[PATCH] /proc/pid/status: show all sets of pid according to ns

[PATCH] /proc/pid/status: show all sets of pid according to ns

[Chen Hanxiao]

We need a direct method of getting the pid inside containers.
If some issues occurred inside a container guest, host user
could not know which process is in trouble just by guest pid:
the users of container guest only knew the pid inside containers.
This will bring obstacle for trouble shooting.

This patch expands fields of Tgid and Pid:
a) In init_pid_ns, nothing changed;

b) In one pidns, they will tell the pid inside containers:
Tgid:	1628 	9 	3
Pid:	1628 	9 	3
** process id is 1628 in level 0, 9 in level 1, 3 in level 2.

c) If pidns is nested, it depends on which pidns are you in.
Tgid:	9 	3
Pid:	9 	3
** Views from level 1 for Pid 1628 in host.

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
---
 fs/proc/array.c | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/fs/proc/array.c b/fs/proc/array.c
index 64db2bc..eef20dd 100644
--- a/fs/proc/array.c
+++ b/fs/proc/array.c
@@ -173,17 +173,23 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns,
 	cred = get_task_cred(p);
 	seq_printf(m,
 		"State:\t%s\n"
-		"Tgid:\t%d\n"
-		"Ngid:\t%d\n"
-		"Pid:\t%d\n"
+		"Ngid:\t%d\n",
+		get_task_state(p),
+		task_numa_group_id(p));
+	seq_puts(m, "Tgid:");
+	for (g = ns->level; g <= pid->level; g++)
+		seq_printf(m, "\t%d ",
+		task_tgid_nr_ns(p, pid->numbers[g].ns));
+	seq_puts(m, "\nPid:");
+	for (g = ns->level; g <= pid->level; g++)
+		seq_printf(m, "\t%d ",
+		task_pid_nr_ns(p, pid->numbers[g].ns));
+	seq_putc(m, '\n');
+	seq_printf(m,
 		"PPid:\t%d\n"
 		"TracerPid:\t%d\n"
 		"Uid:\t%d\t%d\t%d\t%d\n"
 		"Gid:\t%d\t%d\t%d\t%d\n",
-		get_task_state(p),
-		task_tgid_nr_ns(p, ns),
-		task_numa_group_id(p),
-		pid_nr_ns(pid, ns),
 		ppid, tpid,
 		from_kuid_munged(user_ns, cred->uid),
 		from_kuid_munged(user_ns, cred->euid),
-- 
1.9.0

Re: [PATCH] /proc/pid/status: show all sets of pid according to ns

[Richard Weinberger]

On Mon, May 26, 2014 at 12:05 PM, Chen Hanxiao
<chenhanxiao@cn.fujitsu.com> wrote:
> We need a direct method of getting the pid inside containers.
> If some issues occurred inside a container guest, host user
> could not know which process is in trouble just by guest pid:
> the users of container guest only knew the pid inside containers.
> This will bring obstacle for trouble shooting.
>
> This patch expands fields of Tgid and Pid:
> a) In init_pid_ns, nothing changed;
>
> b) In one pidns, they will tell the pid inside containers:
> Tgid:   1628    9       3
> Pid:    1628    9       3
> ** process id is 1628 in level 0, 9 in level 1, 3 in level 2.
>
> c) If pidns is nested, it depends on which pidns are you in.
> Tgid:   9       3
> Pid:    9       3
> ** Views from level 1 for Pid 1628 in host.
>
> Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
> ---
>  fs/proc/array.c | 20 +++++++++++++-------
>  1 file changed, 13 insertions(+), 7 deletions(-)
>
> diff --git a/fs/proc/array.c b/fs/proc/array.c
> index 64db2bc..eef20dd 100644
> --- a/fs/proc/array.c
> +++ b/fs/proc/array.c
> @@ -173,17 +173,23 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns,
>         cred = get_task_cred(p);
>         seq_printf(m,
>                 "State:\t%s\n"
> -               "Tgid:\t%d\n"
> -               "Ngid:\t%d\n"
> -               "Pid:\t%d\n"
> +               "Ngid:\t%d\n",

You're changing the ordering of Tgid and Ngid here.

> +               get_task_state(p),
> +               task_numa_group_id(p));
> +       seq_puts(m, "Tgid:");
> +       for (g = ns->level; g <= pid->level; g++)
> +               seq_printf(m, "\t%d ",
> +               task_tgid_nr_ns(p, pid->numbers[g].ns));

I like the idea but IMHO we should keep Tgid and Pid as is and better
add two new fields to /proc/pid/status.
What about NSpid and NSgid?

> +       seq_puts(m, "\nPid:");
> +       for (g = ns->level; g <= pid->level; g++)
> +               seq_printf(m, "\t%d ",
> +               task_pid_nr_ns(p, pid->numbers[g].ns));
> +       seq_putc(m, '\n');
> +       seq_printf(m,
>                 "PPid:\t%d\n"
>                 "TracerPid:\t%d\n"
>                 "Uid:\t%d\t%d\t%d\t%d\n"
>                 "Gid:\t%d\t%d\t%d\t%d\n",
> -               get_task_state(p),
> -               task_tgid_nr_ns(p, ns),
> -               task_numa_group_id(p),
> -               pid_nr_ns(pid, ns),
>                 ppid, tpid,
>                 from_kuid_munged(user_ns, cred->uid),
>                 from_kuid_munged(user_ns, cred->euid),
> --
> 1.9.0
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/



-- 
Thanks,
//richard

Re: [PATCH] /proc/pid/status: show all sets of pid according to ns

[Vasily Kulikov]

Hi Chen,

On Mon, May 26, 2014 at 18:05 +0800, Chen Hanxiao wrote:
> We need a direct method of getting the pid inside containers.
> If some issues occurred inside a container guest, host user
> could not know which process is in trouble just by guest pid:
> the users of container guest only knew the pid inside containers.
> This will bring obstacle for trouble shooting.
> 
> This patch expands fields of Tgid and Pid:
> a) In init_pid_ns, nothing changed;
> 
> b) In one pidns, they will tell the pid inside containers:
> Tgid:	1628 	9 	3
> Pid:	1628 	9 	3
> ** process id is 1628 in level 0, 9 in level 1, 3 in level 2.

1. It breaks ABI.  Any application which does something like "grep pid: | cut -d: -f2"
is now broken by the patch.  Maybe add a new field like 'Pid-ns', 'PidNS',
or 'Pids' and leave the old one for compatibility?

2. Is it OK to show internal pids to unprivileged processes?  I cannot
see anything obviously dangerous with it, though.

> c) If pidns is nested, it depends on which pidns are you in.
> Tgid:	9 	3
> Pid:	9 	3
> ** Views from level 1 for Pid 1628 in host.

-- 
Vasily

RE: [PATCH] /proc/pid/status: show all sets of pid according to ns

[chenhanxiao]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset="utf-8", Size: 3773 bytes --]



> -----Original Message-----
> From: Richard Weinberger [mailto:richard.weinberger@gmail.com]
> Sent: Monday, May 26, 2014 7:10 PM
> To: Chen, Hanxiao/陈 晗霄
> Cc: Linux Containers; LKML; Andrew Morton; Eric W. Biederman; Serge Hallyn;
> Daniel P. Berrange; Oleg Nesterov; Al Viro; David Howells
> Subject: Re: [PATCH] /proc/pid/status: show all sets of pid according to ns
> 
> On Mon, May 26, 2014 at 12:05 PM, Chen Hanxiao
> <chenhanxiao@cn.fujitsu.com> wrote:
> > We need a direct method of getting the pid inside containers.
> > If some issues occurred inside a container guest, host user
> > could not know which process is in trouble just by guest pid:
> > the users of container guest only knew the pid inside containers.
> > This will bring obstacle for trouble shooting.
> >
> > This patch expands fields of Tgid and Pid:
> > a) In init_pid_ns, nothing changed;
> >
> > b) In one pidns, they will tell the pid inside containers:
> > Tgid:   1628    9       3
> > Pid:    1628    9       3
> > ** process id is 1628 in level 0, 9 in level 1, 3 in level 2.
> >
> > c) If pidns is nested, it depends on which pidns are you in.
> > Tgid:   9       3
> > Pid:    9       3
> > ** Views from level 1 for Pid 1628 in host.
> >
> > Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
> > ---
> >  fs/proc/array.c | 20 +++++++++++++-------
> >  1 file changed, 13 insertions(+), 7 deletions(-)
> >
> > diff --git a/fs/proc/array.c b/fs/proc/array.c
> > index 64db2bc..eef20dd 100644
> > --- a/fs/proc/array.c
> > +++ b/fs/proc/array.c
> > @@ -173,17 +173,23 @@ static inline void task_state(struct seq_file *m, struct
> pid_namespace *ns,
> >         cred = get_task_cred(p);
> >         seq_printf(m,
> >                 "State:\t%s\n"
> > -               "Tgid:\t%d\n"
> > -               "Ngid:\t%d\n"
> > -               "Pid:\t%d\n"
> > +               "Ngid:\t%d\n",
> 
> You're changing the ordering of Tgid and Ngid here.

I just want to put Tgid and Pid together, for showing all sets of pids of them. 

> 
> > +               get_task_state(p),
> > +               task_numa_group_id(p));
> > +       seq_puts(m, "Tgid:");
> > +       for (g = ns->level; g <= pid->level; g++)
> > +               seq_printf(m, "\t%d ",
> > +               task_tgid_nr_ns(p, pid->numbers[g].ns));
> 
> I like the idea but IMHO we should keep Tgid and Pid as is and better
> add two new fields to /proc/pid/status.
> What about NSpid and NSgid?
> 

That's a good idea.
As Vasily's comments,
keeping Pid unchanged would be better for backward compatibility.

> > +       seq_puts(m, "\nPid:");
> > +       for (g = ns->level; g <= pid->level; g++)
> > +               seq_printf(m, "\t%d ",
> > +               task_pid_nr_ns(p, pid->numbers[g].ns));
> > +       seq_putc(m, '\n');
> > +       seq_printf(m,
> >                 "PPid:\t%d\n"
> >                 "TracerPid:\t%d\n"
> >                 "Uid:\t%d\t%d\t%d\t%d\n"
> >                 "Gid:\t%d\t%d\t%d\t%d\n",
> > -               get_task_state(p),
> > -               task_tgid_nr_ns(p, ns),
> > -               task_numa_group_id(p),
> > -               pid_nr_ns(pid, ns),
> >                 ppid, tpid,
> >                 from_kuid_munged(user_ns, cred->uid),
> >                 from_kuid_munged(user_ns, cred->euid),
> > --
> > 1.9.0
> >
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at  http://vger.kernel.org/majordomo-info.html
> > Please read the FAQ at  http://www.tux.org/lkml/
> 
> 
> 
> --
> Thanks,
> //richard
ÿôèº{.nÇ+‰·Ÿ®‰­†+%ŠËÿ±éݶ\x17¥Šwÿº{.nÇ+‰·¥Š{±þG«éÿŠ{ayº\x1dʇڙë,j\a­¢f£¢·hšïêÿ‘êçz_è®\x03(­éšŽŠÝ¢j"ú\x1a¶^[m§ÿÿ¾\a«þG«éÿ¢¸?™¨è­Ú&£ø§~á¶iO•æ¬z·švØ^\x14\x04\x1a¶^[m§ÿÿÃ\fÿ¶ìÿ¢¸?–I¥

RE: [PATCH] /proc/pid/status: show all sets of pid according to ns

[chenhanxiao]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset="gb2312", Size: 1897 bytes --]

Hi Vasily,

> -----Original Message-----
> From: Vasily Kulikov [mailto:segooon@gmail.com]
> Sent: Tuesday, May 27, 2014 2:05 AM
> To: Chen, Hanxiao/³Â êÏÏö
> Cc: containers@lists.linux-foundation.org; linux-kernel@vger.kernel.org; Serge
> Hallyn; Oleg Nesterov; David Howells; Eric W. Biederman; Andrew Morton; Al Viro
> Subject: Re: [PATCH] /proc/pid/status: show all sets of pid according to ns
> 
> Hi Chen,
> 
> On Mon, May 26, 2014 at 18:05 +0800, Chen Hanxiao wrote:
> > We need a direct method of getting the pid inside containers.
> > If some issues occurred inside a container guest, host user
> > could not know which process is in trouble just by guest pid:
> > the users of container guest only knew the pid inside containers.
> > This will bring obstacle for trouble shooting.
> >
> > This patch expands fields of Tgid and Pid:
> > a) In init_pid_ns, nothing changed;
> >
> > b) In one pidns, they will tell the pid inside containers:
> > Tgid:	1628 	9 	3
> > Pid:	1628 	9 	3
> > ** process id is 1628 in level 0, 9 in level 1, 3 in level 2.
> 
> 1. It breaks ABI.  Any application which does something like "grep pid: | cut -d:
> -f2"
> is now broken by the patch.  Maybe add a new field like 'Pid-ns', 'PidNS',
> or 'Pids' and leave the old one for compatibility?
> 

Thanks for your comments.
Adding a new field could solve backward compatibility issue.

> 2. Is it OK to show internal pids to unprivileged processes?  I cannot
> see anything obviously dangerous with it, though.
> 

I thinks just 'showing' them would not bring some troubles.

> > c) If pidns is nested, it depends on which pidns are you in.
> > Tgid:	9 	3
> > Pid:	9 	3
> > ** Views from level 1 for Pid 1628 in host.
> 
> --
> Vasily

Thanks,
- Chen
ÿôèº{.nÇ+‰·Ÿ®‰­†+%ŠËÿ±éݶ\x17¥Šwÿº{.nÇ+‰·¥Š{±þG«éÿŠ{ayº\x1dʇڙë,j\a­¢f£¢·hšïêÿ‘êçz_è®\x03(­éšŽŠÝ¢j"ú\x1a¶^[m§ÿÿ¾\a«þG«éÿ¢¸?™¨è­Ú&£ø§~á¶iO•æ¬z·švØ^\x14\x04\x1a¶^[m§ÿÿÃ\fÿ¶ìÿ¢¸?–I¥