Received: by 10.213.65.68 with SMTP id h4csp642633imn; Fri, 23 Mar 2018 12:20:34 -0700 (PDT) X-Google-Smtp-Source: AG47ELtu9HTKci1CJZaDexQRACNUlUBuLZ8zssMI+gM3kkgasF41dyT9bF64oAZxmD1Kx5I6Hy+c X-Received: by 2002:a17:902:f24:: with SMTP id 33-v6mr30553218ply.242.1521832834558; Fri, 23 Mar 2018 12:20:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1521832834; cv=none; d=google.com; s=arc-20160816; b=JrSHJIRjlW/QGBuGJowaYJ6MnafWxceR6oJfjiGsCAU+fYFHT8GjHlDY/trrw0BsOC 6Fj3DZwfYnGX9Pv9JPUK/UIbBzYJFdwgtPXGJ+1TgkNV+cJtiKLS42vPeN+9HF02XqtD snne5SmtQ2iYqjvn8lR/SK3Mg9/id5gZrSDE8Bohp14qCQBM9za5ARX9KnhiCEPLLtLu CWZInAuw7Al6HhTQ9tA95n1T15IoFVDc94l/dIBfiFybPAqeySuoXGl7G3v1pcKc1wRx GeUvzDQJMwRT9SGUv9jdxTXQbQHWrHXl6/GymPOTgIomEX+Hb5f0nnUG4w7M2LXwepLY uXWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:subject:references:in-reply-to:message-id :date:cc:to:from:arc-authentication-results; bh=WVZOrlasOVJcTM7ptz0NfQtyX88CQJzZTkqi0+tdsPc=; b=FCvgnyJUcW/min0oCtHbinf525i4o86cZj7tqG5kqFy6m2VMi+1+gLg9ceFhs+6MeX but2Njp0+KOYkKIEeXzjrXTz2VnNzb7EWgO34xr1LSn0nrryM7mAJoSqjULg8w9xYXat 7hGOBzM7cysJOiWcEDW9+EHmJWXlS/3+dGAH3SEsG7GPGvdvWZSza3lPGI0Gr6uQuZ86 MA0Pq7htm6reUeWv4pZoK0dA+rRbfkjep+qlSJimgodQBTY8sXOeglu6K/DmmDBQ88BW s+dUqLDeUqLQcRlQXMog2Cn4Us8GSmjscnoIiU0zlX9jYoluqthlYLytmZpEOunUfhVe FcGg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f21si6363843pgn.693.2018.03.23.12.20.19; Fri, 23 Mar 2018 12:20:34 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752642AbeCWTTA (ORCPT + 99 others); Fri, 23 Mar 2018 15:19:00 -0400 Received: from out02.mta.xmission.com ([166.70.13.232]:50646 "EHLO out02.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752130AbeCWTSM (ORCPT ); Fri, 23 Mar 2018 15:18:12 -0400 Received: from in01.mta.xmission.com ([166.70.13.51]) by out02.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from ) id 1ezSCZ-0007dC-DK; Fri, 23 Mar 2018 13:18:11 -0600 Received: from 97-119-121-173.omah.qwest.net ([97.119.121.173] helo=x220.int.ebiederm.org) by in01.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from ) id 1ezSCY-00033I-9W; Fri, 23 Mar 2018 13:18:10 -0600 From: "Eric W. Biederman" To: Linux Containers Cc: linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, khlebnikov@yandex-team.ru, prakash.sangappa@oracle.com, luto@kernel.org, akpm@linux-foundation.org, oleg@redhat.com, serge.hallyn@ubuntu.com, esyr@redhat.com, jannh@google.com, linux-security-module@vger.kernel.org, Pavel Emelyanov , Nagarathnam Muthusamy , "Eric W. Biederman" Date: Fri, 23 Mar 2018 14:16:11 -0500 Message-Id: <20180323191614.32489-8-ebiederm@xmission.com> X-Mailer: git-send-email 2.14.1 In-Reply-To: <87vadmobdw.fsf_-_@xmission.com> References: <87vadmobdw.fsf_-_@xmission.com> X-XM-SPF: eid=1ezSCY-00033I-9W;;;mid=<20180323191614.32489-8-ebiederm@xmission.com>;;;hst=in01.mta.xmission.com;;;ip=97.119.121.173;;;frm=ebiederm@xmission.com;;;spf=neutral X-XM-AID: U2FsdGVkX1/8obNEmDIE/UTYDZWfwPis/hNPbcStVXU= X-SA-Exim-Connect-IP: 97.119.121.173 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on sa07.xmission.com X-Spam-Level: *** X-Spam-Status: No, score=3.5 required=8.0 tests=ALL_TRUSTED,BAYES_50, DCC_CHECK_NEGATIVE,TR_Symld_Words,TVD_RCVD_IP,XMNoVowels,XMSubLong autolearn=disabled version=3.4.1 X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * 0.7 XMSubLong Long Subject * 1.5 XMNoVowels Alpha-numberic number with no vowels * 1.5 TR_Symld_Words too many words that have symbols inside * 0.0 TVD_RCVD_IP Message was received from an IP address * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5000] * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC * [sa07 1397; Body=1 Fuz1=1 Fuz2=1] X-Spam-DCC: XMission; sa07 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: ***;Linux Containers X-Spam-Relay-Country: X-Spam-Timing: total 300 ms - load_scoreonly_sql: 0.03 (0.0%), signal_user_changed: 2.8 (0.9%), b_tie_ro: 1.95 (0.6%), parse: 1.10 (0.4%), extract_message_metadata: 12 (4.1%), get_uri_detail_list: 2.3 (0.8%), tests_pri_-1000: 5 (1.8%), tests_pri_-950: 1.13 (0.4%), tests_pri_-900: 0.98 (0.3%), tests_pri_-400: 25 (8.2%), check_bayes: 24 (7.8%), b_tokenize: 9 (2.9%), b_tok_get_all: 8 (2.6%), b_comp_prob: 2.5 (0.8%), b_tok_touch_all: 2.6 (0.9%), b_finish: 0.65 (0.2%), tests_pri_0: 245 (81.8%), check_dkim_signature: 0.48 (0.2%), check_dkim_adsp: 2.5 (0.8%), tests_pri_500: 3.5 (1.2%), rewrite_mail: 0.00 (0.0%) Subject: [REVIEW][PATCH 08/11] ipc/util: Helpers for making the sysvipc operations pid namespace aware X-Spam-Flag: No X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600) X-SA-Exim-Scanned: Yes (on in01.mta.xmission.com) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Capture the pid namespace when /proc/sysvipc/msg /proc/sysvipc/shm and /proc/sysvipc/sem are opened, and make it available through the new helper ipc_seq_pid_ns. This makes it possible to report the pids in these files in the pid namespace of the opener of the files. Implement ipc_update_pid. A simple impline helper that will only update a struct pid pointer if the new value does not equal the old value. This removes the need for wordy code sequences like: old = object->pid; object->pid = new; put_pid(old); and old = object->pid; if (old != new) { object->pid = new; put_pid(old); } Allowing the following to be written instead: ipc_update_pid(&object->pid, new); Which is easier to read and ensures that the pid reference count is not touched the old and the new values are the same. Not touching the reference count in this case is important to help avoid issues like af_unix experienced, where multiple threads of the same process managed to bounce the struct pid between cpu cache lines, but updating the pids reference count. Signed-off-by: "Eric W. Biederman" --- ipc/util.c | 9 +++++++++ ipc/util.h | 11 +++++++++++ 2 files changed, 20 insertions(+) diff --git a/ipc/util.c b/ipc/util.c index 4ed5a17dd06f..3783b7991cc7 100644 --- a/ipc/util.c +++ b/ipc/util.c @@ -747,9 +747,16 @@ int ipc_parse_version(int *cmd) #ifdef CONFIG_PROC_FS struct ipc_proc_iter { struct ipc_namespace *ns; + struct pid_namespace *pid_ns; struct ipc_proc_iface *iface; }; +struct pid_namespace *ipc_seq_pid_ns(struct seq_file *s) +{ + struct ipc_proc_iter *iter = s->private; + return iter->pid_ns; +} + /* * This routine locks the ipc structure found at least at position pos. */ @@ -872,6 +879,7 @@ static int sysvipc_proc_open(struct inode *inode, struct file *file) iter->iface = PDE_DATA(inode); iter->ns = get_ipc_ns(current->nsproxy->ipc_ns); + iter->pid_ns = get_pid_ns(task_active_pid_ns(current)); return 0; } @@ -881,6 +889,7 @@ static int sysvipc_proc_release(struct inode *inode, struct file *file) struct seq_file *seq = file->private_data; struct ipc_proc_iter *iter = seq->private; put_ipc_ns(iter->ns); + put_pid_ns(iter->pid_ns); return seq_release_private(inode, file); } diff --git a/ipc/util.h b/ipc/util.h index 959c10eb9cc1..e39ed9705f99 100644 --- a/ipc/util.h +++ b/ipc/util.h @@ -23,6 +23,7 @@ int msg_init(void); void shm_init(void); struct ipc_namespace; +struct pid_namespace; #ifdef CONFIG_POSIX_MQUEUE extern void mq_clear_sbinfo(struct ipc_namespace *ns); @@ -86,6 +87,7 @@ int ipc_init_ids(struct ipc_ids *); #ifdef CONFIG_PROC_FS void __init ipc_init_proc_interface(const char *path, const char *header, int ids, int (*show)(struct seq_file *, void *)); +struct pid_namespace *ipc_seq_pid_ns(struct seq_file *); #else #define ipc_init_proc_interface(path, header, ids, show) do {} while (0) #endif @@ -150,6 +152,15 @@ struct kern_ipc_perm *ipcctl_pre_down_nolock(struct ipc_namespace *ns, struct ipc_ids *ids, int id, int cmd, struct ipc64_perm *perm, int extra_perm); +static inline void ipc_update_pid(struct pid **pos, struct pid *pid) +{ + struct pid *old = *pos; + if (old != pid) { + *pos = get_pid(pid); + put_pid(old); + } +} + #ifndef CONFIG_ARCH_WANT_IPC_PARSE_VERSION /* On IA-64, we always use the "64-bit version" of the IPC structures. */ # define ipc_parse_version(cmd) IPC_64 -- 2.14.1