From: Pavel Emelyanov <xemul@parallels.com>
To: Oleg Nesterov <oleg@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Cyrill Gorcunov <gorcunov@openvz.org>,
Glauber Costa <glommer@parallels.com>,
Nathan Lynch <ntl@pobox.com>, Tejun Heo <tj@kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Serge Hallyn <serue@us.ibm.com>,
Daniel Lezcano <dlezcano@fr.ibm.com>
Subject: Re: [PATCH 3/3] pids: Make it possible to clone tasks with given pids
Date: Fri, 11 Nov 2011 14:11:51 +0400 [thread overview]
Message-ID: <4EBCF4E7.4090002@parallels.com> (raw)
In-Reply-To: <20111110185603.GA1757@redhat.com>
>>> The child_tidptr points to an array of pids for current namespace and
>>> its ancestors. When 0 is met in this array the pid number for the
>>> corresponding namespace is generated, rather than set.
>>
>> I must have missed something, but I can't unserstand how this works.
>>
>>> For security reasons after a regular clone/fork is done in a namespace
>>> further cloning with predefined pid is not allowed.
>>
>> I guess, this is pid_ns->last_pid != 0 check in set_pidmap(), right ?
Thanks for the feedback, Oleg! Please, see my explanation below.
>>> +static int set_pidmap(struct pid_namespace *pid_ns, int pid)
>>> +{
>>> + int offset;
>>> + struct pidmap *map;
>>> +
>>> + offset = pid & BITS_PER_PAGE_MASK;
>>> + map = &pid_ns->pidmap[pid/BITS_PER_PAGE];
>>> +
>>> + if (unlikely(!map->page))
>>> + if (alloc_pidmap_page(map))
>>> + return -ENOMEM;
>>> +
>>> + if (pid_ns->last_pid != 0)
>>> + return -EPERM;
>>
>> OK, but it should be always true, no? IOW, set_pidmap() should always
>> fail?
>>
>> Unless: you are using CLONE_NEWPID along with CLONE_CHILD_USEPIDS and
>> this child_tidptr array has only one pid (before zero pid).
>
> And, if you do clone(CLONE_NEWPID | CLONE_CHILD_USEPIDS), then
> new_ns->child_reaper == NULL (unless you pass "1" in child_tidptr[]) ?
>
>> So, could you please explain what I have missed?
>
> please ;) I guess I misread this patch completely. Help!
This is how I plan to use this functionality.
When creating an init of a container being restored I call
pids[0] = 1;
pids[1] = 0;
clone(CLONE_NEWPID | CLONE_CHILD_USEPIDS, &pids)
At this point the newly created namespace will have last_pid == 0 and will allow
for this init to be created. Then this created "init" task will have to read pids
from image files and call
pids[0] = <pid>
pids[1] = 0
clone(CLONE_CHILD_USEPIDS, &pids);
one by one. At this point the last_pid is still 0 and this new tasks with given
pids will be created. The newly created tasks if they have children too will have
to call the same code snippet.
After the restore is completed and new tasks are fork()-ed the last_pid gets finally
updated and new CLONE_CHILD_USEPIDS will return the EPERM in this namespace not
allowing for pids confusion.
And for the init_pid_ns the last_pid is set to non zero early at boot (when the kthreadd
is created) and thus pids abuse isn't allowed for the non-containerized system from
the very boot.
Does this sound OK?
> Oleg.
next prev parent reply other threads:[~2011-11-11 10:11 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-11-10 17:15 [PATCH 0/3] Introduce the cloning with pids functionality Pavel Emelyanov
2011-11-10 17:15 ` [PATCH 1/3] pids: Make alloc_pid return error Pavel Emelyanov
2011-11-10 18:00 ` Oleg Nesterov
2011-11-11 10:02 ` Pavel Emelyanov
2011-11-10 17:15 ` [PATCH 2/3] pids: Split alloc_pidmap into parts Pavel Emelyanov
2011-11-10 18:12 ` Oleg Nesterov
2011-11-10 17:16 ` [PATCH 3/3] pids: Make it possible to clone tasks with given pids Pavel Emelyanov
2011-11-10 17:30 ` Tejun Heo
2011-11-10 17:36 ` Pavel Emelyanov
2011-11-10 17:45 ` Tejun Heo
2011-11-11 10:04 ` Pavel Emelyanov
2011-11-10 18:46 ` Oleg Nesterov
2011-11-10 18:56 ` Oleg Nesterov
2011-11-11 10:11 ` Pavel Emelyanov [this message]
2011-11-11 15:25 ` Oleg Nesterov
2011-11-11 15:58 ` Pavel Emelyanov
2011-11-11 16:06 ` Tejun Heo
2011-11-11 16:10 ` Tejun Heo
2011-11-11 16:18 ` Pavel Emelyanov
2011-11-11 16:22 ` Tejun Heo
2011-11-11 16:49 ` Pavel Emelyanov
2011-11-11 17:02 ` Tejun Heo
2011-11-11 17:13 ` Pavel Emelyanov
2011-11-13 19:28 ` Oleg Nesterov
2011-11-14 10:28 ` Pavel Emelyanov
2011-11-11 16:17 ` Pavel Emelyanov
2011-11-11 16:48 ` Oleg Nesterov
2011-11-11 16:39 ` Oleg Nesterov
2011-11-11 16:55 ` Pavel Emelyanov
2011-11-13 18:59 ` Oleg Nesterov
-- strict thread matches above, loose matches on Subject: below --
2011-11-17 11:41 [RFC][PATCH 0/3] fork: Add the ability to create " Pavel Emelyanov
2011-11-17 11:43 ` [PATCH 3/3] pids: Make it possible to clone " Pavel Emelyanov
2011-11-17 15:32 ` Oleg Nesterov
2011-11-17 15:49 ` Pavel Emelyanov
2011-11-17 16:00 ` Oleg Nesterov
2011-11-17 17:28 ` Linus Torvalds
2011-11-17 19:04 ` Oleg Nesterov
2011-11-17 18:36 ` Oleg Nesterov
2011-11-18 10:05 ` Pavel Emelyanov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4EBCF4E7.4090002@parallels.com \
--to=xemul@parallels.com \
--cc=akpm@linux-foundation.org \
--cc=dlezcano@fr.ibm.com \
--cc=glommer@parallels.com \
--cc=gorcunov@openvz.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ntl@pobox.com \
--cc=oleg@redhat.com \
--cc=serue@us.ibm.com \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.