Received: by 10.213.65.68 with SMTP id h4csp1270458imn; Wed, 14 Mar 2018 15:05:48 -0700 (PDT) X-Google-Smtp-Source: AG47ELujWVomPr0h5GwqW7NDQV73f0cuCIPV8mDU1UdrpyhyebXADVfNmrMXgKgqpX/gFfTMjuiV X-Received: by 2002:a17:902:6bc1:: with SMTP id m1-v6mr443454plt.303.1521065148557; Wed, 14 Mar 2018 15:05:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1521065148; cv=none; d=google.com; s=arc-20160816; b=U/zSlAj3f2zIRVJyARHIbhYz2K02+ifu6fgRzIy2Fty/ydYvWqwtvfv90GBBUQ9evo b4Qc4HCA1DOgKWat3ttcX3FNTvQ04eu10yySqYs7eHkLZN7ImHMd2b389qS+qChw03zH a9iAhccJpR1ce/vBqUfA1gGDyzxVFszVpGftHPczVeWMae8I7jsY4XbxYZrEJLz1B2Yx KiFJqNc562RlbSfmXIvBbZ7WKPUKSNDL48tZedhCq0OmUyONg5g+zG0EftG08MmaD/Q0 Vwtz8kH/qetWgdsLCcn+mSGxsqMa1HoTKbLj7Szc3W25tKnoP769r1LkuusakfjGkkSq +/Ng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:subject:content-transfer-encoding :mime-version:user-agent:message-id:in-reply-to:date:references:cc :to:from:arc-authentication-results; bh=ZyvZHEWgCKnHcsxNjMUe5CQUiqBkzV0Ou4/JTuqoNIo=; b=sqzs5XNq8F94pje4LkW32yHBu8vdQiU+tO4LoGXtjz0Ql/DeedVieeZ0XEaloG69Xj H12GyV5bKgJErocvWYgBpzjc/Fz8MHdr2RNRvkVtikbiyZ6iv2bXFqQYZ49N/rQuEebU q1+OzrlYqHxirVfFlJhh16PtwC1TLSD40WJioQQlGoUwgIwR45ZmOX5Cfamm0jiZxpyw CHPc1MLN6rcXdpELafyFE9YgiQgoHbkBY8Zkyuvp+OySKg7P9GAPKjCe5+7MLZ02xFN3 hKXt1IH2qBFMIbCM1+E858mzglUqVAMl6wigFbsQx2882M8gg3mQs7dU/J7LSUCZJ/Pc yUIQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v10si2427873pgs.164.2018.03.14.15.05.33; Wed, 14 Mar 2018 15:05:48 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751881AbeCNWEd convert rfc822-to-8bit (ORCPT + 99 others); Wed, 14 Mar 2018 18:04:33 -0400 Received: from out03.mta.xmission.com ([166.70.13.233]:46216 "EHLO out03.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751279AbeCNWEb (ORCPT ); Wed, 14 Mar 2018 18:04:31 -0400 Received: from in01.mta.xmission.com ([166.70.13.51]) by out03.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from ) id 1ewEVa-0004uV-3u; Wed, 14 Mar 2018 16:04:30 -0600 Received: from 174-19-85-160.omah.qwest.net ([174.19.85.160] helo=x220.xmission.com) by in01.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from ) id 1ewEVP-0002aO-8r; Wed, 14 Mar 2018 16:04:24 -0600 From: ebiederm@xmission.com (Eric W. Biederman) To: Nagarathnam Muthusamy Cc: linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, khlebnikov@yandex-team.ru, Nagarajan.Muthukrishnan@oracle.com, prakash.sangappa@oracle.com, luto@kernel.org, akpm@linux-foundation.org, oleg@redhat.com, serge.hallyn@ubuntu.com, esyr@redhat.com, jannh@google.com References: <1520875093-18174-1-git-send-email-nagarathnam.muthusamy@oracle.com> <87vadzqqq6.fsf@xmission.com> <990e88fa-ab50-9645-b031-14e1afbf7ccc@oracle.com> Date: Wed, 14 Mar 2018 17:03:30 -0500 In-Reply-To: <990e88fa-ab50-9645-b031-14e1afbf7ccc@oracle.com> (Nagarathnam Muthusamy's message of "Wed, 14 Mar 2018 14:22:51 -0700") Message-ID: <877eqejowd.fsf@xmission.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8BIT X-XM-SPF: eid=1ewEVP-0002aO-8r;;;mid=<877eqejowd.fsf@xmission.com>;;;hst=in01.mta.xmission.com;;;ip=174.19.85.160;;;frm=ebiederm@xmission.com;;;spf=neutral X-XM-AID: U2FsdGVkX1/8FYuILUccqs9OYk7EMAxSH2KOdejhq30= X-SA-Exim-Connect-IP: 174.19.85.160 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on sa06.xmission.com X-Spam-Level: X-Spam-Status: No, score=-0.2 required=8.0 tests=ALL_TRUSTED,BAYES_50, DCC_CHECK_NEGATIVE,TVD_RCVD_IP,T_TM2_M_HEADER_IN_MSG autolearn=disabled version=3.4.1 X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * 0.0 TVD_RCVD_IP Message was received from an IP address * 0.0 T_TM2_M_HEADER_IN_MSG BODY: No description available. * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.4992] * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC * [sa06 1397; Body=1 Fuz1=1 Fuz2=1] X-Spam-DCC: XMission; sa06 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: ;Nagarathnam Muthusamy X-Spam-Relay-Country: X-Spam-Timing: total 274 ms - load_scoreonly_sql: 0.03 (0.0%), signal_user_changed: 2.5 (0.9%), b_tie_ro: 1.76 (0.6%), parse: 0.79 (0.3%), extract_message_metadata: 13 (4.7%), get_uri_detail_list: 1.99 (0.7%), tests_pri_-1000: 3.7 (1.4%), tests_pri_-950: 1.15 (0.4%), tests_pri_-900: 0.98 (0.4%), tests_pri_-400: 22 (8.2%), check_bayes: 21 (7.8%), b_tokenize: 7 (2.7%), b_tok_get_all: 7 (2.7%), b_comp_prob: 2.2 (0.8%), b_tok_touch_all: 2.7 (1.0%), b_finish: 0.54 (0.2%), tests_pri_0: 223 (81.4%), check_dkim_signature: 0.48 (0.2%), check_dkim_adsp: 2.5 (0.9%), tests_pri_500: 4.2 (1.5%), rewrite_mail: 0.00 (0.0%) Subject: Re: [RESEND RFC] translate_pid API X-Spam-Flag: No X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600) X-SA-Exim-Scanned: Yes (on in01.mta.xmission.com) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Nagarathnam Muthusamy writes: > On 03/13/2018 08:29 PM, ebiederm@xmission.com wrote: >> The cost of that ``cheaper'' u64 that is not in any namespace is that >> you now have to go and implement a namespace of namespaces. You haven't >> even attempted it. So just no. Anything that brings us to needing >> a namespace of namespaces is a bad design. > > I am not trying to implement a namespace of namespaces. No you are using a design that will require a namespace of namespaces to be implemented to support CRIU (checkpoint/restart in userspace). So when I see your patch I see a patch that only implements the easy half of the work that needs to be done. >>> Following patch uses a 64-bit ID for namespace exported by procfs >>> for pid translation through a new file /proc//ns/pidns_id. >> And this design detail is what brings the automatic nack. >> >> Use file descriptros and it sounds like your use case justifies what you >> are trying to do. > > File descriptors are problematic for following reasons. > 1) I need to open a couple of file descriptors for every pid > translation request. You can cache descriptors across requests. I suspect simply by tracking the origin of the shared memory segment you can figure out it's pid namespace. > 2) In case of nested PID namespaces, say a new pid namespace is > created at level 20, >     with unique ID, I could just record this ID in a shared memory for > interested process >     to use. In case of file descriptors, every level has to figure out > the process ID of the >     newly created namespace's init process and open a file descriptor > to track it. Toss in a bind mount of the file in some filesystem if that helps. But if I understand what you are talking about you are talking about having a shared memory segment shared between processes in different pid namespaces. In that shared memory segment for a processes in different namespaces you are talking about having the conversation structured as having information structured as pid-namespace pid. And crucuially you want anyone in any pid namespace to be able to read that shared memory segment and to make sense of what is going on, by just reading the pid namespace id. Namespaces are all about making identifiers relative to their namespace. The only way I can see you gain an advantage with your shared memory design is by making identifiers that are not relative to their pid namespace. As such identifiers will completely defeat the ability to implement CRIU support. The closest I have to such identifiers today are bind mounts of the namespace files. So if you also have a common mount namespace you could use that. In theory a name in some other namespace is possible. However anyone in a container will only be able to see the names in their container or in nested sub containers. Which is what you have already with pids. So I don't think that will help. Eric