Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp3477844pxu; Sun, 11 Oct 2020 11:06:47 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyzsSwycVrB2OGDVMp/6XIR+acHWncDx4uxxmsFS77I5243QytQSXZBWwY+AG83PJwozxjy X-Received: by 2002:a05:6402:2073:: with SMTP id bd19mr9981067edb.127.1602439607289; Sun, 11 Oct 2020 11:06:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1602439607; cv=none; d=google.com; s=arc-20160816; b=Dvwp4q2GCscmsZ9g7QsNLnTOjfcbJm7TLLlg3CzC7HE4rL5PAM+5kFRIyJkYxvTuQ0 I3a6J4XlUtskvZEJNvl6M7thPEnbbX+oXSiXBKE+ZNIsxUXScGQNpqHjDHvYmi+DJy6s SGf8iJiraT6GD7oU4nVNIKF59ftizA1fUvBgGbzS0XhBofH+RS2vlDAptwCpvY5hFuVI U6Imo1BNirtzQVojayWBBBuj0aKc9w+vJKjo9ualA5CXdxOqSXPf0anLmKkk/cZb7kq1 q2OGvLgRYWpkZRyQ/3yw3Gf25Hm6KtDknDA6zbizqSoZ6E81EDFIL4IGV20/pikJUKNY U23g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=Cpx+lrSg0dtZq4wEy34StNzcX2uqlH8/U/3fsaBtmNQ=; b=PwYI942kSqEpZiiDHwvPMkjmErwN1OltrCxjgCKMjQOQi14F9hN7Cgecb+lkA5BIP4 K2Ba2i1uhLljE6Utcfl3vz4Fhqo8qZ/cMguNpH6WNV5hz53RiS4kPrQD6ORxWw6tCLTh pC00qry3iHIICWKCceoeMmtja9wwiU00B6yk6NWlqYSpMfS+VMYbKWo52Dmo9HspSK/Q F8db0zZdGEII7h6AG/gn4/OppveArtFb+FmBhEA2fX6jIZk83WzVUa3pKgtHauRd2uj+ EEuHCytHIQP9gHnUCbR5wdIpt/tbO4MTcj6nkUjZf32QxM4Ivm63gz6qk30ZmSbH+zKp nHaQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id k25si13112133ejk.10.2020.10.11.11.06.24; Sun, 11 Oct 2020 11:06:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388099AbgJKPA0 (ORCPT + 99 others); Sun, 11 Oct 2020 11:00:26 -0400 Received: from mout.kundenserver.de ([212.227.126.135]:49885 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388079AbgJKPAZ (ORCPT ); Sun, 11 Oct 2020 11:00:25 -0400 Received: from weisslap.m4st3rnet.de ([178.27.102.19]) by mrelayeu.kundenserver.de (mreue010 [212.227.15.167]) with ESMTPSA (Nemesis) id 1Mbzhv-1jv1lP0l7X-00dUsr; Sun, 11 Oct 2020 16:59:52 +0200 From: =?UTF-8?q?Michael=20Wei=C3=9F?= To: Thomas Gleixner , Andrei Vagin , Christian Brauner Cc: Dmitry Safonov <0x7f454c46@gmail.com>, linux-kernel@vger.kernel.org, "J . Bruce Fields" , Chuck Lever , Trond Myklebust , Anna Schumaker , =?UTF-8?q?Michael=20Wei=C3=9F?= Subject: [PATCH v3 2/3] fs/proc: apply the time namespace offset to /proc/stat btime Date: Sun, 11 Oct 2020 16:59:23 +0200 Message-Id: <20201011145924.6554-3-michael.weiss@aisec.fraunhofer.de> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20201011145924.6554-1-michael.weiss@aisec.fraunhofer.de> References: <20201011145924.6554-1-michael.weiss@aisec.fraunhofer.de> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Provags-ID: V03:K1:BlZ+ml3gNUZCR2Ao520OTL3pAiCWgg3Y30IudqkxiTs1H8Gpe9/ cAIrOtGT5tTm7sZudjczF03rwU2HXXnYZZhbWfUYXwrQWRlb9YboHEiOsxGpMoMv06YUHrW Ud/TlKDS3/vjhNkBdVkBLF2g4ltC9FapGxRCNpZJHgOoOMK0SJ+zqxm8qRg8F7ekyLfa5DO t/hlH5sz3QIvDp/jQ5Smg== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:w2Rnp1CuVKI=:mkKbGE+3taQjPLfKu32H/z T1SipQxCXA4W+IdjTDh1S4O0AOQK/YG/e1c4tC3icqG70eIiX195z65QoJetpoYxynhPhugyE uDf6d9hcFD+wQmTGTAVeHu+dTGXMhwyUDZblzT866lKuRWyeyEraCIVWc1b0O8US/0pBiSuPE 8olUgLKLustU4GZUbya9XypSZLolb6Ax4GBFQlIkCk27//0TaqC6OqjZlyNY3GB/+qsrTJ/9w 6dggQKD1kYo4gCQgWvXTQGj5bznbNeEwH8G1pK/20VI6QqHuN3ATBYZQenwDSDFDI4NPMLeSq 3n5taKZQVNuejNV49ujeEvD/lfnVT7L/Z2hFUH4oUkvkI9CiIjkz/CFhgDJgQaLMc2f5qNhF/ wmTO3Xs2l8ZFaXuh9SD2HkiPkAPzrIpCjRvUCR33Cn9cFeq4O6FxLN6oh42vCN9W7W3DfSX04 o8XEja528rIGutNC/jJKEajViyp55St8zMwlWflaNsn/fGy/DNUcRT8w+4GuzvB4OQRUv1ea+ OwkJkukzDn+plDK8ot2KxsXRV58h1k+Z0f9Q0QyeRp8A4YZtebuBlWpXIc7s3NOaXUXcaZieZ Ws6m/cPyWlhsmqCMDKJDL+wr9vxjCxv/wbN8GbggqbFyzwuf18zBVRA5Ps7PB0wwbtqa2yUO4 sxn0hygMyc+zi6gLn3LdYn4U83rsN9mwOkK7xKNtvLiygRekqNbYOa8Ah7foTGwzhH2aNgxp5 MUo+Mz7hLdLRt/9bg7GU9qaGnLya+1XvHbj3/W7xC2BIyNhOkttxeYpxT4KFKr8HVkmUr85I5 78s6jvu4ihwvsy9Zpepts6MBSwbppl6gB56gAgdzz2qOCrdMUeZE4PBlcicGgf1BiMfCXNf7q asWeFsGWRuifu0LqEIwQ== Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org '/proc/stat' provides the field 'btime' which states the time stamp of system boot in seconds. In case of time namespaces, the offset to the boot time stamp was not applied earlier. However, in container runtimes which utilize time namespaces to virtualize boottime of a container, this leaks information about the host system boot time. Therefore, we make procfs to virtualize also the btime field by subtracting the offset of the timens boottime from 'btime' before printing the stats. Since start_boottime of processes are seconds since boottime and the boottime stamp is now shifted according to the timens offset, the offset of the time namespace also needs to be applied before the process stats are given to userspace. This avoids that processes shown, e.g., by 'ps' appear as time travelers in the corresponding time namespace. Signed-off-by: Michael Weiß --- fs/proc/array.c | 6 ++++-- fs/proc/stat.c | 17 ++++++++++++++++- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/fs/proc/array.c b/fs/proc/array.c index 65ec2029fa80..277f654f289e 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -56,6 +56,7 @@ #include #include #include +#include #include #include #include @@ -533,8 +534,9 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, priority = task_prio(task); nice = task_nice(task); - /* convert nsec -> ticks */ - start_time = nsec_to_clock_t(task->start_boottime); + /* apply timens offset for boottime and convert nsec -> ticks */ + start_time = + nsec_to_clock_t(timens_add_boottime_ns(task->start_boottime)); seq_put_decimal_ull(m, "", pid_nr_ns(pid, ns)); seq_puts(m, " ("); diff --git a/fs/proc/stat.c b/fs/proc/stat.c index 46b3293015fe..5ae59297591a 100644 --- a/fs/proc/stat.c +++ b/fs/proc/stat.c @@ -10,6 +10,7 @@ #include #include #include +#include #include #include #include @@ -79,6 +80,20 @@ static u64 get_iowait_time(struct kernel_cpustat *kcs, int cpu) #endif +static void get_boottime(struct timespec64 *ts) +{ + ktime_t boottime; + + /* get kernel internal system boot timestamp */ + getboottime64(ts); + + /* shift boot timestamp according to the timens offset */ + boottime = timespec64_to_ktime(*ts); + boottime = timens_ktime_to_host(CLOCK_BOOTTIME, boottime); + + *ts = ktime_to_timespec64(boottime); +} + static void show_irq_gap(struct seq_file *p, unsigned int gap) { static const char zeros[] = " 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0"; @@ -117,7 +132,7 @@ static int show_stat(struct seq_file *p, void *v) user = nice = system = idle = iowait = irq = softirq = steal = 0; guest = guest_nice = 0; - getboottime64(&boottime); + get_boottime(&boottime); for_each_possible_cpu(i) { struct kernel_cpustat kcpustat; -- 2.20.1