the first task with pid != 1, which leads to child_reaper-less pid namespace.