From: ebiederm@xmission.com (Eric W. Biederman)
To: Oleg Nesterov <oleg@redhat.com>
Cc: Pavel Emelyanov <xemul@openvz.org>,
Andrew Morton <akpm@linux-foundation.org>,
Linux Containers <containers@lists.osdl.org>,
linux-kernel@vger.kernel.org,
Louis Rilling <Louis.Rilling@kerlabs.com>,
Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
Subject: [RFC][PATCH 1/2] pidns: Add a flag to indicate a pid namespace is dead.
Date: Thu, 08 Jul 2010 21:36:32 -0700 [thread overview]
Message-ID: <m1r5jd5l0v.fsf_-_@fess.ebiederm.org> (raw)
In-Reply-To: <20100625220713.GA31123@us.ibm.com> (Sukadev Bhattiprolu's message of "Fri\, 25 Jun 2010 15\:07\:13 -0700")
Currently we have some subtle races when a pid namespace
exits and we need a simple way of close those races.
To close those races in a simple way I introduce an atomic
flag PIDNS_DEAD that we can teest to see if a pid namespace
has died.
When PIDNS_DEAD is set for a pid namespace all attempts to
lookup or add a pid to the pid namespace will fail.
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
---
include/linux/pid_namespace.h | 7 +++++++
kernel/fork.c | 3 ++-
kernel/pid.c | 7 +++++++
kernel/pid_namespace.c | 1 +
4 files changed, 17 insertions(+), 1 deletions(-)
diff --git a/include/linux/pid_namespace.h b/include/linux/pid_namespace.h
index 38d1032..dcee0b3 100644
--- a/include/linux/pid_namespace.h
+++ b/include/linux/pid_namespace.h
@@ -16,10 +16,17 @@ struct pidmap {
struct bsd_acct_struct;
+enum pidns_flags {
+ PIDNS_DEAD, /* When set do not allow lookups of pids in the pid namespace,
+ * or adding new pids to the pid namespace.
+ */
+};
+
struct pid_namespace {
struct kref kref;
struct pidmap pidmap[PIDMAP_ENTRIES];
int last_pid;
+ unsigned long flags;
struct task_struct *child_reaper;
struct kmem_cache *pid_cachep;
unsigned int level;
diff --git a/kernel/fork.c b/kernel/fork.c
index f36585c..9818b20 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1237,7 +1237,8 @@ static struct task_struct *copy_process(unsigned long clone_flags,
* thread can't slip out of an OOM kill (or normal SIGKILL).
*/
recalc_sigpending();
- if (signal_pending(current)) {
+ if (signal_pending(current) ||
+ test_bit(PIDNS_DEAD, &p->nsproxy->pid_ns->flags)) {
spin_unlock(¤t->sighand->siglock);
write_unlock_irq(&tasklist_lock);
retval = -ERESTARTNOINTR;
diff --git a/kernel/pid.c b/kernel/pid.c
index e9fd8c1..1a921c7 100644
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@ -248,6 +248,10 @@ struct pid *alloc_pid(struct pid_namespace *ns)
struct pid_namespace *tmp;
struct upid *upid;
+ pid = NULL;
+ if (test_bit(PIDNS_DEAD, &ns->flags))
+ goto out;
+
pid = kmem_cache_alloc(ns->pid_cachep, GFP_KERNEL);
if (!pid)
goto out;
@@ -293,6 +297,9 @@ struct pid *find_pid_ns(int nr, struct pid_namespace *ns)
struct hlist_node *elem;
struct upid *pnr;
+ if (test_bit(PIDNS_DEAD, &ns->flags))
+ return NULL;
+
hlist_for_each_entry_rcu(pnr, elem,
&pid_hash[pid_hashfn(nr, ns)], pid_chain)
if (pnr->nr == nr && pnr->ns == ns)
diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c
index cf8a562..92032d1 100644
--- a/kernel/pid_namespace.c
+++ b/kernel/pid_namespace.c
@@ -181,6 +181,7 @@ void zap_pid_ns_processes(struct pid_namespace *pid_ns)
nr = next_pidmap(pid_ns, nr);
}
+ set_bit(PIDNS_DEAD, &pid_ns->flags);
read_unlock(&tasklist_lock);
do {
--
1.6.5.2.143.g8cc62
next prev parent reply other threads:[~2010-07-09 4:36 UTC|newest]
Thread overview: 80+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-06-16 16:34 [PATCH] procfs: Do not release pid_ns->proc_mnt too early Louis Rilling
[not found] ` <1276706068-18567-1-git-send-email-louis.rilling-aw0BnHfMbSpBDgjK7y7TUQ@public.gmane.org>
2010-06-17 9:53 ` Pavel Emelyanov
2010-06-17 13:41 ` Eric W. Biederman
2010-06-17 14:20 ` Louis Rilling
2010-06-17 21:36 ` Oleg Nesterov
2010-06-18 8:27 ` Louis Rilling
[not found] ` <20100618082738.GE16877-Hu8+6S1rdjywhHL9vcZdMVaTQe2KTcn/@public.gmane.org>
2010-06-18 16:27 ` Oleg Nesterov
[not found] ` <20100618162734.GB7404@redhat.com>
2010-06-21 11:11 ` Louis Rilling
2010-06-21 12:58 ` Eric W. Biederman
2010-06-21 14:15 ` Louis Rilling
2010-06-21 14:26 ` Eric W. Biederman
2010-06-17 21:20 ` Oleg Nesterov
2010-06-18 8:20 ` Louis Rilling
2010-06-18 11:15 ` Oleg Nesterov
2010-06-18 16:08 ` Oleg Nesterov
2010-06-18 17:33 ` Louis Rilling
2010-06-18 17:55 ` Oleg Nesterov
2010-06-18 21:23 ` Oleg Nesterov
2010-06-19 19:08 ` [PATCH 0/4] pid_ns_prepare_proc/unshare cleanups Oleg Nesterov
2010-06-19 19:09 ` [PATCH 1/4] procfs: proc_get_sb: consolidate/cleanup root_inode->pid logic Oleg Nesterov
2010-06-19 19:10 ` [PATCH 2/4] procfs: kill the global proc_mnt variable Oleg Nesterov
2010-06-19 19:10 ` [PATCH 3/4] procfs: move pid_ns_prepare_proc() from copy_process() to create_pid_namespace() Oleg Nesterov
2010-06-19 19:11 ` [PATCH RESEND 4/4] sys_unshare: simplify the not-really-implemented CLONE_THREAD/SIGHAND/VM code Oleg Nesterov
2010-06-20 8:42 ` [PATCH 0/6] Unshare support for the pid namespace Eric W. Biederman
2010-06-20 8:44 ` [PATCH 1/6] pid: Remove the child_reaper special case in init/main.c Eric W. Biederman
[not found] ` <m1ljaaqejm.fsf_-_-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2010-06-20 18:29 ` Oleg Nesterov
2010-06-20 20:27 ` Oleg Nesterov
2010-06-20 8:45 ` [PATCH 2/6] pidns: Call pid_ns_prepare_proc from create_pid_namespace Eric W. Biederman
[not found] ` <m1hbkyqeib.fsf_-_-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2010-06-20 18:19 ` Oleg Nesterov
2010-06-20 8:45 ` [PATCH 3/6] procfs: kill the global proc_mnt variable Eric W. Biederman
2010-06-20 8:47 ` [PATCH 4/6] pidns: Don't allow new pids after the namespace is dead Eric W. Biederman
2010-06-20 18:44 ` Oleg Nesterov
2010-06-20 8:48 ` [PATCH 5/6] pidns: Use task_active_pid_ns where appropriate Eric W. Biederman
2010-06-20 8:49 ` [PATCH 6/6] pidns: Support unsharing the pid namespace Eric W. Biederman
2010-06-20 20:14 ` Oleg Nesterov
2010-06-20 20:42 ` Oleg Nesterov
2010-06-21 1:53 ` Eric W. Biederman
2010-06-20 18:03 ` [PATCH 0/6] Unshare support for " Oleg Nesterov
2010-06-20 18:05 ` [PATCH 0/2] pid_ns_release_proc() fixes Oleg Nesterov
2010-06-20 18:06 ` [PATCH 1/2] pid_ns: move destroy_pid_namespace() into workqueue context Oleg Nesterov
2010-06-20 18:06 ` [PATCH 2/2] pid_ns: refactor the buggy pid_ns_release_proc() logic Oleg Nesterov
2010-06-20 21:00 ` [PATCH 0/6] Unshare support for the pid namespace Eric W. Biederman
2010-06-20 21:48 ` Oleg Nesterov
[not found] ` <m14ogxctd6.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2010-06-20 21:56 ` Oleg Nesterov
2011-01-26 15:57 ` Daniel Lezcano
2010-06-23 20:36 ` [PATCH 0/1] pid_ns: move pid_ns_release_proc() from proc_flush_task() to zap_pid_ns_processes() Oleg Nesterov
[not found] ` <20100623203652.GA25298-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2010-06-23 20:37 ` [PATCH 1/1] " Oleg Nesterov
2010-06-24 6:36 ` Sukadev Bhattiprolu
2010-06-24 12:59 ` Oleg Nesterov
2010-06-24 7:06 ` Eric W. Biederman
2010-06-24 13:01 ` Oleg Nesterov
2010-06-24 8:37 ` [PATCH] pid_ns: Fix proc_flush_task() accessing freed proc_mnt Louis Rilling
2010-06-24 17:08 ` [RESEND PATCH] " Louis Rilling
2010-06-24 19:18 ` Oleg Nesterov
2010-06-25 10:23 ` Louis Rilling
[not found] ` <20100625102303.GG3773-Hu8+6S1rdjywhHL9vcZdMVaTQe2KTcn/@public.gmane.org>
2010-06-25 12:21 ` Oleg Nesterov
2010-06-25 18:37 ` Sukadev Bhattiprolu
[not found] ` <20100625183733.GA2627@us.ibm.com>
2010-06-25 19:29 ` Oleg Nesterov
2010-06-25 21:26 ` Sukadev Bhattiprolu
2010-06-25 21:27 ` Oleg Nesterov
2010-06-25 22:07 ` Sukadev Bhattiprolu
2010-07-09 4:36 ` Eric W. Biederman [this message]
2010-07-09 4:39 ` [RFC][PATCH 2/2] pidns: Remove proc flush races when a pid namespaces are exiting Eric W. Biederman
2010-07-09 12:14 ` Louis Rilling
2010-07-09 13:05 ` Eric W. Biederman
2010-07-09 14:13 ` Louis Rilling
2010-07-09 15:58 ` [PATCH 01/24] pidns: Remove races by stopping the caching of proc_mnt Eric W. Biederman
2010-07-09 22:13 ` Serge E. Hallyn
2010-07-11 14:14 ` Louis Rilling
2010-07-11 14:25 ` Eric W. Biederman
2010-07-12 18:09 ` [PATCH] pidns: Fix wait for zombies to be reaped in zap_pid_ns_processes Eric W. Biederman
2010-07-13 21:42 ` Louis Rilling
[not found] ` <20100713214234.GA21042-Hu8+6S1rdjywhHL9vcZdMVaTQe2KTcn/@public.gmane.org>
2010-07-13 22:34 ` Serge E. Hallyn
2010-07-14 1:47 ` Eric W. Biederman
[not found] ` <m1oceakf5x.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2010-10-30 7:07 ` Sukadev Bhattiprolu
2010-07-14 20:53 ` Sukadev Bhattiprolu
2010-07-14 21:35 ` Eric W. Biederman
2010-06-21 11:09 ` [PATCH] procfs: Do not release pid_ns->proc_mnt too early Louis Rilling
2010-06-21 11:15 ` Louis Rilling
2010-06-21 14:38 ` Oleg Nesterov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m1r5jd5l0v.fsf_-_@fess.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=Louis.Rilling@kerlabs.com \
--cc=akpm@linux-foundation.org \
--cc=containers@lists.osdl.org \
--cc=linux-kernel@vger.kernel.org \
--cc=oleg@redhat.com \
--cc=sukadev@linux.vnet.ibm.com \
--cc=xemul@openvz.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox