Received: by 10.213.65.68 with SMTP id h4csp642633imn;
        Fri, 23 Mar 2018 12:20:34 -0700 (PDT)
X-Google-Smtp-Source: AG47ELtu9HTKci1CJZaDexQRACNUlUBuLZ8zssMI+gM3kkgasF41dyT9bF64oAZxmD1Kx5I6Hy+c
X-Received: by 2002:a17:902:f24:: with SMTP id 33-v6mr30553218ply.242.1521832834558;
        Fri, 23 Mar 2018 12:20:34 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1521832834; cv=none;
        d=google.com; s=arc-20160816;
        b=JrSHJIRjlW/QGBuGJowaYJ6MnafWxceR6oJfjiGsCAU+fYFHT8GjHlDY/trrw0BsOC
         6Fj3DZwfYnGX9Pv9JPUK/UIbBzYJFdwgtPXGJ+1TgkNV+cJtiKLS42vPeN+9HF02XqtD
         snne5SmtQ2iYqjvn8lR/SK3Mg9/id5gZrSDE8Bohp14qCQBM9za5ARX9KnhiCEPLLtLu
         CWZInAuw7Al6HhTQ9tA95n1T15IoFVDc94l/dIBfiFybPAqeySuoXGl7G3v1pcKc1wRx
         GeUvzDQJMwRT9SGUv9jdxTXQbQHWrHXl6/GymPOTgIomEX+Hb5f0nnUG4w7M2LXwepLY
         uXWg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:subject:references:in-reply-to:message-id
         :date:cc:to:from:arc-authentication-results;
        bh=WVZOrlasOVJcTM7ptz0NfQtyX88CQJzZTkqi0+tdsPc=;
        b=FCvgnyJUcW/min0oCtHbinf525i4o86cZj7tqG5kqFy6m2VMi+1+gLg9ceFhs+6MeX
         but2Njp0+KOYkKIEeXzjrXTz2VnNzb7EWgO34xr1LSn0nrryM7mAJoSqjULg8w9xYXat
         7hGOBzM7cysJOiWcEDW9+EHmJWXlS/3+dGAH3SEsG7GPGvdvWZSza3lPGI0Gr6uQuZ86
         MA0Pq7htm6reUeWv4pZoK0dA+rRbfkjep+qlSJimgodQBTY8sXOeglu6K/DmmDBQ88BW
         s+dUqLDeUqLQcRlQXMog2Cn4Us8GSmjscnoIiU0zlX9jYoluqthlYLytmZpEOunUfhVe
         FcGg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id f21si6363843pgn.693.2018.03.23.12.20.19;
        Fri, 23 Mar 2018 12:20:34 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752642AbeCWTTA (ORCPT <rfc822;thunderbird.krnldev@gmail.com>
        + 99 others); Fri, 23 Mar 2018 15:19:00 -0400
Received: from out02.mta.xmission.com ([166.70.13.232]:50646 "EHLO
        out02.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752130AbeCWTSM (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 23 Mar 2018 15:18:12 -0400
Received: from in01.mta.xmission.com ([166.70.13.51])
        by out02.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
        (Exim 4.87)
        (envelope-from <ebiederm@xmission.com>)
        id 1ezSCZ-0007dC-DK; Fri, 23 Mar 2018 13:18:11 -0600
Received: from 97-119-121-173.omah.qwest.net ([97.119.121.173] helo=x220.int.ebiederm.org)
        by in01.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
        (Exim 4.87)
        (envelope-from <ebiederm@xmission.com>)
        id 1ezSCY-00033I-9W; Fri, 23 Mar 2018 13:18:10 -0600
From:   "Eric W. Biederman" <ebiederm@xmission.com>
To:     Linux Containers <containers@lists.linux-foundation.org>
Cc:     linux-kernel@vger.kernel.org, linux-api@vger.kernel.org,
        khlebnikov@yandex-team.ru, prakash.sangappa@oracle.com,
        luto@kernel.org, akpm@linux-foundation.org, oleg@redhat.com,
        serge.hallyn@ubuntu.com, esyr@redhat.com, jannh@google.com,
        linux-security-module@vger.kernel.org,
        Pavel Emelyanov <xemul@openvz.org>,
        Nagarathnam Muthusamy <nagarathnam.muthusamy@oracle.com>,
        "Eric W. Biederman" <ebiederm@xmission.com>
Date:   Fri, 23 Mar 2018 14:16:11 -0500
Message-Id: <20180323191614.32489-8-ebiederm@xmission.com>
X-Mailer: git-send-email 2.14.1
In-Reply-To: <87vadmobdw.fsf_-_@xmission.com>
References: <87vadmobdw.fsf_-_@xmission.com>
X-XM-SPF: eid=1ezSCY-00033I-9W;;;mid=<20180323191614.32489-8-ebiederm@xmission.com>;;;hst=in01.mta.xmission.com;;;ip=97.119.121.173;;;frm=ebiederm@xmission.com;;;spf=neutral
X-XM-AID: U2FsdGVkX1/8obNEmDIE/UTYDZWfwPis/hNPbcStVXU=
X-SA-Exim-Connect-IP: 97.119.121.173
X-SA-Exim-Mail-From: ebiederm@xmission.com
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on sa07.xmission.com
X-Spam-Level: ***
X-Spam-Status: No, score=3.5 required=8.0 tests=ALL_TRUSTED,BAYES_50,
        DCC_CHECK_NEGATIVE,TR_Symld_Words,TVD_RCVD_IP,XMNoVowels,XMSubLong
        autolearn=disabled version=3.4.1
X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP
        *  0.7 XMSubLong Long Subject
        *  1.5 XMNoVowels Alpha-numberic number with no vowels
        *  1.5 TR_Symld_Words too many words that have symbols inside
        *  0.0 TVD_RCVD_IP Message was received from an IP address
        *  0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
        *      [score: 0.5000]
        * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC
        *      [sa07 1397; Body=1 Fuz1=1 Fuz2=1]
X-Spam-DCC: XMission; sa07 1397; Body=1 Fuz1=1 Fuz2=1 
X-Spam-Combo: ***;Linux Containers <containers@lists.linux-foundation.org>
X-Spam-Relay-Country: 
X-Spam-Timing: total 300 ms - load_scoreonly_sql: 0.03 (0.0%),
        signal_user_changed: 2.8 (0.9%), b_tie_ro: 1.95 (0.6%), parse: 1.10 (0.4%),
        extract_message_metadata: 12 (4.1%), get_uri_detail_list: 2.3 (0.8%),
        tests_pri_-1000: 5 (1.8%), tests_pri_-950: 1.13 (0.4%), tests_pri_-900: 0.98
        (0.3%), tests_pri_-400: 25 (8.2%), check_bayes: 24 (7.8%), b_tokenize: 9
        (2.9%), b_tok_get_all: 8 (2.6%), b_comp_prob: 2.5 (0.8%), b_tok_touch_all:
        2.6 (0.9%), b_finish: 0.65 (0.2%), tests_pri_0: 245 (81.8%),
        check_dkim_signature: 0.48 (0.2%), check_dkim_adsp: 2.5 (0.8%),
        tests_pri_500: 3.5 (1.2%), rewrite_mail: 0.00 (0.0%)
Subject: [REVIEW][PATCH 08/11] ipc/util: Helpers for making the sysvipc operations pid namespace aware
X-Spam-Flag: No
X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600)
X-SA-Exim-Scanned: Yes (on in01.mta.xmission.com)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Capture the pid namespace when /proc/sysvipc/msg /proc/sysvipc/shm
and /proc/sysvipc/sem are opened, and make it available through
the new helper ipc_seq_pid_ns.

This makes it possible to report the pids in these files in the
pid namespace of the opener of the files.

Implement ipc_update_pid.  A simple impline helper that will only update
a struct pid pointer if the new value does not equal the old value.  This
removes the need for wordy code sequences like:

	old = object->pid;
	object->pid = new;
	put_pid(old);

and

	old = object->pid;
	if (old != new) {
		object->pid = new;
		put_pid(old);
	}

Allowing the following to be written instead:

	ipc_update_pid(&object->pid, new);

Which is easier to read and ensures that the pid reference count is
not touched the old and the new values are the same.  Not touching
the reference count in this case is important to help avoid issues
like af_unix experienced, where multiple threads of the same
process managed to bounce the struct pid between cpu cache lines,
but updating the pids reference count.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
 ipc/util.c |  9 +++++++++
 ipc/util.h | 11 +++++++++++
 2 files changed, 20 insertions(+)

diff --git a/ipc/util.c b/ipc/util.c
index 4ed5a17dd06f..3783b7991cc7 100644
--- a/ipc/util.c
+++ b/ipc/util.c
@@ -747,9 +747,16 @@ int ipc_parse_version(int *cmd)
 #ifdef CONFIG_PROC_FS
 struct ipc_proc_iter {
 	struct ipc_namespace *ns;
+	struct pid_namespace *pid_ns;
 	struct ipc_proc_iface *iface;
 };
 
+struct pid_namespace *ipc_seq_pid_ns(struct seq_file *s)
+{
+	struct ipc_proc_iter *iter = s->private;
+	return iter->pid_ns;
+}
+
 /*
  * This routine locks the ipc structure found at least at position pos.
  */
@@ -872,6 +879,7 @@ static int sysvipc_proc_open(struct inode *inode, struct file *file)
 
 	iter->iface = PDE_DATA(inode);
 	iter->ns    = get_ipc_ns(current->nsproxy->ipc_ns);
+	iter->pid_ns = get_pid_ns(task_active_pid_ns(current));
 
 	return 0;
 }
@@ -881,6 +889,7 @@ static int sysvipc_proc_release(struct inode *inode, struct file *file)
 	struct seq_file *seq = file->private_data;
 	struct ipc_proc_iter *iter = seq->private;
 	put_ipc_ns(iter->ns);
+	put_pid_ns(iter->pid_ns);
 	return seq_release_private(inode, file);
 }
 
diff --git a/ipc/util.h b/ipc/util.h
index 959c10eb9cc1..e39ed9705f99 100644
--- a/ipc/util.h
+++ b/ipc/util.h
@@ -23,6 +23,7 @@ int msg_init(void);
 void shm_init(void);
 
 struct ipc_namespace;
+struct pid_namespace;
 
 #ifdef CONFIG_POSIX_MQUEUE
 extern void mq_clear_sbinfo(struct ipc_namespace *ns);
@@ -86,6 +87,7 @@ int ipc_init_ids(struct ipc_ids *);
 #ifdef CONFIG_PROC_FS
 void __init ipc_init_proc_interface(const char *path, const char *header,
 		int ids, int (*show)(struct seq_file *, void *));
+struct pid_namespace *ipc_seq_pid_ns(struct seq_file *);
 #else
 #define ipc_init_proc_interface(path, header, ids, show) do {} while (0)
 #endif
@@ -150,6 +152,15 @@ struct kern_ipc_perm *ipcctl_pre_down_nolock(struct ipc_namespace *ns,
 					     struct ipc_ids *ids, int id, int cmd,
 					     struct ipc64_perm *perm, int extra_perm);
 
+static inline void ipc_update_pid(struct pid **pos, struct pid *pid)
+{
+	struct pid *old = *pos;
+	if (old != pid) {
+		*pos = get_pid(pid);
+		put_pid(old);
+	}
+}
+
 #ifndef CONFIG_ARCH_WANT_IPC_PARSE_VERSION
 /* On IA-64, we always use the "64-bit version" of the IPC structures.  */
 # define ipc_parse_version(cmd)	IPC_64
-- 
2.14.1