From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751918AbdHGPSW (ORCPT ); Mon, 7 Aug 2017 11:18:22 -0400 Received: from mail-it0-f54.google.com ([209.85.214.54]:33517 "EHLO mail-it0-f54.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751837AbdHGPSU (ORCPT ); Mon, 7 Aug 2017 11:18:20 -0400 MIME-Version: 1.0 In-Reply-To: <20170807084451.rdtsjws6hwtdy6ki@hirez.programming.kicks-ass.net> References: <20170806044141.5093-1-asarai@suse.com> <20170807084451.rdtsjws6hwtdy6ki@hirez.programming.kicks-ass.net> From: Jessie Frazelle Date: Mon, 7 Aug 2017 11:18:18 -0400 Message-ID: Subject: Re: [PATCH v2] sched: debug: use task_pid_nr_ns in /proc/$pid/sched To: Peter Zijlstra Cc: Aleksa Sarai , Ingo Molnar , "Eric W. Biederman" , cyphar@cyphar.com, linux-kernel@vger.kernel.org, stable@vger.kernel.org Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="001a1144b2005799e405562b5b99" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --001a1144b2005799e405562b5b99 Content-Type: text/plain; charset="UTF-8" Thanks for patching this :) Guess I will find a different rabbit in a hat to detect if running in a pid namespace ;) On Mon, Aug 7, 2017 at 4:44 AM, Peter Zijlstra wrote: > On Sun, Aug 06, 2017 at 02:41:41PM +1000, Aleksa Sarai wrote: >> It appears as though the addition of the PID namespace did not update >> the output code for /proc/*/sched, which resulted in it providing PIDs >> that were not self-consistent with the /proc mount. This additionally >> made it trivial to detect whether a process was inside &init_pid_ns from >> userspace (making container detection trivial[1]). This lead to >> situations such as: >> >> % unshare -pmf >> % mount -t proc proc /proc >> % head -n1 /proc/1/sched >> head (10047, #threads: 1) >> >> Fix this by just using task_pid_nr_ns for the output of /proc/*/sched. >> All of the other uses of task_pid_nr in kernel/sched/debug.c are from a >> sysctl context and thus don't need to be namespaced. >> >> [1]: https://github.com/jessfraz/amicontained >> >> Cc: >> Cc: Jess Frazelle >> Signed-off-by: Aleksa Sarai > > Thanks! --001a1144b2005799e405562b5b99 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIIS6wYJKoZIhvcNAQcCoIIS3DCCEtgCAQExDzANBglghkgBZQMEAgEFADALBgkqhkiG9w0BBwGg ghBRMIIEXDCCA0SgAwIBAgIOSBtqDm4P/739RPqw/wcwDQYJKoZIhvcNAQELBQAwZDELMAkGA1UE BhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExOjA4BgNVBAMTMUdsb2JhbFNpZ24gUGVy c29uYWxTaWduIFBhcnRuZXJzIENBIC0gU0hBMjU2IC0gRzIwHhcNMTYwNjE1MDAwMDAwWhcNMjEw NjE1MDAwMDAwWjBMMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEiMCAG A1UEAxMZR2xvYmFsU2lnbiBIViBTL01JTUUgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBALR23lKtjlZW/17kthzYcMHHKFgywfc4vLIjfq42NmMWbXkNUabIgS8KX4PnIFsTlD6F GO2fqnsTygvYPFBSMX4OCFtJXoikP2CQlEvO7WooyE94tqmqD+w0YtyP2IB5j4KvOIeNv1Gbnnes BIUWLFxs1ERvYDhmk+OrvW7Vd8ZfpRJj71Rb+QQsUpkyTySaqALXnyztTDp1L5d1bABJN/bJbEU3 Hf5FLrANmognIu+Npty6GrA6p3yKELzTsilOFmYNWg7L838NS2JbFOndl+ce89gM36CW7vyhszi6 6LqqzJL8MsmkP53GGhf11YMP9EkmawYouMDP/PwQYhIiUO0CAwEAAaOCASIwggEeMA4GA1UdDwEB /wQEAwIBBjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwEgYDVR0TAQH/BAgwBgEB/wIB ADAdBgNVHQ4EFgQUyzgSsMeZwHiSjLMhleb0JmLA4D8wHwYDVR0jBBgwFoAUJiSSix/TRK+xsBtt r+500ox4AAMwSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9n c3BlcnNvbmFsc2lnbnB0bnJzc2hhMmcyLmNybDBMBgNVHSAERTBDMEEGCSsGAQQBoDIBKDA0MDIG CCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzANBgkqhkiG 9w0BAQsFAAOCAQEACskdySGYIOi63wgeTmljjA5BHHN9uLuAMHotXgbYeGVrz7+DkFNgWRQ/dNse Qa4e+FeHWq2fu73SamhAQyLigNKZF7ZzHPUkSpSTjQqVzbyDaFHtRBAwuACuymaOWOWPePZXOH9x t4HPwRQuur57RKiEm1F6/YJVQ5UTkzAyPoeND/y1GzXS4kjhVuoOQX3GfXDZdwoN8jMYBZTO0H5h isymlIl6aot0E5KIKqosW6mhupdkS1ZZPp4WXR4frybSkLejjmkTYCTUmh9DuvKEQ1Ge7siwsWgA NS1Ln+uvIuObpbNaeAyMZY0U5R/OyIDaq+m9KXPYvrCZ0TCLbcKuRzCCBB4wggMGoAMCAQICCwQA AAAAATGJxkCyMA0GCSqGSIb3DQEBCwUAMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBDQSAt IFIzMRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTExMDgwMjEw MDAwMFoXDTI5MDMyOTEwMDAwMFowZDELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24g bnYtc2ExOjA4BgNVBAMTMUdsb2JhbFNpZ24gUGVyc29uYWxTaWduIFBhcnRuZXJzIENBIC0gU0hB MjU2IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCg/hRKosYAGP+P7mIdq5NB Kr3J0tg+8lPATlgp+F6W9CeIvnXRGUvdniO+BQnKxnX6RsC3AnE0hUUKRaM9/RDDWldYw35K+sge C8fWXvIbcYLXxWkXz+Hbxh0GXG61Evqux6i2sKeKvMr4s9BaN09cqJ/wF6KuP9jSyWcyY+IgL6u2 52my5UzYhnbf7D7IcC372bfhwM92n6r5hJx3r++rQEMHXlp/G9J3fftgsD1bzS7J/uHMFpr4MXua eoiMLV5gdmo0sQg23j4pihyFlAkkHHn4usPJ3EePw7ewQT6BUTFyvmEB+KDoi7T4RCAZDstgfpzD rR/TNwrK8/FXoqnFAgMBAAGjgegwgeUwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C AQEwHQYDVR0OBBYEFCYkkosf00SvsbAbba/udNKMeAADMEcGA1UdIARAMD4wPAYEVR0gADA0MDIG CCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzA2BgNVHR8E LzAtMCugKaAnhiVodHRwOi8vY3JsLmdsb2JhbHNpZ24ubmV0L3Jvb3QtcjMuY3JsMB8GA1UdIwQY MBaAFI/wS3+oLkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQACAFVjHihZCV/IqJYt 7Nig/xek+9g0dmv1oQNGYI1WWeqHcMAV1h7cheKNr4EOANNvJWtAkoQz+076Sqnq0Puxwymj0/+e oQJ8GRODG9pxlSn3kysh7f+kotX7pYX5moUa0xq3TCjjYsF3G17E27qvn8SJwDsgEImnhXVT5vb7 qBYKadFizPzKPmwsJQDPKX58XmPxMcZ1tG77xCQEXrtABhYC3NBhu8+c5UoinLpBQC1iBnNpNwXT Lmd4nQdf9HCijG1e8myt78VP+QSwsaDT7LVcLT2oDPVggjhVcwljw3ePDwfGP9kNrR+lc8XrfClk WbrdhC2o4Ui28dtIVHd3MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAw TDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24x EzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4MTAwMDAwWjBMMSAw HgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEG A1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5Bngi FvXAg7aEyiie/QV2EcWtiHL8RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X 17YUhhB5uzsTgHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zdQQ4gOsC0p6Hp sk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZXriX7613t2Saer9fwRPvm2L7 DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF MAMBAf8wHQYDVR0OBBYEFI/wS3+oLkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBL QNvAUKr+yAzv95ZURUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25s bwMpjjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK6fBdRoyV 3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQXmcIfeg7jLQitChws/zyr VQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecsMx86OyXShkDOOyyGeMlhLxS67ttVb9+E 7gUJTb0o2HLO02JQZR7rkpeDMdmztcpHWD9fMIIEaDCCA1CgAwIBAgIMEBDF+etx3nvilTfBMA0G CSqGSIb3DQEBCwUAMEwxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSIw IAYDVQQDExlHbG9iYWxTaWduIEhWIFMvTUlNRSBDQSAxMB4XDTE3MDUwNDIzNDc0OFoXDTE3MTAz MTIzNDc0OFowJDEiMCAGCSqGSIb3DQEJAQwTamVzc2ZyYXpAZ29vZ2xlLmNvbTCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAKR9dpxSuXB6L4OBTenqIjNGyBWrtcZDjBpGdrDrQK/+z4ff 6lmOVSR2agH/gnt282zBs9zT7ksmoxZeVLqu57O3KkvJOuYoxRorINMsQHVSsxWz7+GcysH5V8/a /1vm781xDYZlrOuE8ibXmtEaWTyByHvvyAhz9tN3pFWKF+JmBzI712PvkCxL6oIjAh6j9/ZKdFDj DKqxSA4MYH3t8QiAbEItbRj3DdFu2k/F6l6QwpOC27AtVKCpjTgzkXL4SVBaLS19p2bNmQS1q0gl 8Sx6MU00z/K8fAFB5Vg4SnjOggBtf/A89xqhjRVxQVhGcODnA2/LEwApUa7kWMldubcCAwEAAaOC AXAwggFsMB4GA1UdEQQXMBWBE2plc3NmcmF6QGdvb2dsZS5jb20wUAYIKwYBBQUHAQEERDBCMEAG CCsGAQUFBzAChjRodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2h2c21pbWVj YTEuY3J0MB0GA1UdDgQWBBQe/CBmoBymyHeouKTC3kYaakkHhDAfBgNVHSMEGDAWgBTLOBKwx5nA eJKMsyGV5vQmYsDgPzBMBgNVHSAERTBDMEEGCSsGAQQBoDIBKDA0MDIGCCsGAQUFBwIBFiZodHRw czovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzA7BgNVHR8ENDAyMDCgLqAshipodHRw Oi8vY3JsLmdsb2JhbHNpZ24uY29tL2dzaHZzbWltZWNhMS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0G A1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDANBgkqhkiG9w0BAQsFAAOCAQEAonmoQD5qXW8F czc13F7I/KJ9dRpAAfHSkswWoXWf/4+E8i1iUZzpOXTYdTtin4NiGzPw1s6hfeYKi26W0fQMIbvX oL6EC+CQ4dIFi9EsNORy+0h8f5VjRENG/66ZiyQe4VnoJ0exiRQovpl9RG+dBdjHtX9MddJ8LRyI Ab+xNvAOWc9pectTvrjAkgIe8dIwU56kbEG87tfnB4Iibo+faE9dOS6+wjeEfYrDKzYJ7prqhFZJ RG+AOLZobSKDfWEPQFyydfZF3koAY6Oza77kytd5Q/fv1sM3v00VZ+NhtY83F+G8+6+CunLDfngy +3UBsHTn45CuG+1GQ596GnatozGCAl4wggJaAgEBMFwwTDELMAkGA1UEBhMCQkUxGTAXBgNVBAoT EEdsb2JhbFNpZ24gbnYtc2ExIjAgBgNVBAMTGUdsb2JhbFNpZ24gSFYgUy9NSU1FIENBIDECDBAQ xfnrcd574pU3wTANBglghkgBZQMEAgEFAKCB1DAvBgkqhkiG9w0BCQQxIgQgv0PIsuI78Wo90v4r hnWbzbHBRA+Mzd6w5FZ1qvA48qgwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0B CQUxDxcNMTcwODA3MTUxODE5WjBpBgkqhkiG9w0BCQ8xXDBaMAsGCWCGSAFlAwQBKjALBglghkgB ZQMEARYwCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMAsGCSqGSIb3DQEBCjALBgkqhkiG9w0BAQcw CwYJYIZIAWUDBAIBMA0GCSqGSIb3DQEBAQUABIIBAAIxpJ/TBnWP7lnlY2tsS5qc5xVYAHAIMGHe 0bb2xrxE8sV3DFkDauZdV8bzp/Xm22GN5qRn8FRWE+u36uGsjbeDfTlpCNsA0eomwao5axVTdcu4 zhg78NS1aqvjB3r4P+yJA08p4oAPqzNwBsx7FU3gViV1pbCOtVRkLH+OOO/X1meWzA6ORZT2Bn19 KhX19oE1erbVXnu1T+FlfulWL8R+0zdEpoonnH+ci3cPmzbfrcs9vAdNnL3LWbpkAUgbSI7CYALa Kh6qICHPkDH/JOrLa7YwYR00N6lBeswEruPpGf0UbqKPOcbqxv4wJTYma8ZEdN2NQG4Z7bkGsHl0 lr4= --001a1144b2005799e405562b5b99--