From: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman)
To: Oleg Nesterov <oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Cc: Linux Containers
<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [PATCH review 2/3] pidns: Stop pid allocation when init dies
Date: Sat, 22 Dec 2012 12:31:21 -0800 [thread overview]
Message-ID: <87bodlbzhi.fsf@xmission.com> (raw)
In-Reply-To: <20121222165438.GA19680-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> (Oleg Nesterov's message of "Sat, 22 Dec 2012 17:54:38 +0100")
Oleg Nesterov <oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> writes:
> On 12/21, Eric W. Biederman wrote:
>>
>> --- a/include/linux/pid_namespace.h
>> +++ b/include/linux/pid_namespace.h
>> @@ -21,7 +21,7 @@ struct pid_namespace {
>> struct kref kref;
>> struct pidmap pidmap[PIDMAP_ENTRIES];
>> int last_pid;
>> - int nr_hashed;
>> + unsigned int nr_hashed;
>> struct task_struct *child_reaper;
>> struct kmem_cache *pid_cachep;
>> unsigned int level;
>> @@ -42,6 +42,8 @@ struct pid_namespace {
>>
>> extern struct pid_namespace init_pid_ns;
>>
>> +#define PIDNS_HASH_ADDING (1U << 31)
>
> Yes, agreed. We can't rely on PF_EXITING/whatever, we need the explicit
> flag.
The simpler and more comprehensible we can make this code the better.
We have had too many surprises in this code because of complex failure
modes.
> 1/2 looks fine too. Only one nit about init_pid_ns below...
Then I will add your acked-by to the first patch.
>> @@ -319,7 +318,7 @@ struct pid *alloc_pid(struct pid_namespace *ns)
>>
>> upid = pid->numbers + ns->level;
>> spin_lock_irq(&pidmap_lock);
>> - if (ns->nr_hashed < 0)
>> + if (ns->nr_hashed < PIDNS_HASH_ADDING)
>
> I won't insist, but perhaps if "(!(nr_hashed & PIDNS_HASH_ADDING))"
> looks more understandable.
I will stare at it both ways and post an updated patch.
I'm not certain which form I like better. Certainly the decrements
are doing a double duty.
>> +void disable_pid_allocation(struct pid_namespace *ns)
>> +{
>> + spin_lock_irq(&pidmap_lock);
>> + if (ns->nr_hashed >= PIDNS_HASH_ADDING)
>
> Do we really need this check? It seems that PIDNS_HASH_ADDING
> bit must be always set when disable_pid_allocation() is called.
>
>> + ns->nr_hashed -= PIDNS_HASH_ADDING;
>
> Anyway, nr_hashed &= ~PIDNS_HASH_ADDING looks simpler and doesn't
> need a check.
That I agree with.
> But again, I won't insist this is minor and subjective.
>
>> struct pid *find_pid_ns(int nr, struct pid_namespace *ns)
>> {
>> struct hlist_node *elem;
>> @@ -584,7 +591,7 @@ void __init pidmap_init(void)
>> /* Reserve PID 0. We never call free_pidmap(0) */
>> set_bit(0, init_pid_ns.pidmap[0].page);
>> atomic_dec(&init_pid_ns.pidmap[0].nr_free);
>> - init_pid_ns.nr_hashed = 1;
>> + init_pid_ns.nr_hashed = 1 + PIDNS_HASH_ADDING;
>
> The obly chunk which doesn't look exactly correct to me, although this
> doesn't really matter. Hmm, actually the code was already wrong before
> this patch.
>
> I think init_pid_ns.nr_hashed should be PIDNS_HASH_ADDING, we should not
> add 1 to account the unused zero pid, and kernel_thread(kernel_init) was
> not called yet.
Good point because the zero pid does not get hashed. Who knows perhaps
with a little more evolution create_pid_ns can be used to create the
initial pid namespace.
I am also going to add "BUILD_BUG_ON(PID_MAX_LIMIT >= PIDNS_HASH_ADDING);"
to document that the pid values and PIDNS_HASH_ADDING can't overlap.
Eric
WARNING: multiple messages have this Message-ID (diff)
From: ebiederm@xmission.com (Eric W. Biederman)
To: Oleg Nesterov <oleg@redhat.com>
Cc: Linux Containers <containers@lists.linux-foundation.org>,
linux-kernel@vger.kernel.org,
"Serge E. Hallyn" <serge@hallyn.com>
Subject: Re: [PATCH review 2/3] pidns: Stop pid allocation when init dies
Date: Sat, 22 Dec 2012 12:31:21 -0800 [thread overview]
Message-ID: <87bodlbzhi.fsf@xmission.com> (raw)
In-Reply-To: <20121222165438.GA19680@redhat.com> (Oleg Nesterov's message of "Sat, 22 Dec 2012 17:54:38 +0100")
Oleg Nesterov <oleg@redhat.com> writes:
> On 12/21, Eric W. Biederman wrote:
>>
>> --- a/include/linux/pid_namespace.h
>> +++ b/include/linux/pid_namespace.h
>> @@ -21,7 +21,7 @@ struct pid_namespace {
>> struct kref kref;
>> struct pidmap pidmap[PIDMAP_ENTRIES];
>> int last_pid;
>> - int nr_hashed;
>> + unsigned int nr_hashed;
>> struct task_struct *child_reaper;
>> struct kmem_cache *pid_cachep;
>> unsigned int level;
>> @@ -42,6 +42,8 @@ struct pid_namespace {
>>
>> extern struct pid_namespace init_pid_ns;
>>
>> +#define PIDNS_HASH_ADDING (1U << 31)
>
> Yes, agreed. We can't rely on PF_EXITING/whatever, we need the explicit
> flag.
The simpler and more comprehensible we can make this code the better.
We have had too many surprises in this code because of complex failure
modes.
> 1/2 looks fine too. Only one nit about init_pid_ns below...
Then I will add your acked-by to the first patch.
>> @@ -319,7 +318,7 @@ struct pid *alloc_pid(struct pid_namespace *ns)
>>
>> upid = pid->numbers + ns->level;
>> spin_lock_irq(&pidmap_lock);
>> - if (ns->nr_hashed < 0)
>> + if (ns->nr_hashed < PIDNS_HASH_ADDING)
>
> I won't insist, but perhaps if "(!(nr_hashed & PIDNS_HASH_ADDING))"
> looks more understandable.
I will stare at it both ways and post an updated patch.
I'm not certain which form I like better. Certainly the decrements
are doing a double duty.
>> +void disable_pid_allocation(struct pid_namespace *ns)
>> +{
>> + spin_lock_irq(&pidmap_lock);
>> + if (ns->nr_hashed >= PIDNS_HASH_ADDING)
>
> Do we really need this check? It seems that PIDNS_HASH_ADDING
> bit must be always set when disable_pid_allocation() is called.
>
>> + ns->nr_hashed -= PIDNS_HASH_ADDING;
>
> Anyway, nr_hashed &= ~PIDNS_HASH_ADDING looks simpler and doesn't
> need a check.
That I agree with.
> But again, I won't insist this is minor and subjective.
>
>> struct pid *find_pid_ns(int nr, struct pid_namespace *ns)
>> {
>> struct hlist_node *elem;
>> @@ -584,7 +591,7 @@ void __init pidmap_init(void)
>> /* Reserve PID 0. We never call free_pidmap(0) */
>> set_bit(0, init_pid_ns.pidmap[0].page);
>> atomic_dec(&init_pid_ns.pidmap[0].nr_free);
>> - init_pid_ns.nr_hashed = 1;
>> + init_pid_ns.nr_hashed = 1 + PIDNS_HASH_ADDING;
>
> The obly chunk which doesn't look exactly correct to me, although this
> doesn't really matter. Hmm, actually the code was already wrong before
> this patch.
>
> I think init_pid_ns.nr_hashed should be PIDNS_HASH_ADDING, we should not
> add 1 to account the unused zero pid, and kernel_thread(kernel_init) was
> not called yet.
Good point because the zero pid does not get hashed. Who knows perhaps
with a little more evolution create_pid_ns can be used to create the
initial pid namespace.
I am also going to add "BUILD_BUG_ON(PID_MAX_LIMIT >= PIDNS_HASH_ADDING);"
to document that the pid values and PIDNS_HASH_ADDING can't overlap.
Eric
next prev parent reply other threads:[~2012-12-22 20:31 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-12-22 4:56 [PATCH review 0/3] pid namespaces fixes Eric W. Biederman
2012-12-22 4:56 ` Eric W. Biederman
[not found] ` <87d2y2elbi.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-12-22 4:57 ` [PATCH review 1/3] pidns: Outlaw thread creation after unshare(CLONE_NEWPID) Eric W. Biederman
2012-12-22 4:57 ` Eric W. Biederman
[not found] ` <877goaela9.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-12-22 19:39 ` Rob Landley
2012-12-22 19:39 ` Rob Landley
2012-12-22 20:16 ` Eric W. Biederman
2012-12-22 20:16 ` Eric W. Biederman
2012-12-22 4:58 ` [PATCH review 2/3] pidns: Stop pid allocation when init dies Eric W. Biederman
2012-12-22 4:58 ` Eric W. Biederman
[not found] ` <871ueiel9d.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-12-22 16:54 ` Oleg Nesterov
2012-12-22 16:54 ` Oleg Nesterov
[not found] ` <20121222165438.GA19680-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2012-12-22 20:31 ` Eric W. Biederman [this message]
2012-12-22 20:31 ` Eric W. Biederman
2012-12-25 8:24 ` [PATCH review 2/3 take 2] " Eric W. Biederman
2012-12-25 8:24 ` Eric W. Biederman
[not found] ` <87licm7d4n.fsf_-_-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-12-25 16:59 ` Oleg Nesterov
2012-12-25 16:59 ` Oleg Nesterov
2012-12-22 4:58 ` [PATCH review 3/3] proc: Allow proc_free_inum to be called from any context Eric W. Biederman
2012-12-22 4:58 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87bodlbzhi.fsf@xmission.com \
--to=ebiederm-as9lmozglivwk0htik3j/w@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.