From: Pavel Emelyanov <xemul-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
To: Louis Rilling
<louis.rilling-aw0BnHfMbSpBDgjK7y7TUQ@public.gmane.org>,
"Eric W. Biederman"
<ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Cc: Linux Containers
<containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Andrew Morton
<akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>,
Oleg Nesterov <oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Pavel Emelyanov <xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
Subject: Re: [PATCH] procfs: Do not release pid_ns->proc_mnt too early
Date: Thu, 17 Jun 2010 13:53:39 +0400 [thread overview]
Message-ID: <4C19F0A3.2050707@parallels.com> (raw)
In-Reply-To: <1276706068-18567-1-git-send-email-louis.rilling-aw0BnHfMbSpBDgjK7y7TUQ@public.gmane.org>
On 06/16/2010 08:34 PM, Louis Rilling wrote:
> [ Resending, hopefully with all pieces ]
>
> Detached tasks are not seen by zap_pid_ns_processes()->sys_wait4(), so
> that release_task()->proc_flush_task() of container init can be called
> before it is for some detached tasks in the namespace.
>
> Pin proc_mnt's in copy_process(), so that proc_flush_task() becomes safe
> whatever the ordering of tasks.
See one comment below.
> Signed-off-by: Louis Rilling <louis.rilling-aw0BnHfMbSpBDgjK7y7TUQ@public.gmane.org>
> ---
> fs/proc/base.c | 18 ++++++++++++++++++
> include/linux/proc_fs.h | 4 ++++
> kernel/fork.c | 1 +
> 3 files changed, 23 insertions(+), 0 deletions(-)
>
> diff --git a/fs/proc/base.c b/fs/proc/base.c
> index acb7ef8..d6cdd91 100644
> --- a/fs/proc/base.c
> +++ b/fs/proc/base.c
> @@ -2663,6 +2663,23 @@ static const struct inode_operations proc_tgid_base_inode_operations = {
> .setattr = proc_setattr,
> };
>
> +/*
> + * Pin all proc_mnt so that detached tasks can safely call proc_flush_task()
> + * after container init calls itself proc_flush_task().
> + */
> +void proc_new_task(struct task_struct *task)
> +{
> + struct pid *pid;
> + int i;
> +
> + if (!task->pid)
> + return;
> +
> + pid = task_pid(task);
> + for (i = 0; i <= pid->level; i++)
> + mntget(pid->numbers[i].ns->proc_mnt);
NAK. Pids live their own lives - task can change one, pid will
become orphan and will be destroyed, so you'll leak.
There's another big problem with proc mount - you can umount proc
and the namespace will have a stale pointer.
I think we should have a kern_mount-ed proc at the namespace createi
> +}
> +
> static void proc_flush_task_mnt(struct vfsmount *mnt, pid_t pid, pid_t tgid)
> {
> struct dentry *dentry, *leader, *dir;
> @@ -2744,6 +2761,7 @@ void proc_flush_task(struct task_struct *task)
> upid = &pid->numbers[i];
> proc_flush_task_mnt(upid->ns->proc_mnt, upid->nr,
> tgid->numbers[i].nr);
> + mntput(upid->ns->proc_mnt);
> }
>
> upid = &pid->numbers[pid->level];
> diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h
> index 379eaed..f24faa1 100644
> --- a/include/linux/proc_fs.h
> +++ b/include/linux/proc_fs.h
> @@ -104,6 +104,7 @@ struct vmcore {
>
> extern void proc_root_init(void);
>
> +void proc_new_task(struct task_struct *task);
> void proc_flush_task(struct task_struct *task);
>
> extern struct proc_dir_entry *create_proc_entry(const char *name, mode_t mode,
> @@ -184,6 +185,9 @@ extern void dup_mm_exe_file(struct mm_struct *oldmm, struct mm_struct *newmm);
> #define proc_net_fops_create(net, name, mode, fops) ({ (void)(mode), NULL; })
> static inline void proc_net_remove(struct net *net, const char *name) {}
>
> +static inline void proc_new_task(struct task_struct *task)
> +{
> +}
> static inline void proc_flush_task(struct task_struct *task)
> {
> }
> diff --git a/kernel/fork.c b/kernel/fork.c
> index b6cce14..c6c2874 100644
> --- a/kernel/fork.c
> +++ b/kernel/fork.c
> @@ -1281,6 +1281,7 @@ static struct task_struct *copy_process(unsigned long clone_flags,
> total_forks++;
> spin_unlock(¤t->sighand->siglock);
> write_unlock_irq(&tasklist_lock);
> + proc_new_task(p);
> proc_fork_connector(p);
> cgroup_post_fork(p);
> perf_event_fork(p);
next prev parent reply other threads:[~2010-06-17 9:53 UTC|newest]
Thread overview: 84+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-06-16 16:34 [PATCH] procfs: Do not release pid_ns->proc_mnt too early Louis Rilling
[not found] ` <1276706068-18567-1-git-send-email-louis.rilling-aw0BnHfMbSpBDgjK7y7TUQ@public.gmane.org>
2010-06-17 9:53 ` Pavel Emelyanov [this message]
2010-06-17 13:41 ` Eric W. Biederman
2010-06-17 14:20 ` Louis Rilling
2010-06-17 21:36 ` Oleg Nesterov
2010-06-18 8:27 ` Louis Rilling
[not found] ` <20100618082738.GE16877-Hu8+6S1rdjywhHL9vcZdMVaTQe2KTcn/@public.gmane.org>
2010-06-18 16:27 ` Oleg Nesterov
[not found] ` <20100618162734.GB7404@redhat.com>
2010-06-21 11:11 ` Louis Rilling
2010-06-21 12:58 ` Eric W. Biederman
2010-06-21 14:15 ` Louis Rilling
2010-06-21 14:26 ` Eric W. Biederman
2010-06-17 21:20 ` Oleg Nesterov
2010-06-18 8:20 ` Louis Rilling
2010-06-18 11:15 ` Oleg Nesterov
2010-06-18 16:08 ` Oleg Nesterov
2010-06-18 17:33 ` Louis Rilling
2010-06-18 17:55 ` Oleg Nesterov
2010-06-18 21:23 ` Oleg Nesterov
2010-06-19 19:08 ` [PATCH 0/4] pid_ns_prepare_proc/unshare cleanups Oleg Nesterov
2010-06-19 19:09 ` [PATCH 1/4] procfs: proc_get_sb: consolidate/cleanup root_inode->pid logic Oleg Nesterov
2010-06-19 19:10 ` [PATCH 2/4] procfs: kill the global proc_mnt variable Oleg Nesterov
2010-06-19 19:10 ` [PATCH 3/4] procfs: move pid_ns_prepare_proc() from copy_process() to create_pid_namespace() Oleg Nesterov
2010-06-19 19:11 ` [PATCH RESEND 4/4] sys_unshare: simplify the not-really-implemented CLONE_THREAD/SIGHAND/VM code Oleg Nesterov
2010-06-20 8:42 ` [PATCH 0/6] Unshare support for the pid namespace Eric W. Biederman
2010-06-20 8:44 ` [PATCH 1/6] pid: Remove the child_reaper special case in init/main.c Eric W. Biederman
[not found] ` <m1ljaaqejm.fsf_-_-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2010-06-20 18:29 ` Oleg Nesterov
2010-06-20 20:27 ` Oleg Nesterov
2010-06-20 8:45 ` [PATCH 2/6] pidns: Call pid_ns_prepare_proc from create_pid_namespace Eric W. Biederman
[not found] ` <m1hbkyqeib.fsf_-_-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2010-06-20 18:19 ` Oleg Nesterov
2010-06-20 8:45 ` [PATCH 3/6] procfs: kill the global proc_mnt variable Eric W. Biederman
2010-06-20 8:47 ` [PATCH 4/6] pidns: Don't allow new pids after the namespace is dead Eric W. Biederman
2010-06-20 18:44 ` Oleg Nesterov
2010-06-20 8:48 ` [PATCH 5/6] pidns: Use task_active_pid_ns where appropriate Eric W. Biederman
2010-06-20 8:49 ` [PATCH 6/6] pidns: Support unsharing the pid namespace Eric W. Biederman
2010-06-20 20:14 ` Oleg Nesterov
2010-06-20 20:42 ` Oleg Nesterov
2010-06-21 1:53 ` Eric W. Biederman
2010-06-20 18:03 ` [PATCH 0/6] Unshare support for " Oleg Nesterov
2010-06-20 18:05 ` [PATCH 0/2] pid_ns_release_proc() fixes Oleg Nesterov
2010-06-20 18:06 ` [PATCH 1/2] pid_ns: move destroy_pid_namespace() into workqueue context Oleg Nesterov
2010-06-20 18:06 ` [PATCH 2/2] pid_ns: refactor the buggy pid_ns_release_proc() logic Oleg Nesterov
2010-06-20 21:00 ` [PATCH 0/6] Unshare support for the pid namespace Eric W. Biederman
2010-06-20 21:48 ` Oleg Nesterov
[not found] ` <m14ogxctd6.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2010-06-20 21:56 ` Oleg Nesterov
2011-01-26 15:57 ` Daniel Lezcano
2010-06-23 20:36 ` [PATCH 0/1] pid_ns: move pid_ns_release_proc() from proc_flush_task() to zap_pid_ns_processes() Oleg Nesterov
[not found] ` <20100623203652.GA25298-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2010-06-23 20:37 ` [PATCH 1/1] " Oleg Nesterov
2010-06-24 6:36 ` Sukadev Bhattiprolu
2010-06-24 12:59 ` Oleg Nesterov
2010-06-24 7:06 ` Eric W. Biederman
2010-06-24 13:01 ` Oleg Nesterov
2010-06-24 8:37 ` [PATCH] pid_ns: Fix proc_flush_task() accessing freed proc_mnt Louis Rilling
2010-06-24 17:08 ` [RESEND PATCH] " Louis Rilling
2010-06-24 19:18 ` Oleg Nesterov
2010-06-25 10:23 ` Louis Rilling
[not found] ` <20100625102303.GG3773-Hu8+6S1rdjywhHL9vcZdMVaTQe2KTcn/@public.gmane.org>
2010-06-25 12:21 ` Oleg Nesterov
2010-06-25 18:37 ` Sukadev Bhattiprolu
[not found] ` <20100625183733.GA2627@us.ibm.com>
2010-06-25 19:29 ` Oleg Nesterov
2010-06-25 21:26 ` Sukadev Bhattiprolu
2010-06-25 21:27 ` Oleg Nesterov
2010-06-25 22:07 ` Sukadev Bhattiprolu
2010-07-09 4:36 ` [RFC][PATCH 1/2] pidns: Add a flag to indicate a pid namespace is dead Eric W. Biederman
2010-07-09 4:39 ` [RFC][PATCH 2/2] pidns: Remove proc flush races when a pid namespaces are exiting Eric W. Biederman
2010-07-09 12:14 ` Louis Rilling
2010-07-09 13:05 ` Eric W. Biederman
2010-07-09 14:13 ` Louis Rilling
2010-07-09 15:58 ` [PATCH 01/24] pidns: Remove races by stopping the caching of proc_mnt Eric W. Biederman
2010-07-09 22:13 ` Serge E. Hallyn
2010-07-11 14:14 ` Louis Rilling
2010-07-11 14:25 ` Eric W. Biederman
2010-07-12 18:09 ` [PATCH] pidns: Fix wait for zombies to be reaped in zap_pid_ns_processes Eric W. Biederman
2010-07-13 21:42 ` Louis Rilling
[not found] ` <20100713214234.GA21042-Hu8+6S1rdjywhHL9vcZdMVaTQe2KTcn/@public.gmane.org>
2010-07-13 22:34 ` Serge E. Hallyn
2010-07-14 1:47 ` Eric W. Biederman
[not found] ` <m1oceakf5x.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2010-10-30 7:07 ` Sukadev Bhattiprolu
2010-07-14 20:53 ` Sukadev Bhattiprolu
2010-07-14 21:35 ` Eric W. Biederman
2010-06-21 11:09 ` [PATCH] procfs: Do not release pid_ns->proc_mnt too early Louis Rilling
2010-06-21 11:15 ` Louis Rilling
2010-06-21 14:38 ` Oleg Nesterov
-- strict thread matches above, loose matches on Subject: below --
2010-06-16 15:58 Louis Rilling
2010-06-16 16:04 ` Pavel Emelyanov
2010-06-16 16:15 ` Louis Rilling
2010-06-16 16:16 ` Louis Rilling
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C19F0A3.2050707@parallels.com \
--to=xemul-bzqdu9zft3wakbo8gow8eq@public.gmane.org \
--cc=akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=louis.rilling-aw0BnHfMbSpBDgjK7y7TUQ@public.gmane.org \
--cc=oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox