From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S939466AbdD1JS4 (ORCPT ); Fri, 28 Apr 2017 05:18:56 -0400 Received: from mail-eopbgr30122.outbound.protection.outlook.com ([40.107.3.122]:61344 "EHLO EUR03-AM5-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S937450AbdD1JSM (ORCPT ); Fri, 28 Apr 2017 05:18:12 -0400 Authentication-Results: chromium.org; dkim=none (message not signed) header.d=none;chromium.org; dmarc=none action=none header.from=virtuozzo.com; Subject: Re: [PATCH 2/2] pid_ns: Introduce ioctl to set vector of ns_last_pid's on ns hierarhy To: Oleg Nesterov References: <149245014695.17600.12640895883798122726.stgit@localhost.localdomain> <149245057248.17600.1341652606136269734.stgit@localhost.localdomain> <20170426155352.GA12131@redhat.com> <785e1986-da03-72aa-06c0-234ed2dbc0fd@virtuozzo.com> <20170427161255.GA19350@redhat.com> <20170427162254.GB19579@redhat.com> CC: , , , , , , , , , , , , , , From: Kirill Tkhai Message-ID: <43249645-f621-511e-dfa8-7bd78c547d2c@virtuozzo.com> Date: Fri, 28 Apr 2017 12:17:52 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <20170427162254.GB19579@redhat.com> Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: 7bit X-Originating-IP: [195.214.232.6] X-ClientProxiedBy: HE1PR0601CA0038.eurprd06.prod.outlook.com (2a01:111:e400:c513::48) To AM4PR0802MB2273.eurprd08.prod.outlook.com (2603:10a6:200:5e::23) X-MS-Office365-Filtering-Correlation-Id: 8146d224-8c4f-49d7-13dc-08d48e177451 X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(201703131423075)(201703031133081);SRVR:AM4PR0802MB2273; X-Microsoft-Exchange-Diagnostics: 1;AM4PR0802MB2273;3:JXX0H0LPDZA0ZSe8PLad3VmpwuDv951TFzVKY2JaECGKux7HDDKqNT5l7pMOdK5QSOjK11NUEofcbGRHsV1v88aoeb7jbWdKS4ox0lOuz/jeI1KnHnVYnM5d4VCw/BV+w9pa6Zd7GycUzatOXoY1XIy/OTDMKJYjcXTTjCc55T5HfiPNQ5UfGYuaJ17Gm9RDLlkbGOgwA5b3uFlIiXenvFiUT2J1bNPzD4kzNI5fhTzxW+P6bUgV/hm8WFgM/KwfNXSH5ZrczUDV2ca4NyPYIqLH4Fgf67r9OVINu4XzbKhdZmASeuLeWJwwJBzcX6WcoL0c4bduAdBQGOzxtLw1QQ==;25:txOoSJQX1Xsn21qX3ZzDa0Af18NPGNxyFtpVB6ew+XNzNEz0y+GzGQ/Lsq54Mhx82u+IvssBNDpRddD2MEn/fPQSbmbDBr+Focy2JfQHYxCu/SxMCjf89353LAR931P94SgVr1hHDd9uA5QtzrIEjDsETOu+LnYQlh+eYYdrEu9KEDqw+dvuTYCKl+I5PoqffOMYd6wcCnfRPKzO/sC9LTGrCWgprh+nk/UuwSGd7vjNAhl9g3InTdWg+rzsUdv/0QtUa7TAk/qigSNQH9ey9oNDtQ6uFzE9aI7IKNJ2Di67LIi6iQgKWPLqc9rxN3i9gNZ0X7KeYzJ17o0R45IBVqOrLBtOIsrdSA/JFUrd7LFVDdi9kVW4camxAUgzQLqOBNrqBkyBsdIw/xthESDjMI72k6MI53S4Av+RuB6HzHq2P4pozKp6Au7NbyMJ9L6UmvvAMu4R2O5S/4irrgf9oA== X-Microsoft-Exchange-Diagnostics: 1;AM4PR0802MB2273;31:IKG1SDtpp+sP+liGdWWepiPw2Z8i4F5PV9axPgFqHm5PJm2ZFV8pP2twuHlXVrOzVASFmEenKcDqENAnL2bYdPvXEzP1yE6NkbeaTqkEy2sKyxH70dGTM9bx07jRjq5PEdK65kcrE3kSnQBc0fQpn5E5WQ+ZaAkBBm+pgZ3rhyW/QG9E9N5a6X+SPWs//rjiiEClnpvMSdYqJZmYjZ3OrhVvec6J2q659qzpbYYKGBRC7xjjZ5u7/ZIO7r+HGflr;20:HT0Hb2yvxe3u1KRG8P4rgZavRsL+pSWY7aF6ZfHSjU9gO4PFEmmn5wdBy1rszOHO3lzdDFpujZX+bjrLoswKmpWyqphw5umkopiyB9i4WuHSJtrDsdmhdO7ItrAuFTcQFYwRTBbRm+M9Sr47x6zzrZNbeT4Abhc4VEMGJNLXX0TIYhQs/nJmFBZVEmk/OMwco8DlzGJ4HXLBJWfiR3aNH39TvhpYmwzC0y8qFtzpXZdRwKSEacohESZQIuCn1cprzMQ33EdKuniw+p6+O8Td3riH1eljiQ0CF96M3pcKTnXm2Zru/G9IklFkJG9g/R0ZOQuthX5BMe7QrJzrNWmEak5DVCBb0jPjNmR8vdHZGlZkxgfhlRQ3SnW1MpdplkX8lyrv9+1P575+dJS8rxUZhCDWcneh9NOw5/uesuxROrk= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(84791874153150); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040450)(601004)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(10201501046)(6041248)(20161123555025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(20161123560025)(20161123562025)(6072148);SRVR:AM4PR0802MB2273;BCL:0;PCL:0;RULEID:;SRVR:AM4PR0802MB2273; X-Microsoft-Exchange-Diagnostics: 1;AM4PR0802MB2273;4:gWKo9dHDXwo/DUwhDmjOD4HJLqcHNeenvugOvWw98tcoDJFhLA/wmfBWVvSlstMNTf2w42aGd7XqnYjskN9grBINlMv44MMl2w+kAcTlY5E8S9TSoLQT9/LmBxVX1sO70sCuntWOGzYQQZdon6eI5pWBtAJEXrAALEw1XI7CZaRs80ub5K2AQhCrXoaf4euADF5W3AFWB066RQugaKbCnT7Vn0SHG5xy/0t8HdASOYxP0SY6joL0kIL7+BUHK77eMsoEO6J/cLJe7z2yPrpTsHEk5YuBnLFEf8E4KHio164UYlM3+4j1exfJDZuRGtpRSMJGWXaUBtNxn/sIj9zd0DHkEBS6nkwJf63MOAelrGI/u2jhBK445gwjw/DWTH4vUIZ1hA0FpZOlJLBvqAOQj54NfNflN8BKKVS/uLDif0hzHxo9LfQD5WlUKv9QNyK4SpSAiMjAx1zPtsONS/Axaggyi+ESI6KlGfxc8DKJKmM6LE2PCT3LYlaGTvfp7sc8IcEySVMNyVFEdhnIZIJioYXr2Q/wnLe7hZz+i6WmGDN3q/9jNHKfq9PLh3Tlnbu197jrsXr6T4f7YRLBfmVG0qK7dLQ/gHDSQj0ii/aQhpmfiRfatQN6mx43vgkIpIFsJiAsVq4VzR3LCCZgU44pXcbPMAyySB44r3ZbCOZl7IXmDs24wGNnykNZJBweU5JNff2UDnwxPc3kp8I0L+zDcseQjK5qURiv8PPmACNDHMmaaesdePFsbDpyhqAhsKquXFTgBupsQD8FK6UDXfGW1w== X-Forefront-PRVS: 029174C036 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(4630300001)(6009001)(6049001)(39450400003)(39840400002)(39410400002)(39400400002)(24454002)(6916009)(230700001)(25786009)(53546009)(81166006)(189998001)(50986999)(42186005)(7736002)(6116002)(3846002)(4326008)(93886004)(2906002)(47776003)(66066001)(23746002)(65956001)(229853002)(305945005)(6486002)(31696002)(38730400002)(77096006)(110136004)(4001350100001)(50466002)(36756003)(53936002)(2950100002)(6306002)(5660300001)(54906002)(65826007)(54356999)(86362001)(33646002)(8676002)(6246003)(83506001)(76176999);DIR:OUT;SFP:1102;SCL:1;SRVR:AM4PR0802MB2273;H:[172.16.25.137];FPR:;SPF:None;MLV:sfv;LANG:en; X-Microsoft-Exchange-Diagnostics: =?Windows-1252?Q?1;AM4PR0802MB2273;23:5ajlM3qbXSeyh+ePZt1VI1cbLJWG4Foz9px?= =?Windows-1252?Q?qosQ764wuA2AsswAQiUUtl7b19hYbXA07XGEK086huH+sDBk1SPhD0sE?= =?Windows-1252?Q?GS+pJIMwYGd7Lz3rPYOTlK4ADF2OyUzMQAjUYcO2Ae5TXSSOMeFLorOr?= =?Windows-1252?Q?Uc9yKPS9PAipibGjl1S9yo9SH5ys4zQ4p7cnZJ7BEoNU1B6U2pSVNwTc?= =?Windows-1252?Q?m3J2/kJfy6mlw3qj5m4hseZkgvCaGMo+THp9aCzDmnpf6AI+AIF5q7hw?= =?Windows-1252?Q?WM8OL2EwfcdB6gEujtrSzVUKQPMFSisQNo8dXgLSmasnncFWztrCvhfn?= =?Windows-1252?Q?T94xpThShY86asMzUsKYfoFssKk/LGiy8LNEbxgcz+/q86ey5HfXYpBA?= =?Windows-1252?Q?dBEbAurveEvAFj7ycWmjYcQBQK3DPodNGQ+6GgOydXsS2NBxUCO6IKo9?= =?Windows-1252?Q?qrldh2U9bg6KpTCcuZEKjXfcs71v2X1I5UhQJuG0WptVABcLAg5YHP2p?= =?Windows-1252?Q?CHwkf8OfvabVapUjZ3T09YP6R5muP7iiyH8WpUGrBcNqoipAnfIHlehh?= =?Windows-1252?Q?RDl1in5lrsQNu8jiXfCRwfNEgS99frgRTs4EiKfr3w+WSHo+WXv7SzRU?= =?Windows-1252?Q?lc1sQUdVMduC3UD4UrtYNuO4d94s+yPZUBN+LsCmFlU0WqImSoMrldRc?= =?Windows-1252?Q?DcoiVLGtP+9ZHb1vrVIFQg3q716l05N5GadT70FZLaewnM4ZABaBzLBZ?= =?Windows-1252?Q?dX2lanp0+foJIMgv1S4fJCRLJqNGcc4L7HXRXsLqm9UZLlVz6d+W3ey2?= =?Windows-1252?Q?Mk5H/J7a4krk9XSGorORHJPiJc3H6lpZi+nX2fPERUqKaacduPsiq28n?= =?Windows-1252?Q?Hd0sssIryz1PNmCgnFCvI5nj7yMIeVRJ8xMsx1kAN2/iZDkszTQ7eJDO?= =?Windows-1252?Q?p8T1ArE80hVc/DOLO6y9zxTkvZVo3np3EHYLg8e06mNmN/KgkSkMZNwO?= =?Windows-1252?Q?KRgl+t8voxeYMfxZVHCurmSDhOSNQbWlHkHHr16R5igHNx0c8jKb21yy?= =?Windows-1252?Q?8qppejC2sYoNXPCkHNtAPbK9iULGapYlWFk0znUshhLQ/AQO1fkQR23l?= =?Windows-1252?Q?bS8Ho4jHzVm7O8XeVnDhLIL98DoawEAkCC8NEMR7tYvYPd0nejONwUi+?= =?Windows-1252?Q?fG0DaEhNkMoCKjGEalbJUFuuPzCeklW3jAMR1aXWrTBJ6EJKLGyGDiUu?= =?Windows-1252?Q?DlWDRX+knO7WdxUxgS+v2H6cTUsV1ZqjBseQXsrT6huBWKBgzwrZDTgq?= =?Windows-1252?Q?rNWUx?= X-Microsoft-Exchange-Diagnostics: 1;AM4PR0802MB2273;6:UqnYUPskV3P1YywrrK8Uq8dyw0K38KR3lou+zqnQwJjKBhZdYAu3nhp8MQ+S5w8tGY3zeAxzMhC2P6T5JX3lvryX2KUOC+/YlX+M5ihIz4uxTMF0EQaWgEJUj2/Q0zyXBAcAG9ITajzaEM8kzKrJ5ns3KAd9IWHQaKlfhUkA/Qkmeu+DbZpfIO1a3JxaZ+JEqmn+YIcaqUaM/DzfyLmHMjnVGAjMfwq8Zd5psiXyStg+dLZOS4re6KKQY6GgQHwlYhtQOuQpsZzgVXVpLGv81t9vHGdcFlBxgXNBa3P/bB26bllRjzbZN/d4SFocjR+WLl+8gy3uBNosrdnICJtqpWnD8qDLjAQ3xYo2QzuGsJVx5bfQ6y3giD1S/3Gx8IEILiFBr+rZcrWkmB16CfuFq5GSGXOVnjJg7PGwdr6GYePaDcJarZ4CXELZflBn7WnekVVlOXCKyKEYwvo4pKSajvhQgf/OdnEKiBp5EZqI5ntEXM03SUJZfBsSIWypgP93Y7iTwXCBPyHvFpEgMvztmg==;5:5Zy7xazrdEmzyJ3fsHdWjyIk6UDljXc28z23tQzw8R92kbqYt1RYuO8xh37moZDBQFYGRFLUKFD9EV9l8E4byikVcx3d0k9vAxTgiu8q3ekO0Jg1AZjT3lgbQtSG6ZtTfSjZ8Xnhkl9UjW/ZqL0khg==;24:MSeK4O93S88e0l89OZCa0kc1Lluncow54/7bs/QnK9Pyr45ChWOZIHbibEbsbXBa/g+kWKSoP9DYF9qOZI0aRZxP2DeYUfZ6lfI8Y3jMcq4= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;AM4PR0802MB2273;7:2mnjoC4FI9tNl5MdMsLcF4VdNsGKYQI53PWV+fLce65qOG91MgRbIdj51XuUTMnZE/rSiTP2qCytL3kQb6XXE8riNqIBo72NWpfrNgRrZMk325flEBVqYYR976gM8AiuLrtBfgGg5W/vPS6Yw2Sxsle8anc6rNhve0OIRIL80NMlMo+QT7xQhv9JdEUFoFoU1sTMooBqTLE1OD8LpMgSTHOTe43TR+3YLLiEVMQNmSdcRk3Bdf/6QNe72GBwcoN2F/Z5Xnq/+izGyWTyETtTK3juc1tpjr53uxcaiiyqmMRGKJ19BdY6msO6D2f6SaV7QUQJqn8YT3024503TA7vTw== X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Apr 2017 09:17:53.7932 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0802MB2273 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 27.04.2017 19:22, Oleg Nesterov wrote: > On 04/27, Kirill Tkhai wrote: >> >> On 27.04.2017 19:12, Oleg Nesterov wrote: >>> On 04/26, Kirill Tkhai wrote: >>>> >>>> On 26.04.2017 18:53, Oleg Nesterov wrote: >>>>> >>>>>> +static long set_last_pid_vec(struct pid_namespace *pid_ns, >>>>>> + struct pidns_ioc_req *req) >>>>>> +{ >>>>>> + char *str, *p; >>>>>> + int ret = 0; >>>>>> + pid_t pid; >>>>>> + >>>>>> + read_lock(&tasklist_lock); >>>>>> + if (!pid_ns->child_reaper) >>>>>> + ret = -EINVAL; >>>>>> + read_unlock(&tasklist_lock); >>>>>> + if (ret) >>>>>> + return ret; >>>>> >>>>> why do you need to check ->child_reaper under tasklist_lock? this looks pointless. >>>>> >>>>> In fact I do not understand how it is possible to hit pid_ns->child_reaper == NULL, >>>>> there must be at least one task in this namespace, otherwise you can't open a file >>>>> which has f_op == ns_file_operations, no? >>>> >>>> Sure, it's impossible to pick a pid_ns, if there is no the pid_ns's tasks. I added >>>> it under impression of >>>> https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=dfda351c729733a401981e8738ce497eaffcaa00 >>>> but here it's completely wrong. It will be removed in v2. >>> >>> Hmm. But if I read this commit correctly then we really need to check >>> pid_ns->child_reaper != NULL ? >>> >>> Currently we can't pick an "empty" pid_ns. But after the commit above a task >>> can do sys_unshare(CLONE_NEWPID), another (or the same) task can open its >>> /proc/$pid/ns/pid_for_children and call ns_ioctl() before the 1st alloc_pid() ? >> >> Another task can't open /proc/$pid/ns/pid_for_children before the 1st alloc_pid(), >> because pid_for_children is available to open only after the 1st alloc_pid(). >> So, it's impossible to call ioctl() on it. > > Ah, OK, I didn't notice the ns->child_reaper check in pidns_for_children_get(). > > But note that it doesn't need tasklist_lock too. Hm, are there possible strange situations with memory ordering, when we see ns->child_reaper of already died ns, which was placed in the same memory? Do we have to use some memory barriers here?