Linux Container Development
 help / color / mirror / Atom feed
From: Oren Laadan <orenl-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
To: Matt Helsley <matthltc-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
Cc: containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org
Subject: Re: [PATCH 0/6][RFC] user-cr: restart: Make task table portable
Date: Mon, 08 Feb 2010 18:26:08 -0500	[thread overview]
Message-ID: <4B709D90.6000605@cs.columbia.edu> (raw)
In-Reply-To: <1265666243-29046-1-git-send-email-matthltc-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>

Matt,

Thanks for the patch-set.

Matt Helsley wrote:
> This series modifies the task table entries to use indexes rather than
> pointers to create the tree. This is one step that enables the same
> table to be shared between multiple restart processes regardless of
> whether they are 32 or 64-bit.
> 
> Further steps, not in this set, include:
> 	1. Mark bitness of each task in the table.
> 	2. Share the table contents.
> 		Probably via an fd passed during execve() then mmap()'ed

As I said before, I'm concerned about the security implications.

Assume the 'restart' is setuid.

When 'restart' starts with a switch, e.g. --cont-fd=FD --cont-nr=NN,
it will map that FD to memory and expect valid data there. But what
if the data is bogus ?

At the very least, we'll need to verify that the data in the array
is valid. That is, iterating through entries to verify contents.

(We might as well pass the data via a pipe and make a local copy of
the data at the exec'ed instance)


> 	3. Find/modify restart to do execve() at the right spot.
> 
> The patches:
> 	1/6 Make context global

I suppose this is only necessary to because the ->ctx pointer in
the @task will be invalid in the address space of the exec'ed
instance.

To avoid the need for @ctx as global, we can (as noted above) make
a local copy of the tasks array and set adjust the @ctx pointer in
each entry.

I actually want to remove globals altogether, so that we can make
the restart functionality available as a library. Unfortunately I'm
not sure it's possible because we use most of them in the signal
handling context.

Ideas are welcome.


> 	2/6 Replace children pointer with index
> 	3/6 Replace next_sib pointer with an index
> 	4/6 Replace prev_sib pointer with index
> 	5/6 Replace phantom pointer with index
> 	6/6 Replace creator pointer with index

The rest of them look clean.

Oren.


> 
> Each patch converts one of the fields to an index while leaving the
> others untouched. Should be bisect safe, but feel free to merge the
> patches if you like.
> 
> (These are RFC since they aren't properly tested and don't actually
> make restart do the 32/64-bit transitions but feel free to include
> them if you like.)
> 
> Cheers,
> 	-Matt Helsley
> _______________________________________________
> Containers mailing list
> Containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org
> https://lists.linux-foundation.org/mailman/listinfo/containers
> 

  parent reply	other threads:[~2010-02-08 23:26 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-02-08 21:57 [PATCH 0/6][RFC] user-cr: restart: Make task table portable Matt Helsley
     [not found] ` <1265666243-29046-1-git-send-email-matthltc-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2010-02-08 21:57   ` [PATCH 1/6] [RFC] user-cr: restart: Make context global Matt Helsley
     [not found]     ` <ef85446244a744fd9c91cf06515f796ce833f01c.1265665676.git.matthltc-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2010-02-08 21:57       ` [PATCH 2/6] [RFC] user-cr: restart: Replace children pointer with index Matt Helsley
2010-02-08 21:57       ` [PATCH 3/6] [RFC] user-cr: restart: Replace next_sib pointer with an index Matt Helsley
2010-02-08 21:57       ` [PATCH 4/6] [RFC] user-cr: restart: Replace prev_sib pointer with index Matt Helsley
2010-02-08 21:57       ` [PATCH 5/6] [RFC] user-cr: restart: Replace phantom " Matt Helsley
2010-02-08 21:57       ` [PATCH 6/6] [RFC] user-cr: restart: Replace creator " Matt Helsley
2010-02-08 23:26   ` Oren Laadan [this message]
     [not found]     ` <4B709D90.6000605-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
2010-02-09 23:22       ` [PATCH 0/6][RFC] user-cr: restart: Make task table portable Matt Helsley
     [not found]         ` <20100209232252.GK3714-52DBMbEzqgQ/wnmkkaCWp/UQ3DHhIser@public.gmane.org>
2010-02-10  0:24           ` Oren Laadan
     [not found]             ` <4B71FCBA.9060408-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
2010-02-10  2:13               ` Matt Helsley

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4B709D90.6000605@cs.columbia.edu \
    --to=orenl-eqauephvms7envbuuze7ea@public.gmane.org \
    --cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
    --cc=matthltc-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox