Received: by 10.213.65.68 with SMTP id h4csp22478imn; Tue, 3 Apr 2018 14:40:23 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+F5kYpYumAQRAeGy2tB62R9v9Z0l7V16SzThvobk0fHTy3qr0vLbHG0qxjlxACO6EJc2fv X-Received: by 10.99.95.144 with SMTP id t138mr9963499pgb.94.1522791623154; Tue, 03 Apr 2018 14:40:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522791623; cv=none; d=google.com; s=arc-20160816; b=Uh2jbDgoxL3Rp0h4pOZaRARvh/t9G6cKAm0vhY02c+O0n61xKv+8DFKu8COIqKf/Kt OX44WfgliyBYqdYW6q/9db524rrUi8SGChcsdCQudxCbcTY379a3e05/ebLCIKKgtkxW Z0SUT2A2S3v20DYPULl8cTaBkY9ma5Ir+8ATvDU+KJsG0OVuXE0iqL2wlGHnZyzq0pFG WMKOr39XzUjAnOCBwryZuIC3BuLVEWAxXff/4LWSi+HHT3Tr+chOEOhiOuKpLVTwc4dY ZZhp2lNMbmeA8z7Ig9bwXQu7+K18/1RVkBGbhaN8lDOd2y9ev5C79L8zM5C3jwhQy5LW j+nA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date :arc-authentication-results; bh=5ji6SzpTad/RVjWbTpAW85tHPhTXQOwWwi+krada2lM=; b=iNqs9w9JQKB+Sc44+CFCIGvzJEJJv4v6HuK/+HQYk0HJ390nrONGzy1LfzjpIgK7yS au4i8rKr150NhUhWfapyrgk+QXBrjMyTYnXgN/5RI0FgbSg6jIK6V/T5Oz1766DnSZDr Q2MFztnPBDD9IyJp2MSzIrj39Elo8Ldn2n+tBhBL7nep6BKvV+cZIfNDFUjfo2s24JLX rMWc+EAgYDpPaBz87feI8CPFaIpO8Iq0JXcnpqHwseBFOzdYlQGhWYysp7r3jNNP16AN wqcrzdRV+0eJYF0QCby6VsLsjmsdpAFEKcqyYlx9iHNKWRSkDl2Bwb/Pl+2rrC+COo5c CW9Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u191si2612871pgc.725.2018.04.03.14.40.08; Tue, 03 Apr 2018 14:40:23 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753773AbeDCVim (ORCPT + 99 others); Tue, 3 Apr 2018 17:38:42 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:40060 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753160AbeDCVij (ORCPT ); Tue, 3 Apr 2018 17:38:39 -0400 Received: from akpm3.svl.corp.google.com (unknown [104.133.9.71]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 413A4CF3; Tue, 3 Apr 2018 21:38:39 +0000 (UTC) Date: Tue, 3 Apr 2018 14:38:38 -0700 From: Andrew Morton To: nagarathnam.muthusamy@oracle.com Cc: linux-api@vger.kernel.org, linux-kernel@vger.kernel.org, ebiederm@xmission.com, khlebnikov@yandex-team.ru, serge.hallyn@ubuntu.com, oleg@redhat.com, luto@amacapital.net, jannh@google.com, prakash.sangappa@oracle.com Subject: Re: [RESEND PATCH V4] pidns: introduce syscall translate_pid Message-Id: <20180403143838.614ecc083835d07d409a699c@linux-foundation.org> In-Reply-To: <1522706249-11578-1-git-send-email-nagarathnam.muthusamy@oracle.com> References: <1522706249-11578-1-git-send-email-nagarathnam.muthusamy@oracle.com> X-Mailer: Sylpheed 3.5.1 (GTK+ 2.24.31; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 2 Apr 2018 15:57:29 -0600 nagarathnam.muthusamy@oracle.com wrote: > pid_t translate_pid(pid_t pid, int source, int target); > > This syscall converts pid from source pid-ns into pid in target pid-ns. > If pid is unreachable from target pid-ns it returns zero. > > Pid-namespaces are referred file descriptors opened to proc files > /proc/[pid]/ns/pid or /proc/[pid]/ns/pid_for_children. Negative argument > refers to current pid namespace, same as file /proc/self/ns/pid. > > Kernel expose virtual pids in /proc/[pid]/status:NSpid, but backward > translation requires scanning all tasks. Also pids could be translated > by sending them through unix socket between namespaces, this method is > slow and insecure because other side is exposed inside pid namespace. > > Examples: > translate_pid(pid, ns, -1) - get pid in our pid namespace > translate_pid(pid, -1, ns) - get pid in other pid namespace > translate_pid(1, ns, -1) - get pid of init task for namespace > translate_pid(pid, -1, ns) > 0 - is pid is reachable from ns? > translate_pid(1, ns1, ns2) > 0 - is ns1 inside ns2? > translate_pid(1, ns1, ns2) == 0 - is ns1 outside ns2? > translate_pid(1, ns1, ns2) == 1 - is ns1 equal ns2? > > Error codes: > EBADF - file descriptor is closed > EINVAL - file descriptor isn't pid-namespace > ESRCH - task not found in @source namespace Presumably a manpage is planned? This changelog doesn't explain what the value is to our users. I assume it is a performance optimization because "backward translation requires scanning all tasks"? If so, please show us real-world examples of the performance benefit from this patch, and please go to great lengths to explain to us why this optimisation is needed by our users.