Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp543639ybl;
        Thu, 15 Aug 2019 23:36:00 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzOTOs4flzVDLyPu3EcH7vviIO8ygwOqiLSmbl/+iBFWLJei+Yk31I8RKiP+++RL1/abJ1s
X-Received: by 2002:a63:d852:: with SMTP id k18mr6483480pgj.313.1565937359827;
        Thu, 15 Aug 2019 23:35:59 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1565937359; cv=none;
        d=google.com; s=arc-20160816;
        b=BPs1tVYNYSgOzRx4ucg0a7NpcGEUMc7Gtsx6YJEnp8X6/SjjA7eOomUrU1hXjED2ML
         JGUHzU+9AfFf+q0tJcYRo5mN85D5wIxr3+JNVjBmnChRwRWgELUJw43s68ZAgyjtSms1
         TYUjUfhy0btNf6nAXQttw2ADZFfYkR/D1uqfX7AGwh8jKExlvME3eWdBN4H979b9hcls
         jpTQ7x0NImqUvbf8F2gCwMJxl2kwQmNO5KR35mu9bwqgUsnOTzbrmVHpyZDsu2IgpLXY
         aioQx/fsUMvyJkd+AhdODYkpz0e/VN+7gPzML5nKAQkNVjSGJ6IGvJCk4GxbAzDBYszt
         RGNw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :message-id:in-reply-to:subject:cc:to:from:date;
        bh=WJUCjWFj8w6+E0UB8Vj/oTiuq2LlnddOKA3BC8aGppc=;
        b=piFLNgDWuU2JEw5TpcEZpu6usswd3JB77fMsRbtLGtCXpwzwJzNA3SuA+ITaw0efj5
         F50++Q8LRCh7uNV/UpbdB2K05VdjAQXCyL702VdvDGtKeDasHGKtrFZ7NZXGXjxaWzRB
         gwynD35pgnpaogkRstcomQT7gS5LrOd8JbrtbAeHmS5eEJswUBVW5EiZOBPHYwoon8l2
         zTKmFR/9Mxwr46VlxgujWGWGRsu1A4vR+RHjEs4PNvOKrX8gIzdehtt/TZuJJaG/OFDZ
         6mmxEGmg5BaZlYW9R7yyEbeeePT3MHzhct0h1hwEXnwCj4Z7gt4xq0/XF0KNIDlaV8kX
         /zCA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id a2si3450742pls.175.2019.08.15.23.35.43;
        Thu, 15 Aug 2019 23:35:59 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726783AbfHPGfD (ORCPT <rfc822;vinadhy@gmail.com> + 99 others);
        Fri, 16 Aug 2019 02:35:03 -0400
Received: from Galois.linutronix.de ([193.142.43.55]:41388 "EHLO
        Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726565AbfHPGfC (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 16 Aug 2019 02:35:02 -0400
Received: from pd9ef1cb8.dip0.t-ipconnect.de ([217.239.28.184] helo=nanos)
        by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
        (Exim 4.80)
        (envelope-from <tglx@linutronix.de>)
        id 1hyVor-0003Lr-4G; Fri, 16 Aug 2019 08:34:37 +0200
Date:   Fri, 16 Aug 2019 08:34:35 +0200 (CEST)
From:   Thomas Gleixner <tglx@linutronix.de>
To:     Andrei Vagin <avagin@gmail.com>
cc:     Dmitry Safonov <dima@arista.com>, linux-kernel@vger.kernel.org,
        Dmitry Safonov <0x7f454c46@gmail.com>,
        Andrei Vagin <avagin@openvz.org>,
        Adrian Reber <adrian@lisas.de>,
        Andy Lutomirski <luto@kernel.org>,
        Arnd Bergmann <arnd@arndb.de>,
        Christian Brauner <christian.brauner@ubuntu.com>,
        Cyrill Gorcunov <gorcunov@openvz.org>,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        "H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
        Jann Horn <jannh@google.com>, Jeff Dike <jdike@addtoit.com>,
        Oleg Nesterov <oleg@redhat.com>,
        Pavel Emelyanov <xemul@virtuozzo.com>,
        Shuah Khan <shuah@kernel.org>,
        Vincenzo Frascino <vincenzo.frascino@arm.com>,
        containers@lists.linux-foundation.org, criu@openvz.org,
        linux-api@vger.kernel.org, x86@kernel.org
Subject: Re: [PATCHv6 01/36] ns: Introduce Time Namespace
In-Reply-To: <20190816061119.GA14312@gmail.com>
Message-ID: <alpine.DEB.2.21.1908160828490.1908@nanos.tec.linutronix.de>
References: <20190815163836.2927-1-dima@arista.com> <20190815163836.2927-2-dima@arista.com> <alpine.DEB.2.21.1908151908230.1908@nanos.tec.linutronix.de> <20190816061119.GA14312@gmail.com>
User-Agent: Alpine 2.21 (DEB 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
X-Linutronix-Spam-Score: -1.0
X-Linutronix-Spam-Level: -
X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required,  ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Andrei,

On Thu, 15 Aug 2019, Andrei Vagin wrote:
> On Thu, Aug 15, 2019 at 07:19:12PM +0200, Thomas Gleixner wrote:
> > > +static int timens_install(struct nsproxy *nsproxy, struct ns_common *new)
> > > +{
> > > +	struct time_namespace *ns = to_time_ns(new);
> > > +
> > > +	if (!current_is_single_threaded())
> > > +		return -EUSERS;
> > > +
> > > +	if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN) ||
> > > +	    !ns_capable(current_user_ns(), CAP_SYS_ADMIN))
> > > +		return -EPERM;
> > > +
> > > +	get_time_ns(ns);
> > > +	get_time_ns(ns);
> > 
> > Why is this a double get?
> 
> Because we change nsproxy->time_ns and nsproxy->time_ns_for_children.
> 
> Probably, I need to reorgonize the code this way:
> 
> 	get_time_ns(ns);
> 	put_time_ns(nsproxy->time_ns);
> 	nsproxy->time_ns = ns;
> 
> 	get_time_ns(ns);
> 	put_time_ns(nsproxy->time_ns_for_children);
> 	nsproxy->time_ns_for_children = ns;

That's better. A few comments about refcounting might be useful as well.
 
> > > +	put_time_ns(nsproxy->time_ns);
> > > +	put_time_ns(nsproxy->time_ns_for_children);
> > > +	nsproxy->time_ns = ns;
> > > +	nsproxy->time_ns_for_children = ns;
> > > +	ns->initialized = true;
> > > +	return 0;
> > > +}
> > > +
> > > +int timens_on_fork(struct nsproxy *nsproxy, struct task_struct *tsk)
> > > +{
> > > +	struct ns_common *nsc = &nsproxy->time_ns_for_children->ns;
> > > +	struct time_namespace *ns = to_time_ns(nsc);
> > > +
> > > +	if (nsproxy->time_ns == nsproxy->time_ns_for_children)
> > > +		return 0;

Doesn't this need to take a refcount on fork? Maybe not, but see below.

> > > +
> > > +	get_time_ns(ns);
> > > +	put_time_ns(nsproxy->time_ns);
> > > +	nsproxy->time_ns = ns;
> > > +	ns->initialized = true;
> > 
> > Isn't that one initialized already?
> 
> When we discussed time namespaces last year, we decided that clock
> offsets can be set only before any task enters a namespace.
> 
> When a namespace is created, ns->initialized is set to false. When a
> task enters the namespace, ns->initialized is set to true.

Right. I'm probably just hopelessly confused by this nsproxy->time_ns
vs. nsproxy->time_ns_for_children->ns thing.
 
> Namespace clock offsets can be changed only if ns->initialized is false.
> 
> A new task can be forked to a specified time namespace or it can call
> setns, so we set ns->initialized to true in timens_on_fork and
> timens_install.

Some comments explaining that logic above would be really helpful.

Thanks,

	tglx