From: Dave Hansen <haveblue@us.ibm.com>
To: Arjan van de Ven <arjan@infradead.org>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
"SERGE E. HALLYN [imap]" <serue@us.ibm.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Hubertus Franke <frankeh@watson.ibm.com>,
Paul Jackson <pj@sgi.com>
Subject: Re: [RFC] [PATCH 00/13] Introduce task_pid api
Date: Wed, 07 Dec 2005 14:13:56 -0800 [thread overview]
Message-ID: <1133993636.30387.41.camel@localhost> (raw)
In-Reply-To: <1133982048.2869.60.camel@laptopd505.fenrus.org>
On Wed, 2005-12-07 at 20:00 +0100, Arjan van de Ven wrote:
> > So, like in the global pidspace (which can see all pids and appears to
> > applications to be just like normal) you end up returning "kernel" pids
> > to userspace. That didn't seem to make sense.
>
> hmm this is scary. If you don't have "unique" pids inside the kernel a
> lot of stuff will subtly break. DRM for example (which has the pid
> inside locking to track ownership and recursion), but I'm sure there's
> many many cases like that. I guess the address of the task struct is the
> ultimate unique pid in this sense.... but I suspect the way to get there
> is first make a ->user_pid field, and switch all userspace visible stuff
> to that, and then try to get rid of ->pid users one by one by
> eliminating their uses...
OK, what I'm talking about here is the way that it is done now with
existing code. It seems to work and make people happy, but it certainly
isn't the only possible way to do it. I'm very open to suggestions. :)
There really are two distinct pid spaces. Instead of vservers, we tend
to call the different partitioned areas containers.
Each container can only see processes in its own container. The
exception is the "global container", which has a view of all of the
system processes. Having the global container allows you to do things
like see all of the processes on the whole system with top.
So, the current tsk->pid is still unique. However, there is also a
tsk->virtual_pid (or some name) that is unique _inside_ of a container.
These two pids are completely unrelated. Having this virtualized pid
allows you to have the real tsk->pid change without userspace ever
knowing.
For example, that tsk->pid might change if you checkpointed a process,
it crashed, and you restarted it later from the checkpoint.
> but I'm really afraid that if you make the "fake" pid visible to normal
> kernel code, too much stuff will go bonkers and end up with an eternal
> stream of security hazards. "Magic" hurts here, and if you don't do
> magic I don't see a reason to add an abstraction which in itself doesn't
> mean anything or doesn't abstract anything....
99% of the time, the kernel can deal with the same old tsk->pid that
it's always dealt with. Generally, the only times the kernel has to
worry about the virtualized one is where (as Eric noted) it cross the
user<->kernel boundary.
-- Dave
next prev parent reply other threads:[~2005-12-07 22:14 UTC|newest]
Thread overview: 86+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-11-14 21:23 [RFC] [PATCH 00/13] Introduce task_pid api Serge E. Hallyn
2005-11-14 21:23 ` [RFC] [PATCH 01/13] Change pid accesses: drivers Serge E. Hallyn
2005-11-14 21:23 ` [RFC] [PATCH 02/13] Change pid accesses: most archs Serge E. Hallyn
2005-11-14 21:23 ` [RFC] [PATCH 03/13] Change pid accesses: filesystems Serge E. Hallyn
2005-11-14 21:23 ` [RFC] [PATCH 04/13] Change pid accesses: include/ Serge E. Hallyn
2005-11-14 21:23 ` [RFC] [PATCH 05/13] Change pid accesses: ipc Serge E. Hallyn
2005-11-14 21:23 ` [RFC] [PATCH 06/13] Change pid accesses: kernel/ Serge E. Hallyn
2005-11-14 21:23 ` [RFC] [PATCH 07/13] Change pid accesses: lib/ Serge E. Hallyn
2005-11-14 21:23 ` [RFC] [PATCH 08/13] Change pid accesses: mm/ Serge E. Hallyn
2005-11-14 21:23 ` [RFC] [PATCH 09/13] Change pid accesses: net/ Serge E. Hallyn
2005-11-14 21:23 ` [RFC] [PATCH 10/13] Change pid accesses: security/ Serge E. Hallyn
2005-11-14 21:23 ` [RFC] [PATCH 11/13] Change pid accesses: sound/ Serge E. Hallyn
2005-11-14 21:23 ` [RFC] [PATCH 12/13] Change pid accesses: ia64 and mips Serge E. Hallyn
2005-11-15 23:08 ` Keith Owens
2005-11-16 11:58 ` Serge E. Hallyn
2005-11-16 13:53 ` Serge E. Hallyn
2005-11-14 21:23 ` [RFC] [PATCH 13/13] Define new task_pid api Serge E. Hallyn
2005-11-14 23:36 ` [RFC] [PATCH 00/13] Introduce " Paul Jackson
2005-11-15 1:01 ` Serge E. Hallyn
2005-11-15 1:35 ` Paul Jackson
2005-11-15 1:51 ` Paul Jackson
2005-11-15 2:29 ` Serge E. Hallyn
2005-11-15 3:37 ` Paul Jackson
2005-11-15 5:15 ` Serge E. Hallyn
2005-11-15 6:35 ` Paul Jackson
2005-11-15 8:11 ` Serge E. Hallyn
2005-11-15 9:06 ` Paul Jackson
2005-11-15 10:07 ` Dave Hansen
2005-11-15 18:10 ` Paul Jackson
2005-11-15 11:59 ` Robin Holt
2005-11-15 13:32 ` Serge E. Hallyn
2005-11-15 14:37 ` Hubertus Franke
2005-11-15 18:39 ` Paul Jackson
2005-11-15 18:54 ` Hubertus Franke
2005-11-15 19:00 ` Serge E. Hallyn
2005-11-15 19:17 ` Hubertus Franke
2005-11-15 22:11 ` Paul Jackson
2005-11-15 23:15 ` Cedric Le Goater
2005-11-15 23:28 ` Paul Jackson
2005-11-15 16:47 ` Greg KH
2005-11-15 17:08 ` Serge E. Hallyn
2005-11-15 17:33 ` Dave Hansen
2005-11-15 5:51 ` Serge E. Hallyn
2005-11-13 15:22 ` Pavel Machek
2005-11-16 19:36 ` Kyle Moffett
2005-11-16 20:36 ` Pavel Machek
2005-11-16 20:48 ` Dave Hansen
2005-11-19 23:30 ` Pavel Machek
2005-11-20 22:38 ` Serge E. Hallyn
2005-12-07 14:53 ` Eric W. Biederman
2005-11-20 23:29 ` Nix
2005-11-16 21:07 ` Paul Jackson
2005-11-16 20:24 ` Dave Hansen
2005-11-15 13:34 ` Serge E. Hallyn
2005-11-15 11:17 ` Robin Holt
2005-11-15 12:01 ` Dave Hansen
2005-11-15 19:21 ` Ray Bryant
2005-11-15 19:41 ` Serge E. Hallyn
2005-11-15 20:30 ` Ray Bryant
2005-11-15 21:05 ` Serge E. Hallyn
2005-11-15 22:43 ` Paul Jackson
2005-11-15 22:55 ` Cedric Le Goater
2005-11-16 1:12 ` Paul Jackson
2005-12-07 14:46 ` Eric W. Biederman
2005-12-07 17:47 ` Dave Hansen
2005-12-07 17:55 ` Arjan van de Ven
2005-12-07 18:09 ` Dave Hansen
2005-12-07 19:00 ` Arjan van de Ven
2005-12-07 19:42 ` Eric W. Biederman
2005-12-07 22:13 ` Dave Hansen [this message]
2005-12-07 22:20 ` Arjan van de Ven
2005-12-12 10:55 ` Dave Airlie
2005-12-19 14:04 ` Eric W. Biederman
2005-12-07 19:19 ` Eric W. Biederman
2005-12-07 21:40 ` Dave Hansen
2005-12-07 22:17 ` Eric W. Biederman
2004-12-14 15:23 ` Pavel Machek
2005-12-14 13:40 ` Arjan van de Ven
2005-12-14 16:29 ` Serge E. Hallyn
2005-12-07 22:31 ` Dave Hansen
2005-12-07 22:51 ` Eric W. Biederman
2005-12-08 5:42 ` Jeff Dike
2005-12-08 10:09 ` Andi Kleen
2005-12-07 22:17 ` Cedric Le Goater
-- strict thread matches above, loose matches on Subject: below --
2005-11-16 2:24 Hua Zhong (hzhong)
2005-11-16 17:52 ` Bernard Blackham
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1133993636.30387.41.camel@localhost \
--to=haveblue@us.ibm.com \
--cc=arjan@infradead.org \
--cc=ebiederm@xmission.com \
--cc=frankeh@watson.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=pj@sgi.com \
--cc=serue@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox