From: Oleg Nesterov <oleg@redhat.com>
To: Pavel Emelyanov <xemul@parallels.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Cyrill Gorcunov <gorcunov@openvz.org>,
Glauber Costa <glommer@parallels.com>,
Nathan Lynch <ntl@pobox.com>, Tejun Heo <tj@kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Serge Hallyn <serue@us.ibm.com>,
Daniel Lezcano <dlezcano@fr.ibm.com>
Subject: Re: [PATCH 3/3] pids: Make it possible to clone tasks with given pids
Date: Thu, 10 Nov 2011 19:56:03 +0100 [thread overview]
Message-ID: <20111110185603.GA1757@redhat.com> (raw)
In-Reply-To: <20111110184654.GA1006@redhat.com>
forgot to mention...
On 11/10, Oleg Nesterov wrote:
>
> On 11/10, Pavel Emelyanov wrote:
> >
> > The child_tidptr points to an array of pids for current namespace and
> > its ancestors. When 0 is met in this array the pid number for the
> > corresponding namespace is generated, rather than set.
>
> I must have missed something, but I can't unserstand how this works.
>
> > For security reasons after a regular clone/fork is done in a namespace
> > further cloning with predefined pid is not allowed.
>
> I guess, this is pid_ns->last_pid != 0 check in set_pidmap(), right ?
>
> > +static int set_pidmap(struct pid_namespace *pid_ns, int pid)
> > +{
> > + int offset;
> > + struct pidmap *map;
> > +
> > + offset = pid & BITS_PER_PAGE_MASK;
> > + map = &pid_ns->pidmap[pid/BITS_PER_PAGE];
> > +
> > + if (unlikely(!map->page))
> > + if (alloc_pidmap_page(map))
> > + return -ENOMEM;
> > +
> > + if (pid_ns->last_pid != 0)
> > + return -EPERM;
>
> OK, but it should be always true, no? IOW, set_pidmap() should always
> fail?
>
> Unless: you are using CLONE_NEWPID along with CLONE_CHILD_USEPIDS and
> this child_tidptr array has only one pid (before zero pid).
And, if you do clone(CLONE_NEWPID | CLONE_CHILD_USEPIDS), then
new_ns->child_reaper == NULL (unless you pass "1" in child_tidptr[]) ?
> So, could you please explain what I have missed?
please ;) I guess I misread this patch completely. Help!
Oleg.
next prev parent reply other threads:[~2011-11-10 19:00 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-11-10 17:15 [PATCH 0/3] Introduce the cloning with pids functionality Pavel Emelyanov
2011-11-10 17:15 ` [PATCH 1/3] pids: Make alloc_pid return error Pavel Emelyanov
2011-11-10 18:00 ` Oleg Nesterov
2011-11-11 10:02 ` Pavel Emelyanov
2011-11-10 17:15 ` [PATCH 2/3] pids: Split alloc_pidmap into parts Pavel Emelyanov
2011-11-10 18:12 ` Oleg Nesterov
2011-11-10 17:16 ` [PATCH 3/3] pids: Make it possible to clone tasks with given pids Pavel Emelyanov
2011-11-10 17:30 ` Tejun Heo
2011-11-10 17:36 ` Pavel Emelyanov
2011-11-10 17:45 ` Tejun Heo
2011-11-11 10:04 ` Pavel Emelyanov
2011-11-10 18:46 ` Oleg Nesterov
2011-11-10 18:56 ` Oleg Nesterov [this message]
2011-11-11 10:11 ` Pavel Emelyanov
2011-11-11 15:25 ` Oleg Nesterov
2011-11-11 15:58 ` Pavel Emelyanov
2011-11-11 16:06 ` Tejun Heo
2011-11-11 16:10 ` Tejun Heo
2011-11-11 16:18 ` Pavel Emelyanov
2011-11-11 16:22 ` Tejun Heo
2011-11-11 16:49 ` Pavel Emelyanov
2011-11-11 17:02 ` Tejun Heo
2011-11-11 17:13 ` Pavel Emelyanov
2011-11-13 19:28 ` Oleg Nesterov
2011-11-14 10:28 ` Pavel Emelyanov
2011-11-11 16:17 ` Pavel Emelyanov
2011-11-11 16:48 ` Oleg Nesterov
2011-11-11 16:39 ` Oleg Nesterov
2011-11-11 16:55 ` Pavel Emelyanov
2011-11-13 18:59 ` Oleg Nesterov
-- strict thread matches above, loose matches on Subject: below --
2011-11-17 11:41 [RFC][PATCH 0/3] fork: Add the ability to create " Pavel Emelyanov
2011-11-17 11:43 ` [PATCH 3/3] pids: Make it possible to clone " Pavel Emelyanov
2011-11-17 15:32 ` Oleg Nesterov
2011-11-17 15:49 ` Pavel Emelyanov
2011-11-17 16:00 ` Oleg Nesterov
2011-11-17 17:28 ` Linus Torvalds
2011-11-17 19:04 ` Oleg Nesterov
2011-11-17 18:36 ` Oleg Nesterov
2011-11-18 10:05 ` Pavel Emelyanov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20111110185603.GA1757@redhat.com \
--to=oleg@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=dlezcano@fr.ibm.com \
--cc=glommer@parallels.com \
--cc=gorcunov@openvz.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ntl@pobox.com \
--cc=serue@us.ibm.com \
--cc=tj@kernel.org \
--cc=xemul@parallels.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).