From: "Serge E. Hallyn" <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
To: Oren Laadan <orenl-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
Cc: Linux Containers
<containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>,
David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Alexey Dobriyan
<adobriyan-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
Andrew Morgan <morgan-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
Subject: [PATCH 8/9] user namespaces: debug refcounts
Date: Fri, 29 May 2009 17:33:52 -0500 [thread overview]
Message-ID: <20090529223352.GH14602@us.ibm.com> (raw)
In-Reply-To: <20090529223229.GA14536-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
Create /proc/userns, which prints out all user namespaces. It
prints the address of the user_ns itself, the uid and userns address
of the user who created it, and the reference count.
Signed-off-by: Serge E. Hallyn <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
---
include/linux/user_namespace.h | 2 +
kernel/user.c | 1 +
kernel/user_namespace.c | 84 ++++++++++++++++++++++++++++++++++++++++
3 files changed, 87 insertions(+), 0 deletions(-)
diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h
index 3eeee40..4503224 100644
--- a/include/linux/user_namespace.h
+++ b/include/linux/user_namespace.h
@@ -14,8 +14,10 @@ struct user_namespace {
struct hlist_head uidhash_table[UIDHASH_SZ];
struct user_struct *creator;
struct work_struct destroyer;
+ struct list_head list;
};
+extern spinlock_t usernslist_lock;
extern struct user_namespace init_user_ns;
#ifdef CONFIG_USER_NS
diff --git a/kernel/user.c b/kernel/user.c
index 97f13e2..1a9a44f 100644
--- a/kernel/user.c
+++ b/kernel/user.c
@@ -24,6 +24,7 @@ struct user_namespace init_user_ns = {
.refcount = ATOMIC_INIT(2),
},
.creator = &root_user,
+ .list = LIST_HEAD_INIT(init_user_ns.list),
};
EXPORT_SYMBOL_GPL(init_user_ns);
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index 857cb3d..e76b38f 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -11,6 +11,11 @@
#include <linux/user_namespace.h>
#include <linux/checkpoint.h>
#include <linux/cred.h>
+#include <linux/proc_fs.h>
+#include <linux/seq_file.h>
+#include <linux/spinlock.h>
+
+DEFINE_SPINLOCK(usernslist_lock);
static struct user_namespace *_new_user_ns(struct user_struct *creator,
struct user_struct **newroot)
@@ -41,6 +46,9 @@ static struct user_namespace *_new_user_ns(struct user_struct *creator,
/* alloc_uid() incremented the userns refcount. Just set it to 1 */
kref_set(&ns->kref, 1);
+ spin_lock(&usernslist_lock);
+ list_add_tail(&ns->list, &init_user_ns.list);
+ spin_unlock(&usernslist_lock);
*newroot = root_user;
return ns;
}
@@ -91,6 +99,9 @@ static void free_user_ns_work(struct work_struct *work)
{
struct user_namespace *ns =
container_of(work, struct user_namespace, destroyer);
+ spin_lock(&usernslist_lock);
+ list_del(&ns->list);
+ spin_unlock(&usernslist_lock);
free_uid(ns->creator);
kfree(ns);
}
@@ -105,6 +116,79 @@ void free_user_ns(struct kref *kref)
}
EXPORT_SYMBOL(free_user_ns);
+#ifdef CONFIG_PROC_FS
+static int proc_userns_show(struct seq_file *m, void *v)
+{
+ struct user_namespace *ns = v;
+ seq_printf(m, "userns %p creator (uid %d ns %p) count %d\n",
+ (void *)ns, ns->creator->uid, (void *) ns->creator->user_ns,
+ atomic_read(&ns->kref.refcount));
+ return 0;
+}
+
+static void *proc_userns_start(struct seq_file *p, loff_t *_pos)
+{
+ loff_t pos = *_pos;
+ struct user_namespace *ns = &init_user_ns;
+ spin_lock(&usernslist_lock);
+ while (pos) {
+ pos--;
+ ns = list_entry(ns->list.next, struct user_namespace, list);
+ if (ns == &init_user_ns)
+ return NULL;
+ }
+ return ns;
+}
+
+static void *proc_userns_next(struct seq_file *p, void *v, loff_t *_pos)
+{
+ struct user_namespace *ns = v;
+ (*_pos)++;
+ ns = list_entry(ns->list.next, struct user_namespace, list);
+ if (ns == &init_user_ns)
+ return NULL;
+ return ns;
+}
+
+static void proc_userns_stop(struct seq_file *p, void *v)
+{
+ spin_unlock(&usernslist_lock);
+}
+
+static const struct seq_operations proc_userns_ops;
+
+static int proc_userns_open(struct inode *inode, struct file *filp)
+{
+ return seq_open(filp, &proc_userns_ops);
+}
+
+static const struct seq_operations proc_userns_ops = {
+ .start = proc_userns_start,
+ .next = proc_userns_next,
+ .stop = proc_userns_stop,
+ .show = proc_userns_show,
+};
+
+const struct file_operations proc_userns_fops = {
+ .open = proc_userns_open,
+ .read = seq_read,
+ .llseek = seq_lseek,
+ .release = seq_release,
+};
+
+static __init int user_ns_debug(void)
+{
+ struct proc_dir_entry *p;
+
+ p = proc_create("userns", 0, NULL, &proc_userns_fops);
+ if (!p)
+ panic("cannot create /proc/userns\n");
+ return 0;
+}
+
+__initcall(user_ns_debug);
+#endif
+
#ifdef CONFIG_CHECKPOINT
/*
* checkpoint_write_userns() is only called from
--
1.6.1
next prev parent reply other threads:[~2009-05-29 22:33 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-05-29 22:32 [PATCH 0/9] credentials c/r: Introduction Serge E. Hallyn
2009-05-29 22:32 ` [PATCH 1/9] cred: #include init.h in cred.h Serge E. Hallyn
2009-05-29 22:32 ` [PATCH 2/9] groups: move code to kernel/groups.c Serge E. Hallyn
2009-05-29 22:33 ` [PATCH 3/9] cr: break out new_user_ns() Serge E. Hallyn
2009-05-29 22:33 ` [PATCH 4/9] cr: split core function out of some set*{u,g}id functions Serge E. Hallyn
2009-05-29 22:33 ` [PATCH 5/9] cr: capabilities: define checkpoint and restore fns Serge E. Hallyn
2009-05-31 20:26 ` Andrew G. Morgan
2009-05-31 20:56 ` Alexey Dobriyan
2009-06-01 1:38 ` Serge E. Hallyn
2009-06-01 2:18 ` Andrew G. Morgan
2009-06-01 13:35 ` Serge E. Hallyn
2009-06-01 15:46 ` Andrew G. Morgan
2009-06-01 22:18 ` Serge E. Hallyn
2009-06-02 13:49 ` Andrew G. Morgan
2009-06-02 14:23 ` Serge E. Hallyn
2009-06-02 15:26 ` Oren Laadan
2009-06-02 15:49 ` Andrew G. Morgan
2009-06-02 17:15 ` Serge E. Hallyn
2009-06-03 0:05 ` Oren Laadan
[not found] ` <4A25BE4F.6000603-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
2009-06-03 15:03 ` Andrew G. Morgan
2009-06-03 16:45 ` Serge E. Hallyn
2009-06-04 14:13 ` Andrew G. Morgan
2009-06-05 19:41 ` Serge E. Hallyn
2009-06-06 15:02 ` Andrew G. Morgan
2009-06-15 9:58 ` Alexey Dobriyan
2009-06-01 15:49 ` Serge E. Hallyn
2009-06-01 16:34 ` Oren Laadan
2009-05-29 22:33 ` [PATCH 6/9] cr: checkpoint and restore task credentials Serge E. Hallyn
[not found] ` <20090529223229.GA14536-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-05-29 22:33 ` [PATCH 7/9] cr: restore file->f_cred Serge E. Hallyn
2009-05-29 22:33 ` Serge E. Hallyn [this message]
2009-05-31 18:51 ` [PATCH 8/9] user namespaces: debug refcounts Alexey Dobriyan
2009-06-01 19:02 ` Serge E. Hallyn
2009-05-29 22:34 ` [PATCH 9/9] cr: ipc: reset kern_ipc_perms Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090529223352.GH14602@us.ibm.com \
--to=serue-r/jw6+rmf7hqt0dzr+alfa@public.gmane.org \
--cc=adobriyan-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=morgan-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=orenl-eQaUEPhvms7ENvBUuze7eA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.