Received: by 2002:a05:7208:9594:b0:7e:5202:c8b4 with SMTP id gs20csp1197217rbb; Mon, 26 Feb 2024 01:38:09 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWi5TwvTkk9HNS+Ok1UO/zbXvb1NtaL3EL48RDnMRx13FmVYUmbtUXWdduY9mH1r3GwMQgUZqpvgJWZRGhFYOvL4K/i+UcVGHKMXhk1Bw== X-Google-Smtp-Source: AGHT+IE5MqZnBNzQYPtEFvrxMgFyHf8svW0o8/cFRUOiCnMSBo1i+hkbXLadtOY0y+wCG1kyi2al X-Received: by 2002:a05:6870:d154:b0:21e:8424:8325 with SMTP id f20-20020a056870d15400b0021e84248325mr7427738oac.18.1708940289576; Mon, 26 Feb 2024 01:38:09 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708940289; cv=pass; d=google.com; s=arc-20160816; b=HliK8yC2T+5yBCnHLJOcmWPbJfM14dtsm1u43YwMauthFjnEGmCQyXcnCimUxS640w avelZowLWEbv44uiRaT2B8fdLJ5SseWSkQUOPea4BoQ1A0mm0Ri4YRIu8UCeCYgL4gGk plAGZ4moRFISyZSPTLI5xKTYlDMRf2qBRmqIxl8i/srS8dTSzQeC0v09134MQvJQw+Nu EOlSzHtXJH7Gx+vEpH7QQgVwdayWSyeOE6O6Dg5XazM3fedGn2Lp/VZqtQDNqKwXUs9Q lC/1XZVKeTq0AbKGg/vu/uizRXsG/s0lCsMBAJZ6hSEC4/kPwCUOhBmxRHuZgCe+RDEB uTMg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=UjGWMgC1CBnDshpxaoQQnhc1VnA8Krdy3W//KeeKbLs=; fh=muet5XheSKk424aO+q2wr1QJDU24w75wvX24/TNUm6w=; b=HkHiL9wTFUFX9SxVZIibV0fXMkqrMo3Pm2WS8TRNLPFctDc8bb9OYehNuM0CYAez5i 2ud1BHHyJfWVevohdR3MmT74mb2T6E4PX/pkdwjmN8xLf2zJsSw4rnYqIlEXFHdJCu7I sv4BauFLbjxvK9B3czKSc+ZlYAormg/KDxsEq+976S65tJgwqtmpBV8Stav9R/+DAhEK OYeEpzuNpH86A7x7UzprP4rLexWMghDeDyVVNpheSWvyw8FLnYXmPG3OKBb4hxuHtPc8 vtNE7V8wKt/jL7QnQl3m2kzzvtkdMnKlqfBRxHYcijz67LM9qn/F7jdOTtwUQ2kY1jxQ OFHw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Fm0ecaSr; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-80991-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-80991-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id b6-20020a639306000000b005aaab9e7bcfsi3492295pge.388.2024.02.26.01.38.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 26 Feb 2024 01:38:09 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-80991-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Fm0ecaSr; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-80991-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-80991-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id C13E3286B91 for ; Mon, 26 Feb 2024 09:37:35 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 1B13569D19; Mon, 26 Feb 2024 08:57:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Fm0ecaSr" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 473B969D06 for ; Mon, 26 Feb 2024 08:57:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708937873; cv=none; b=tGs5DeDOIyJmRYZxvfJeDoAiRmf51+ByvjqL+dKh39abYLnVDHfCt4Kyv2lsNohilnGIH8uz3V1iLSccjqT+QpCQj6S9NYlIztDXlaW+/YDR+do7tbXeUb3+sOsHYd305y0kWbU+LvQ6GE8PkwBFxUEZzowAwmj87YgocnOnRfg= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708937873; c=relaxed/simple; bh=sh71VdSvALbb1x72VML15YUfIUFsFmJ85m1Hgf7DKVg=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=YUqfvz4XdjEcsR7i6xSIeLmCzJ12Cki/fD2GBFPE8fYoiCFJ/h5Oe7StqTp2Al/A7TL73jxVJH+K3KQ7IqVU3ohxEr9Re7qPjiLi1z+fEJvgJ4ckLiQC6Dx0gUABlgpwB0KbFjPiyDQ2xZYZETm871+PunX3Qy9fRk5LpdUZjPE= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Fm0ecaSr; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id EA702C433C7; Mon, 26 Feb 2024 08:57:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1708937872; bh=sh71VdSvALbb1x72VML15YUfIUFsFmJ85m1Hgf7DKVg=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Fm0ecaSrsJB0TogIIJqRWm8n02V8ypWw/tOl2WUYacuDBBP9J2yiz80EhDM1UVzxN j1C6bZarCvwVcWUk0mh0YgMdHJ1EKToc1Iam2RLsCYCmdQOPitPgRknYG8WGBaCNCF swCVL5gTdED2x/0/CT2Anq2XljKwbuM03U8Ayen4vHEVjY88HxH0igN5ukDx4S0tcD zxxPGnnWgbbW/bugIWm8Wnz5jVSXfuEdePG2T9LD+H+m4Gvz03kHrS3FbvuCwabor4 pRk7HALf9B5Zg4IWh8mN8WrImcR24oDPDHn+PkvSk6+cX5rjQEyI8xkHTt9CCBb8eN sHMkHJbzFA3Ig== Date: Mon, 26 Feb 2024 09:57:47 +0100 From: Christian Brauner To: Tycho Andersen Cc: Alexander Mikhalitsyn , stgraber@stgraber.org, cyphar@cyphar.com, linux-kernel@vger.kernel.org Subject: Re: [PATCH v1 2/2] tests/pid_namespace: add pid_max tests Message-ID: <20240226-gestrafft-pastinaken-94ff0e993a51@brauner> References: <20240222160915.315255-1-aleksandr.mikhalitsyn@canonical.com> <20240222160915.315255-3-aleksandr.mikhalitsyn@canonical.com> <20240223-kantholz-knallen-558beba46c62@brauner> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: > > > A small quibble, but I wonder about the semantics here. "You can write > > > whatever you want to this file, but we'll ignore it sometimes" seems > > > weird to me. What if someone (CRIU) wants to spawn a pid numbered 450 > > > in this case? I suppose they read pid_max first, they'll be able to > > > tell it's impossible and can exit(1), but returning E2BIG from write() > > > might be more useful. > > > > That's a good idea. But it's a bit tricky. The straightforward thing is > > to walk upwards through all ancestor pid namespaces and use the lowest > > pid_max value as the upper bound for the current pid namespace. This > > will guarantee that you get an error when you try to write a value that > > you would't be able to create. The same logic should probably apply to > > ns_last_pid as well. > > > > However, that still leaves cases where the current pid namespace writes > > a pid_max limit that is allowed (IOW, all ancestor pid namespaces are > > above that limit.). But then immediately afterwards an ancestor pid > > namespace lowers the pid_max limit. So you can always end up in a > > scenario like this. > > I wonder if we can push edits down too? Or an render .effective file, like I don't think that works in the current design? The pid_max value is per struct pid_namespace. And while there is a 1:1 relationship between a child pid namespace to all of its ancestor pid namespaces there's a 1 to many relationship between a pid namespace and it's child pid namespaces. IOW, if you change pid_max in pidns_level_1 then you'd have to go through each of the child pid namespaces on pidns_level_2 which could be thousands. So you could only do this lazily. IOW, compare and possibly update the pid_max value of the child pid namespace everytime it's read or written. Maybe that .effective is the way to go; not sure right now.