Received: by 2002:a25:e7d8:0:0:0:0:0 with SMTP id e207csp3935931ybh; Tue, 17 Mar 2020 09:11:16 -0700 (PDT) X-Google-Smtp-Source: ADFU+vt1lL66rHpYmreyckx/qTDodV8ouBH94cYfq3P04iw6oYDXWVoMPghm22YrFxCKVBCom75A X-Received: by 2002:a54:478a:: with SMTP id o10mr44758oic.45.1584461476630; Tue, 17 Mar 2020 09:11:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1584461476; cv=none; d=google.com; s=arc-20160816; b=0Rn3rs3DD07Zv4TpiDc6xn18cm/4a/jAPptjRs7P3PGM0t08CQFZanPFjQJCP0/NqU /8/TIkjnTC8JNzP1eGMRRdNqYshzUpHGroICcJd1o6UAfPEEEr9dtL4zo9uamkxOY2r+ tOBaJbKubjXS+vpcz0ocAENB9ERDID90v9Kzav/rCIUjFt2U34ygHcktVxZTT+LZ/qmb IjYXOTQSDyJGzdq5jQOSVNADMCBIldRnFhEocOWWJyic9RHWYmR+0IEC1Rq5or6B2k50 M5ot7X0ZPIHPk9EzPqW06ie1GUsyeRRaKRuVvMfXePe1BGWctIrDBINqNSIrXZJke+yq 49sw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=FK6OeHAcFZUd0Ev0FkxVC8/bfxhWmsAJNBeQF4cAi50=; b=R0LQPp5SmLojSGWuaREAapllMIJ6ey49Kqt6ejyfXXaDqrkxTXfQbgygWDhlEkQoxP Oh15kxbDfrbuFb9+Kz0WhWDtiHglXI2t1gileaukY5P3Xbdz9DMO3SiVueKYdSLB6Wv0 ClH0bC+R9gzhPCYMcvZalqzVcBBGM1246sIGlKnTnidr8ppfNkdCJdUhJQija+NTgPWf xEYZQrhTugFDeB9lxWuK5JusUMJkCqsq73Wqe5W91NDw2gJgZIS0uWUoqiIFiWexii1D hA1Ci/jtMS7y7fiiNVqd5+gCj7EpfysKprtLYTG9avnU6rwQMdg+a0DfcWeIxcDXC2yL E2xA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j9si1809407oif.164.2020.03.17.09.10.58; Tue, 17 Mar 2020 09:11:16 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726643AbgCQQJw (ORCPT + 99 others); Tue, 17 Mar 2020 12:09:52 -0400 Received: from youngberry.canonical.com ([91.189.89.112]:58740 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726016AbgCQQJw (ORCPT ); Tue, 17 Mar 2020 12:09:52 -0400 Received: from ip5f5bf7ec.dynamic.kabel-deutschland.de ([95.91.247.236] helo=wittgenstein) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jEEmm-0004fx-QV; Tue, 17 Mar 2020 16:09:44 +0000 Date: Tue, 17 Mar 2020 17:09:43 +0100 From: Christian Brauner To: Aleksa Sarai Cc: "Michael Kerrisk (man-pages)" , Adrian Reber , Eric Biederman , Pavel Emelyanov , Oleg Nesterov , Dmitry Safonov <0x7f454c46@gmail.com>, Andrei Vagin , lkml , Mike Rapoport , Radostin Stoyanov , Arnd Bergmann , Cyrill Gorcunov , Thomas Gleixner , Linux API Subject: Re: clone3: allow creation of time namespace with offset Message-ID: <20200317160943.2qquqsa4l3oc7ii2@wittgenstein> References: <20200317083043.226593-1-areber@redhat.com> <20200317142350.ssraami3a4vnk5po@yavin> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20200317142350.ssraami3a4vnk5po@yavin> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Mar 18, 2020 at 01:23:50AM +1100, Aleksa Sarai wrote: > On 2020-03-17, Michael Kerrisk (man-pages) wrote: > > [CC += linux-api; please CC on future versions] > > > > On Tue, 17 Mar 2020 at 09:32, Adrian Reber wrote: > > > Requiring nanoseconds as well as seconds for two clocks during clone3() > > > means that it would require 4 additional members to 'struct clone_args': > > > > > > __aligned_u64 tls; > > > __aligned_u64 set_tid; > > > __aligned_u64 set_tid_size; > > > + __aligned_u64 boottime_offset_seconds; > > > + __aligned_u64 boottime_offset_nanoseconds; > > > + __aligned_u64 monotonic_offset_seconds; > > > + __aligned_u64 monotonic_offset_nanoseconds; > > > }; > > > > > > To avoid four additional members to 'struct clone_args' this patchset > > > uses another approach: > > > > > > __aligned_u64 tls; > > > __aligned_u64 set_tid; > > > __aligned_u64 set_tid_size; > > > + __aligned_u64 timens_offset; > > > + __aligned_u64 timens_offset_size; > > > }; > > > > > > timens_offset is a pointer to an array just as previously done with > > > set_tid and timens_offset_size is the size of the array. > > > > > > The timens_offset array is expected to contain a struct like this: > > > > > > struct set_timens_offset { > > > int clockid; > > > struct timespec val; > > > }; > > > > > > This way it is possible to pass the information of multiple clocks with > > > seconds and nanonseconds to clone3(). > > > > > > To me this seems the better approach, but I am not totally convinced > > > that it is the right thing. If there are other ideas how to pass two > > > clock offsets with seconds and nanonseconds to clone3() I would be happy > > > to hear other ideas. > > While I agree this does make the API cleaner, I am a little worried that > it risks killing some of the ideas we discussed for seccomp deep > inspection. In particular, having a pointer to variable-sized data > inside the struct means that now the cBPF program can't just be given a > copy of the struct data from userspace to check. I suggested two alternative approaches in a response to this. The easiest one would be to simple assume that the struct doesn't change size. (But haven't we crossed that bridge with the set_tid array already?)