Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp304912ybi;
        Thu, 1 Aug 2019 19:28:53 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzWLgRRd1Y8w2/NifFIzDI0bU2K5U1jE4GUCLIBZjuvPv2mmBjboUtC9QkOGNjMUVRmLvjn
X-Received: by 2002:a63:5d54:: with SMTP id o20mr105996318pgm.413.1564712933503;
        Thu, 01 Aug 2019 19:28:53 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1564712933; cv=none;
        d=google.com; s=arc-20160816;
        b=cncLiRnhMIpk86R6ARjMHR6/JFgZZDWuUUM6onbv/MqYpwoqo9MZ5UxfTQ6s0SWLr7
         wQ4Q9Vmo9fEhzUY7yb1S6kbQwUcwzxudiqFJ+u9mR53s6zptudXG5a0ObZcN4bVzrcMv
         SkZRM4OiRV37or37CwpKz6j0Ga55/1TStl8HO1QVQn04pIl1i8URsirvRbkQnsYJx8Kx
         GVBju7YvGCkc0YQveFp2DgQ4SjUc1NvkhC+456twhSL69TMV7c16UU83c6FBTKgdvx+g
         ItXo+IfM+b1YBP4tpFqq6i7kPIWGaAsVh+dZyL376RwJS1cz132iiLlZaRChEGh53fsk
         ArNA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject:dkim-signature;
        bh=QeFuBP9JKrZCeHFf1rpKgsYUuBTv3R+2TjgNB/pftBU=;
        b=CTz9sDZZO4rqqMx8qh9ASlcwsjWCNsUq6AwldAn/Kc3rap2oeE4wVR5ft22aYlJK5I
         +1GLGGk25CQQj8tIzygWu6M3vFUTovzjPqFpETvmUvnoIKrv3PHBEgkgW3/aHMqEfYuV
         Koppo/XDP74IakukduHB0Iutz8+YOpaFQtsleeogYpSwTsBX4hTeAZAH7+qfm1ZWcWkD
         c6Zi5okhN2Svxha7KJv25PRaCt/7dBbUma6dW4/bBYrbFTevtrR647tXYt2SKwwihXi9
         ztxlmlIVdT1KX6lkoImk8g4SN+eL7ZglsLsKMwUkxzPaUL+ojudKK7Bbt8mmSOvArpOw
         7wWw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=BsQiRLSF;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id a9si33494158plm.295.2019.08.01.19.28.38;
        Thu, 01 Aug 2019 19:28:53 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=BsQiRLSF;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2390466AbfHAXqq (ORCPT <rfc822;patchstalker@gmail.com>
        + 99 others); Thu, 1 Aug 2019 19:46:46 -0400
Received: from mail-wr1-f65.google.com ([209.85.221.65]:39215 "EHLO
        mail-wr1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1732080AbfHAXqn (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 1 Aug 2019 19:46:43 -0400
Received: by mail-wr1-f65.google.com with SMTP id x4so22145690wrt.6;
        Thu, 01 Aug 2019 16:46:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=subject:to:cc:references:from:message-id:date:user-agent
         :mime-version:in-reply-to:content-language:content-transfer-encoding;
        bh=QeFuBP9JKrZCeHFf1rpKgsYUuBTv3R+2TjgNB/pftBU=;
        b=BsQiRLSFEzFxFkoLp6ctIPQIKe1NJLA6ZKb8oqi3jFnLK8ustlV+YGmw4+9Q2iibOG
         6XZmONx2pX/bs7wwnxinAObrKqMQ4jtTERHbGL4bDjkvpM+gDc+Jp5j8hQtxh+GTf7yT
         dDFDfpWlaIF095ENGwNtT7Pfzpy/278F/X63j0ylPyerHXxsTOJ97h+GavPDtAdIGNa7
         Hsz/l4M4z/737Fnw4SecAXf5Ost/qc2wNNbcRxwYHa1MsQ0dc7XrXVXd8oMS1lLYLSIJ
         BG0cPWp+sMGjnRVmlzSSbvBwb8oyCPFzCdTgYDFP4n/upnZH04IyjdIWtEB9o/fsWohl
         zL0w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:cc:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=QeFuBP9JKrZCeHFf1rpKgsYUuBTv3R+2TjgNB/pftBU=;
        b=T4OZ/RXzvN133OPCZLu+hlOCjrlJFZK6MZdSBE7L7IHaajGDE5SPPTDQvTsuOBsYvy
         c7rqCnIPRbV5zgeg7lDuBvPi7KKosLPPx6kuzE82uThYjEpAjqw+vEzkXXveO4d9SuQu
         07VTtP76+3Bv1VnI5UUQx0yeAn+4KM8tdpH8sqnqA4vpWEcm0FQuah5Q7C9iaV0ICeYe
         SNnxpL6cvipqkr5yk8UAW8ER6PC7ZWLg0KrEUrEGRqSl7hr0Fsp3zxMbZBY7V7U6u/ud
         nuDGuRfTtBTYGJo7V1Ww0q+B7EBYqitWFYbHV8/F0A0BC89AE/P+oLX+Dw67ABrmqLM5
         4rGg==
X-Gm-Message-State: APjAAAWXvXh+qaHOn7sEEzhkKveefdaMMAvt8EfUORE77SyqiFnihUNI
        yznaJpzc1R6B6qLtdzC+708=
X-Received: by 2002:adf:e483:: with SMTP id i3mr13171471wrm.210.1564703201468;
        Thu, 01 Aug 2019 16:46:41 -0700 (PDT)
Received: from [10.83.36.153] ([217.173.96.166])
        by smtp.gmail.com with ESMTPSA id o3sm60526711wrs.59.2019.08.01.16.46.40
        (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128);
        Thu, 01 Aug 2019 16:46:40 -0700 (PDT)
Subject: Re: [PATCHv5 01/37] ns: Introduce Time Namespace
To:     Andy Lutomirski <luto@kernel.org>, Dmitry Safonov <dima@arista.com>
Cc:     LKML <linux-kernel@vger.kernel.org>,
        Andrei Vagin <avagin@openvz.org>,
        Adrian Reber <adrian@lisas.de>, Arnd Bergmann <arnd@arndb.de>,
        Christian Brauner <christian.brauner@ubuntu.com>,
        Cyrill Gorcunov <gorcunov@openvz.org>,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        "H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
        Jann Horn <jannh@google.com>, Jeff Dike <jdike@addtoit.com>,
        Oleg Nesterov <oleg@redhat.com>,
        Pavel Emelyanov <xemul@virtuozzo.com>,
        Shuah Khan <shuah@kernel.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Vincenzo Frascino <vincenzo.frascino@arm.com>,
        Linux Containers <containers@lists.linux-foundation.org>,
        criu@openvz.org, Linux API <linux-api@vger.kernel.org>,
        X86 ML <x86@kernel.org>
References: <20190729215758.28405-1-dima@arista.com>
 <20190729215758.28405-2-dima@arista.com>
 <CALCETrWHEcaG9gZe6ACt5H1H+P8D0RobrJ_bf4Wf9ts40NMM9w@mail.gmail.com>
From:   Dmitry Safonov <0x7f454c46@gmail.com>
Message-ID: <4d8d8489-28c8-259f-23a9-ed2b89699b73@gmail.com>
Date:   Fri, 2 Aug 2019 00:46:39 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.7.2
MIME-Version: 1.0
In-Reply-To: <CALCETrWHEcaG9gZe6ACt5H1H+P8D0RobrJ_bf4Wf9ts40NMM9w@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi Andy,

Thank you for the review,

On 8/1/19 6:29 AM, Andy Lutomirski wrote:
> On Mon, Jul 29, 2019 at 2:58 PM Dmitry Safonov <dima@arista.com> wrote:
>>
>> From: Andrei Vagin <avagin@openvz.org>
>>
>> Time Namespace isolates clock values.
> 
>> +static int timens_install(struct nsproxy *nsproxy, struct ns_common *new)
>> +{
>> +       struct time_namespace *ns = to_time_ns(new);
>> +
>> +       if (!thread_group_empty(current))
>> +               return -EINVAL;
> 
> You also need to check for other users of the mm.

Oops. It seems like, if the check was

if (!current_is_single_threaded())
    return -EUSERS;

instead of thread_group_empty(current), it would address the concerns
from 23/37 and 25/37 patches, too?

> 
>> +
>> +       if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN) ||
>> +           !ns_capable(current_user_ns(), CAP_SYS_ADMIN))
>> +               return -EPERM;
>> +
>> +       get_time_ns(ns);
>> +       get_time_ns(ns);
>> +       put_time_ns(nsproxy->time_ns);
>> +       put_time_ns(nsproxy->time_ns_for_children);
>> +       nsproxy->time_ns = ns;
>> +       nsproxy->time_ns_for_children = ns;
>> +       ns->initialized = true;
> 
> I really really wish that setns() took an explicit flag for "change
> now" or "change for children", since the semantics are different.  Oh
> well.
> 

Thanks,
          Dmitry