Received: by 2002:a25:ca44:0:0:0:0:0 with SMTP id a65csp1869748ybg; Thu, 30 Jul 2020 05:02:07 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyElLPiwtEIpvYzUpc5irPcc59R30WGTvJwZH5GCQCLFQmoTHVl99Hjw6GFzYnBpLagE0Jd X-Received: by 2002:a50:dacf:: with SMTP id s15mr2423291edj.136.1596110527829; Thu, 30 Jul 2020 05:02:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1596110527; cv=none; d=google.com; s=arc-20160816; b=evDZPkV1qN9nCGo/BtOHio9xD4amql8ueRa4AIW+b/tGhJuzUSeDLnjBDcE478SMLY hBjS2yYVeUibx6BJUiajIYyhQInKkYr6SEt+Mz6RkuAclm3gnntkxkoh49BbB2cGBcZm 1sCfcu2Dad17Ase/6VCuHho/UgUIGJYsoQGerB01xE+7Vlp5lS1xXlVKzPkjMhCr9Waw dCx0Ey0n3idFLX05m61Zysd1c1ZDAWe98I/ZQECnxY7qW6v042PeD6EfYbbM6tkjPxob ymM+fC6Belj9GJjkR0JD1Wc87XXjPcLxGPh9LP47YYmueprLuS0X7sMoQdVEEzwUh7Io wRBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:to:from:subject; bh=kbzm56Do81tOIlyGVW55xGegdMWP2E03Ow1E3IJ08qE=; b=ac4O0Sjscygz2d6hKDrMiFZdDGWpNv+niNMyHhYhAj6wtggUu0XojKKQj5Teun5MC/ VcN8u58c6hLgvKa0XAuHvdLoLQY9PNQHyyID6cK2PMSXXM7wtZ7l//wpobu8yufhKYEQ dyLEypH9mUeOWgNsBQQXumrn5cn8D7HiKTY8XPRfT0tPkf9S2u0diz/5JLo8FY5Y8IIY cmpAVN9SyjR91h6ez9FOxVqTcMRnBx1wcX8UulYyBsM+cyGY3Q7/LpZd2nBTl2+MwxDq m2AaQzFKgfgN/4aWXbQIM4p7qVLqbqMCLhxqioD2HZTSwTiPVZSB9sl19aANAevdF++7 xfLg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=virtuozzo.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id yc26si2676062ejb.736.2020.07.30.05.01.43; Thu, 30 Jul 2020 05:02:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=virtuozzo.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728384AbgG3MAt (ORCPT + 99 others); Thu, 30 Jul 2020 08:00:49 -0400 Received: from relay.sw.ru ([185.231.240.75]:56960 "EHLO relay3.sw.ru" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726989AbgG3MAp (ORCPT ); Thu, 30 Jul 2020 08:00:45 -0400 Received: from [192.168.15.64] (helo=localhost.localdomain) by relay3.sw.ru with esmtp (Exim 4.93) (envelope-from ) id 1k17EZ-0002yn-7t; Thu, 30 Jul 2020 15:00:27 +0300 Subject: [PATCH 15/23] pid: Eextract child_reaper check from pidns_for_children_get() From: Kirill Tkhai To: viro@zeniv.linux.org.uk, adobriyan@gmail.com, davem@davemloft.net, ebiederm@xmission.com, akpm@linux-foundation.org, christian.brauner@ubuntu.com, areber@redhat.com, serge@hallyn.com, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, ktkhai@virtuozzo.com Date: Thu, 30 Jul 2020 15:00:41 +0300 Message-ID: <159611044115.535980.10236831314879436296.stgit@localhost.localdomain> In-Reply-To: <159611007271.535980.15362304262237658692.stgit@localhost.localdomain> References: <159611007271.535980.15362304262237658692.stgit@localhost.localdomain> User-Agent: StGit/0.19 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This check if for prohibiting access to /proc/[pid]/ns/pid_for_children before first task of the pid namespace is created. /proc/namespaces/ code will use this check too, so we move it into a separate function. Signed-off-by: Kirill Tkhai --- kernel/pid_namespace.c | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c index d02dc1696edf..4a01328e8763 100644 --- a/kernel/pid_namespace.c +++ b/kernel/pid_namespace.c @@ -343,6 +343,21 @@ static struct ns_common *pidns_get(struct task_struct *task) return ns ? &ns->ns : NULL; } +static bool pidns_can_get(struct ns_common *ns) +{ + struct pid_namespace *pid_ns; + bool ret = true; + + pid_ns = container_of(ns, struct pid_namespace, ns); + + read_lock(&tasklist_lock); + if (!pid_ns->child_reaper) + ret = false; + read_unlock(&tasklist_lock); + + return ret; +} + static struct ns_common *pidns_for_children_get(struct task_struct *task) { struct pid_namespace *ns = NULL; @@ -354,13 +369,9 @@ static struct ns_common *pidns_for_children_get(struct task_struct *task) } task_unlock(task); - if (ns) { - read_lock(&tasklist_lock); - if (!ns->child_reaper) { - put_pid_ns(ns); - ns = NULL; - } - read_unlock(&tasklist_lock); + if (ns && !pidns_can_get(&ns->ns)) { + put_pid_ns(ns); + ns = NULL; } return ns ? &ns->ns : NULL;