Received: by 2002:a05:7208:9594:b0:7e:5202:c8b4 with SMTP id gs20csp1379245rbb;
        Mon, 26 Feb 2024 07:31:51 -0800 (PST)
X-Forwarded-Encrypted: i=3; AJvYcCVNn/XZOQe7XiR/Knm7tQk3Luc7yrDpgoK7nMq4a6yoXbXy5Og/cU3bPwjaOhr3+V9BcADHr0ig9OUP9ABXHhZYoRbrBpgWOiUmw8W/rw==
X-Google-Smtp-Source: AGHT+IHJSGjY5DOL3LF7yDcYOdRtGWXbvcDomJk7Y81xE0hZd9zcyl/vzfBNQq0t5/Eqs4CeEsnI
X-Received: by 2002:a05:6402:b12:b0:565:6176:8aca with SMTP id bm18-20020a0564020b1200b0056561768acamr6588113edb.13.1708961511809;
        Mon, 26 Feb 2024 07:31:51 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1708961511; cv=pass;
        d=google.com; s=arc-20160816;
        b=L3+RLwGRcGlKYTxY5Z1pdtT4YHq+Qs1lDEDFBzeFCyt2rvvQnNtLmS+zMwEl3XFTVI
         KfHXBcuPtJBlfzCp1VuTY0hyR5t+T2bLp543/9TbB4LogKA32UqFwU124A65Wsz+IK26
         9Y/KS/m/vdolfUwGFG9U1sNU3z4OhX/zTfcymTUkB4NJBPI05Z4qmUk0OqQQ+BOESB3d
         e9OeTXXJU/oGt3M7gV1WVBYRwbRgOE8HGiRLQ/272pNeuIczQPyG3rLAH9vh+qRaCmKD
         wItIQAmdZlBryOh0Z1wNLnJ/EfSj4gawSzcIU+9po+vPU7ITEVtizKwKF91R6gceOln1
         0lZA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=in-reply-to:content-disposition:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:message-id:subject:cc
         :to:from:date:feedback-id:dkim-signature:dkim-signature;
        bh=E9BrEdzGh+86NkizWXe8ImITUXtVhnMNSPCm6NdyUQk=;
        fh=O/Gru5wUKROfJrrwH28eSjhZiafSW0Lmr4BRZjCN1P4=;
        b=m8w8XO61TyXvWjPb7qB3mQvJjliTs8LCFOYT4N4D6e3p/rdReBOE4L9c3EzIxrcGRv
         89wf1mdK87yYIK1Zc32O6Rdl5zct9bxMO8u4xPTKtDZIWPI7bpiamc7PPA8nvH8H5l0F
         s1MsRuXHOVJ3Ty/7J5ugwBVD8jhTbnMYLGnXOBTSANRg1JehbOgyFejK8nGIk5Rda7kv
         vKq1tbUhDkSnsBzLrrsbJAtBbFHrMnza5SQIdxdpCXTRPpUAx5DxiVyTn5fH7n92pzbI
         lJ35X1Kf7P9UxSaQd4IYNARm7NENB0Dyu9b2HHwscXatVWYSouNkR7v26yP98jXLj7sF
         GCfg==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@tycho.pizza header.s=fm3 header.b=VEqQzjZW;
       dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=dtsejjMD;
       arc=pass (i=1 spf=pass spfdomain=tycho.pizza dkim=pass dkdomain=tycho.pizza dkim=pass dkdomain=messagingengine.com);
       spf=pass (google.com: domain of linux-kernel+bounces-81811-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-81811-linux.lists.archive=gmail.com@vger.kernel.org"
Return-Path: <linux-kernel+bounces-81811-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3])
        by mx.google.com with ESMTPS id bm6-20020a0564020b0600b005645a23547csi2161568edb.560.2024.02.26.07.31.51
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 26 Feb 2024 07:31:51 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-81811-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@tycho.pizza header.s=fm3 header.b=VEqQzjZW;
       dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=dtsejjMD;
       arc=pass (i=1 spf=pass spfdomain=tycho.pizza dkim=pass dkdomain=tycho.pizza dkim=pass dkdomain=messagingengine.com);
       spf=pass (google.com: domain of linux-kernel+bounces-81811-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-81811-linux.lists.archive=gmail.com@vger.kernel.org"
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by am.mirrors.kernel.org (Postfix) with ESMTPS id 840621F25579
	for <linux.lists.archive@gmail.com>; Mon, 26 Feb 2024 15:31:37 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id DF1AC12AADD;
	Mon, 26 Feb 2024 15:31:00 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=tycho.pizza header.i=@tycho.pizza header.b="VEqQzjZW";
	dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="dtsejjMD"
Received: from wout3-smtp.messagingengine.com (wout3-smtp.messagingengine.com [64.147.123.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id E09DC12BF2F
	for <linux-kernel@vger.kernel.org>; Mon, 26 Feb 2024 15:30:43 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=64.147.123.19
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1708961455; cv=none; b=ZBzKndQRDwNFoOrNXT2BbAFFMX8dfES2pxgR0kexnrqcVQsEfPWUl403T1usiuFf7RFIXSRxTV27ZVvu0YnzT+iqcz1reayhKrrwLlXofFM74bRrPDpHnaBhHhmfpqn/6zxZLWVbDj4zDjgWhkAxtfPMhPuB8zBPLLeY8v8Grh4=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1708961455; c=relaxed/simple;
	bh=vJWrYPv1rD63nJNI6S5N7HYEDIbe2xSJDrg8r+EnuvM=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To; b=rdBMYoWfJmZrpm4POg1hT5SHZMF7n6PHCof392euVHrhLbK8ml4uCtJ2MjVxQAkHZEfLwCEwkELfx1zqXkkQG+CGIBmzxBYQbcFAQqDBYVhelAUdm8CybY4cnm3Otd48wvT4gzcxF5+NS+aPznHIr6z79NU4xvc/qTiDZXO25E0=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=tycho.pizza; spf=pass smtp.mailfrom=tycho.pizza; dkim=pass (2048-bit key) header.d=tycho.pizza header.i=@tycho.pizza header.b=VEqQzjZW; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b=dtsejjMD; arc=none smtp.client-ip=64.147.123.19
Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=tycho.pizza
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=tycho.pizza
Received: from compute2.internal (compute2.nyi.internal [10.202.2.46])
	by mailout.west.internal (Postfix) with ESMTP id 6D37B3200A4E;
	Mon, 26 Feb 2024 10:30:39 -0500 (EST)
Received: from mailfrontend1 ([10.202.2.162])
  by compute2.internal (MEProxy); Mon, 26 Feb 2024 10:30:39 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tycho.pizza; h=
	cc:cc:content-type:content-type:date:date:from:from:in-reply-to
	:in-reply-to:message-id:mime-version:references:reply-to:subject
	:subject:to:to; s=fm3; t=1708961438; x=1709047838; bh=E9BrEdzGh+
	86NkizWXe8ImITUXtVhnMNSPCm6NdyUQk=; b=VEqQzjZW2Ns08mQBuBol1uqUeC
	9csK9FbhJKvdnlejMpi1BbB+qB4mATv1qPfk5Oo6kj8Gm+Jd8nMYu5IFB0GaiSNs
	dexXkG6jxiM9nQsDbhm5qnuLiRG1hF8UQMUO5AaFmd+fKM2wm+aM/wQvxw+LZaE/
	bns8TQovcGMm172Q/z29xmbLD4Sad7MjxG/QRgrMk0ego8/EBrX8GLlu0kTmBU1x
	tdLtgPwQcGOwukF9aaAXLAoiTkJDwIpCHNo6y0nWqHSynSuG16rcXsgrJBoH/h7b
	g83yREHCRpH9YB0E8W7ImQn+fn5VIGbKq29owedcOoy3J5hBn3lcqNUCCJEQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:cc:content-type:content-type:date:date
	:feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
	:message-id:mime-version:references:reply-to:subject:subject:to
	:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=
	fm1; t=1708961438; x=1709047838; bh=E9BrEdzGh+86NkizWXe8ImITUXtV
	hnMNSPCm6NdyUQk=; b=dtsejjMD8v5Opp1ymDM9HTgrDYRZNNXCIZL/B79bb4aD
	Gs5oCf9XG5apeSUCf2vGSCmF1kCLsn99eoMlNuQ1iI+pDTmlCbqZOH3PhcDw3aRd
	nPY5P/lxRIDyrVag6tqXi3IYxrBRS2F9/cqDTb0DadPBgArARIXB2yvWQD+P8psc
	U1KfAaL7N98Zht5Le9cxCDtLzKKM1qGge6y7P6ezT9VcJZOyIGZA3b54aGz5++/x
	+qxwONyYI3AgMCtECbEYQGWi5NeoL31go4PRSBtj/UQhrFkjnTGuF8FzW7JNzlPU
	0OJv/PHZunlDXPBUgUbub+F3+fIHO/TFQ109OoG7EA==
X-ME-Sender: <xms:nq7cZZcWMI0Dwltq_fJ94mQNP32j3kbbROeWxI8uHKNFp1ThlT5H1A>
    <xme:nq7cZXNk714vZZLxI27C-i1lehuy3xNss0Owk3ohg9HVEcl21puSzfYQUdCw54GPs
    KBHDPT3H3n1zqhp1Gs>
X-ME-Received: <xmr:nq7cZShvkctjpIbxyOclC31zGPkL8sseMhuG01V_ofyWeSRQiG3tUvWQGrE>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrgedvgdejhecutefuodetggdotefrodftvf
    curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
    uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc
    fjughrpeffhffvvefukfhfgggtuggjsehttdertddttddvnecuhfhrohhmpefvhigthhho
    ucetnhguvghrshgvnhcuoehthigthhhosehthigthhhordhpihiiiigrqeenucggtffrrg
    htthgvrhhnpeeutedttefgjeefffehffffkeejueevieefudelgeejuddtfeffteeklefh
    leelteenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpe
    hthigthhhosehthigthhhordhpihiiiigr
X-ME-Proxy: <xmx:nq7cZS-wjcRJL2ZDo475rIU7DljiNHrl_R9OU4H-h9oVzYypO4Dv4g>
    <xmx:nq7cZVsCNmYc5sdAuI2vPxd_gZ4acSh0Ad74_XSsr-9e809lZm0vcA>
    <xmx:nq7cZRFf56E7MVNX8mDR7f4-XShEqCufC-ruKb5sgf-mmWb1FnwHfQ>
    <xmx:nq7cZfI16Qm9sv4HEy0J3w8fj8C3A-8Qs7qE5fjZODQEeGSskIuphA>
Feedback-ID: i21f147d5:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon,
 26 Feb 2024 10:30:37 -0500 (EST)
Date: Mon, 26 Feb 2024 08:30:35 -0700
From: Tycho Andersen <tycho@tycho.pizza>
To: Christian Brauner <brauner@kernel.org>
Cc: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>,
	stgraber@stgraber.org, cyphar@cyphar.com,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH v1 2/2] tests/pid_namespace: add pid_max tests
Message-ID: <Zdyumw6OfWBqQMTj@tycho.pizza>
References: <20240222160915.315255-1-aleksandr.mikhalitsyn@canonical.com>
 <20240222160915.315255-3-aleksandr.mikhalitsyn@canonical.com>
 <Zdd8MAJJD3M11yeR@tycho.pizza>
 <20240223-kantholz-knallen-558beba46c62@brauner>
 <ZdoEavHorDs3IlF5@tycho.pizza>
 <20240226-gestrafft-pastinaken-94ff0e993a51@brauner>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20240226-gestrafft-pastinaken-94ff0e993a51@brauner>

On Mon, Feb 26, 2024 at 09:57:47AM +0100, Christian Brauner wrote:
> > > > A small quibble, but I wonder about the semantics here. "You can write
> > > > whatever you want to this file, but we'll ignore it sometimes" seems
> > > > weird to me. What if someone (CRIU) wants to spawn a pid numbered 450
> > > > in this case? I suppose they read pid_max first, they'll be able to
> > > > tell it's impossible and can exit(1), but returning E2BIG from write()
> > > > might be more useful.
> > > 
> > > That's a good idea. But it's a bit tricky. The straightforward thing is
> > > to walk upwards through all ancestor pid namespaces and use the lowest
> > > pid_max value as the upper bound for the current pid namespace. This
> > > will guarantee that you get an error when you try to write a value that
> > > you would't be able to create. The same logic should probably apply to
> > > ns_last_pid as well.
> > > 
> > > However, that still leaves cases where the current pid namespace writes
> > > a pid_max limit that is allowed (IOW, all ancestor pid namespaces are
> > > above that limit.). But then immediately afterwards an ancestor pid
> > > namespace lowers the pid_max limit. So you can always end up in a
> > > scenario like this.
> > 
> > I wonder if we can push edits down too? Or an render .effective file, like
> 
> I don't think that works in the current design? The pid_max value is per
> struct pid_namespace. And while there is a 1:1 relationship between a
> child pid namespace to all of its ancestor pid namespaces there's a 1 to
> many relationship between a pid namespace and it's child pid namespaces.
> IOW, if you change pid_max in pidns_level_1 then you'd have to go
> through each of the child pid namespaces on pidns_level_2 which could be
> thousands. So you could only do this lazily. IOW, compare and possibly
> update the pid_max value of the child pid namespace everytime it's read
> or written. Maybe that .effective is the way to go; not sure right now.

I wonder then, does it make sense to implement this as a cgroup thing
instead, which is used to doing this kind of traversal?

Or I suppose not, since the idea is to get legacy software that's
writing to pid_max to work?

Tycho