From: Oleg Nesterov <oleg@redhat.com>
To: Pavel Emelyanov <xemul@parallels.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Cyrill Gorcunov <gorcunov@openvz.org>,
Glauber Costa <glommer@parallels.com>,
Nathan Lynch <ntl@pobox.com>, Tejun Heo <tj@kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Serge Hallyn <serue@us.ibm.com>,
Daniel Lezcano <dlezcano@fr.ibm.com>
Subject: Re: [PATCH 3/3] pids: Make it possible to clone tasks with given pids
Date: Thu, 10 Nov 2011 19:56:03 +0100 [thread overview]
Message-ID: <20111110185603.GA1757@redhat.com> (raw)
In-Reply-To: <20111110184654.GA1006@redhat.com>
forgot to mention...
On 11/10, Oleg Nesterov wrote:
>
> On 11/10, Pavel Emelyanov wrote:
> >
> > The child_tidptr points to an array of pids for current namespace and
> > its ancestors. When 0 is met in this array the pid number for the
> > corresponding namespace is generated, rather than set.
>
> I must have missed something, but I can't unserstand how this works.
>
> > For security reasons after a regular clone/fork is done in a namespace
> > further cloning with predefined pid is not allowed.
>
> I guess, this is pid_ns->last_pid != 0 check in set_pidmap(), right ?
>
> > +static int set_pidmap(struct pid_namespace *pid_ns, int pid)
> > +{
> > + int offset;
> > + struct pidmap *map;
> > +
> > + offset = pid & BITS_PER_PAGE_MASK;
> > + map = &pid_ns->pidmap[pid/BITS_PER_PAGE];
> > +
> > + if (unlikely(!map->page))
> > + if (alloc_pidmap_page(map))
> > + return -ENOMEM;
> > +
> > + if (pid_ns->last_pid != 0)
> > + return -EPERM;
>
> OK, but it should be always true, no? IOW, set_pidmap() should always
> fail?
>
> Unless: you are using CLONE_NEWPID along with CLONE_CHILD_USEPIDS and
> this child_tidptr array has only one pid (before zero pid).
And, if you do clone(CLONE_NEWPID | CLONE_CHILD_USEPIDS), then
new_ns->child_reaper == NULL (unless you pass "1" in child_tidptr[]) ?
> So, could you please explain what I have missed?
please ;) I guess I misread this patch completely. Help!
Oleg.
next prev parent reply other threads:[~2011-11-10 19:00 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-11-10 17:15 [PATCH 0/3] Introduce the cloning with pids functionality Pavel Emelyanov
2011-11-10 17:15 ` [PATCH 1/3] pids: Make alloc_pid return error Pavel Emelyanov
2011-11-10 18:00 ` Oleg Nesterov
2011-11-11 10:02 ` Pavel Emelyanov
2011-11-10 17:15 ` [PATCH 2/3] pids: Split alloc_pidmap into parts Pavel Emelyanov
2011-11-10 18:12 ` Oleg Nesterov
2011-11-10 17:16 ` [PATCH 3/3] pids: Make it possible to clone tasks with given pids Pavel Emelyanov
2011-11-10 17:30 ` Tejun Heo
2011-11-10 17:36 ` Pavel Emelyanov
2011-11-10 17:45 ` Tejun Heo
2011-11-11 10:04 ` Pavel Emelyanov
2011-11-10 18:46 ` Oleg Nesterov
2011-11-10 18:56 ` Oleg Nesterov [this message]
2011-11-11 10:11 ` Pavel Emelyanov
2011-11-11 15:25 ` Oleg Nesterov
2011-11-11 15:58 ` Pavel Emelyanov
2011-11-11 16:06 ` Tejun Heo
2011-11-11 16:10 ` Tejun Heo
2011-11-11 16:18 ` Pavel Emelyanov
2011-11-11 16:22 ` Tejun Heo
2011-11-11 16:49 ` Pavel Emelyanov
2011-11-11 17:02 ` Tejun Heo
2011-11-11 17:13 ` Pavel Emelyanov
2011-11-13 19:28 ` Oleg Nesterov
2011-11-14 10:28 ` Pavel Emelyanov
2011-11-11 16:17 ` Pavel Emelyanov
2011-11-11 16:48 ` Oleg Nesterov
2011-11-11 16:39 ` Oleg Nesterov
2011-11-11 16:55 ` Pavel Emelyanov
2011-11-13 18:59 ` Oleg Nesterov
-- strict thread matches above, loose matches on Subject: below --
2011-11-17 11:41 [RFC][PATCH 0/3] fork: Add the ability to create " Pavel Emelyanov
2011-11-17 11:43 ` [PATCH 3/3] pids: Make it possible to clone " Pavel Emelyanov
2011-11-17 15:32 ` Oleg Nesterov
2011-11-17 15:49 ` Pavel Emelyanov
2011-11-17 16:00 ` Oleg Nesterov
2011-11-17 17:28 ` Linus Torvalds
2011-11-17 19:04 ` Oleg Nesterov
2011-11-17 18:36 ` Oleg Nesterov
2011-11-18 10:05 ` Pavel Emelyanov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20111110185603.GA1757@redhat.com \
--to=oleg@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=dlezcano@fr.ibm.com \
--cc=glommer@parallels.com \
--cc=gorcunov@openvz.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ntl@pobox.com \
--cc=serue@us.ibm.com \
--cc=tj@kernel.org \
--cc=xemul@parallels.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.