From patchwork Tue May 2 09:48:52 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kirill Tkhai X-Patchwork-Id: 9707755 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 2233860245 for ; Tue, 2 May 2017 10:03:54 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 13BA828402 for ; Tue, 2 May 2017 10:03:54 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 085612842B; Tue, 2 May 2017 10:03:54 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7812C28402 for ; Tue, 2 May 2017 10:03:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751516AbdEBKDl (ORCPT ); Tue, 2 May 2017 06:03:41 -0400 Received: from mail-he1eur01on0134.outbound.protection.outlook.com ([104.47.0.134]:3680 "EHLO EUR01-HE1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1750934AbdEBKDj (ORCPT ); Tue, 2 May 2017 06:03:39 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=virtuozzo.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=U5DcjOBd7QsG0xbY2jK0tWKxzlnCJSfm03sXNvQFOjQ=; b=F2mRT7gDok03RxRKHwioAClAXhMZdXtR18av/lCzrXAf8KvZDlo31yDFYwFYA3Ha6sr3zL2sSe37WrcAhEXnj9XJHhVs2Cm9LXZ303a4cijzl3+syfrpT+Qx+WmnL7+M8dr5CncFZAuNlRxTi8QaFALkN5YxHQ7dyz1EsmhJRBQ= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none; redhat.com; dmarc=none action=none header.from=virtuozzo.com; Received: from localhost.localdomain (195.214.232.6) by HE1PR0802MB2283.eurprd08.prod.outlook.com (10.172.127.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1047.13; Tue, 2 May 2017 09:48:52 +0000 Subject: [PATCH v5] pid_ns: Introduce ioctl to set vector of ns_last_pid's on ns hierarhy From: Kirill Tkhai To: , , , , , , , , , , , , , , , , , Date: Tue, 2 May 2017 12:48:52 +0300 Message-ID: <149371848646.24418.16693733830230366252.stgit@localhost.localdomain> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Originating-IP: [195.214.232.6] X-ClientProxiedBy: HE1PR0402CA0014.eurprd04.prod.outlook.com (10.175.27.24) To HE1PR0802MB2283.eurprd08.prod.outlook.com (10.172.127.13) X-MS-Office365-Filtering-Correlation-Id: 0ddda566-460e-4138-ddcd-08d4914071b7 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(201703131423075)(201703031133081); SRVR:HE1PR0802MB2283; X-Microsoft-Exchange-Diagnostics: 1; HE1PR0802MB2283; 3:dW6yLkbrFAydXSmj2XKdDUuvRhLSyswatfaOpJDv0Imkm0FmalJferqZAnn+u9N2S/30JwcoImM6lwegoiml/lSUzvYckvSgeI6fIlDc3j0ZNKhi4UQcJbVPNiqJvC8Fs3vfhziUl+VA3DcEU4CY2XAk9LRiDwM3tA0tBBRpChGUdPr2APvtbOiuPzB4NU2M2sSWlCOMQrwtvutGyniLgADwwI9pXDeH++sPSxlYKGeEumctfKcxFRVFPwHnEkXbWQJ2BxF4eNSWrpuVgdsDqGTXEqKALQGXtHsTMwkwrPYfl4Ws+LDqNVT08/Xki7ivRSKLIQ4wpGuPiie2ss0ebg==; 25:wHylYZnXuG5MLZX2S3dAM289vsF+wYkfdZeUs70K8iB4OIfm99f+lebNGEE7ohrAbugrDieW0dUCYXDFFC5/lWeTjfRyVYPbFheD0g8pDuRkkb9RQ2g1zfAuGyQAqp5GaFatKy8P8vIzjOzlTC9Sy3VMbf0AOkerKJZwi6WQBtPKv2aJUsKZIJjVxIzGY0f+Z3n93Z64lA2VRYTDfe8RXSVr4jB2lz+TPn29woCI8quwF+vPANlgXZ/sjLSqiLVbdr6NFC/XI04CU3Dlx19O8zr2tLYdGYhJjTLCUDIPl3/C9C4m5kOe6NU4ReGPYiQ+qQgMi4k42Mi/v0ePFSjsVYAO8kOf2Yvz8sH8DVIzq4SyzEO6hDihQK/PaEyTBUde1JUfiV3F6b8BX4WLN+mOai+XqwvzSLtuKQVdwnOC+h96cWZ7nf8/xnuOqI3kI9kB8h1GgxDXki/DG4ggNSeAMw== X-Microsoft-Exchange-Diagnostics: 1; HE1PR0802MB2283; 31:RBhY2MCq7NHzUCrAGXK0ZEwpjkM4LACblM+WaePMWrozo9F/CTnrMNuBabEmyC/GD5WyHUnPWPghvoPP2x8UMHInIM0YSWRt/vQZodcmSsGiMKj1DwIuqOo9T37L+DaHGR2DKNW+Nzi5axqwkDoUXmx9L1DQ3Csw4wIcRmftc1OdaxDkcGXUsJmOXcV65l74/X2fdYb5lmO5Q1GyIbkkXya4mvK1ZS92iT+TtO6oU5SnjKpVyWUDP+SPmGZ+KvFZ; 20:/ImrmI+Cpm3DeiNKH0ugkdfOEHlDaJGNd8pLVD2jzvo3/ZfLjii6akjmR0nZ1KBK4yYmJj5cm2M0618NfEgG1bieTDdFZ7tMfUEUf1/cXpnH/KDQdP+C1pfeWN/TR+frWeQISO4P51TC1p0vFB3pTIVbRbQm/7LJ1bFxNw1gsmGHizmeO1WZU7Qmb49gMdx3kXf38eXn58yKKkDXI2Sbb2M1Jjik7SkT++Oc/iuqtzoXoJQRShiB68eH2aSorFNGCiBibeJfkAromf1VVJXb1q16xwb54tQUWHB0+RiqJy9OFTQoHe7E1FLgnHQECYKOSk0koiFbaeVb4yXTo1hXf5/2eE1UDXvCYxvEiRs0hlNe7d6N3MTSSu4H8GhOTcu8d4UhdncXqpi6J9nUr/yQ52rfIY9jR1fIDQAv+sXEJqI= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(93006095)(93001095)(6041248)(20161123560025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(20161123555025)(20161123564025)(6072148); SRVR:HE1PR0802MB2283; BCL:0; PCL:0; RULEID:; SRVR:HE1PR0802MB2283; X-Microsoft-Exchange-Diagnostics: 1; HE1PR0802MB2283; 4:SGn0xjTA+s9nmJ2Ryq2od9ODYYiCe4lHWTn+w2MoBX6Yff0/Eeo/f8e+mohQ9Arg7zfG/kUYRnd9DaQ3MntI5Ys+DgoWwogE/qickmKBUzC5YGOYW4qnv2D0aTIs301LQpjDrEKmVdxBSSfZS61l/4TBjVp9+KL/Oce7PpDog3DmTj4UbntOOkBfJ/VEZV8B6YUynH099GOE+z0RcnnCZ5Q9G4PuPAnKOIhVcm+zJCKEVcBRa042zY+RIc2jIbqWVFfgqQdfGHWTn8iOBXNg97awMKj29ZuiGtCuNd1wRLUD75+OOQxZnvBsvNe2/EhytFisWDQlpDepYqWLR2NMFUokPfHoH2cLuhbTwkX+/ney1scBDXrRc80wYrxyLVCte2MDev6epFlA8NKGn4FcBK2O9bu/JP7U5gG6o7y+HPODt8+6hGNkdDNN+tjhjSDX7GvIvFl8evas8OF9UC0CadJLU9d5Vvq8U8xYIToilEWJ4HriE2XfflNQAwaxgpxog7uuPjCZnrsrl7/x2mYkwrI9jrmE007zzgCROuVtkp6RWSq4NZGolxsuKb812Qmbm4nWnhFSjjUWhlsbbi84KA956GjyGxRRSoF+Ffzt2SBCuLLQ8z9j+a7Wyi2CqQq9J6yBy+XIo93rDw8C5sGP3g+DRUUXMBMiBV8woNRD8I80t3z3UYhQqsTYlqeEHyVaunJAIm5g1rw4vgpz8N2FffeBPXx/iyy8rMLXIG+azxM= X-Forefront-PRVS: 02951C14DC X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(4630300001)(6009001)(39410400002)(39400400002)(39450400003)(39830400002)(38730400002)(2201001)(61506002)(33646002)(103116003)(55016002)(6506006)(23676002)(575784001)(66066001)(6116002)(3846002)(4001350100001)(50466002)(47776003)(9686003)(54356999)(189998001)(83506001)(230700001)(81166006)(53936002)(42186005)(8676002)(86362001)(2906002)(25786009)(508600001)(305945005)(5660300001)(50986999)(7736002)(921003)(1121003); DIR:OUT; SFP:1102; SCL:1; SRVR:HE1PR0802MB2283; H:localhost.localdomain; FPR:; SPF:None; MLV:sfv; LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtIRTFQUjA4MDJNQjIyODM7MjM6UGowVGNmTjFMeU5LV08zOEp6R0w4N1Rz?= =?utf-8?B?QVQ0VWRHbzk4UmQwcHJRcnVvblpRbTJoc0MyUkpMMVF3MG5BNFB5YzFmRzA4?= =?utf-8?B?SHVGRXcybGZyWXJxVG53WlJQZjQ5dEFoMExFZllXUTQyeVQrNk9qZ0x4d3pW?= =?utf-8?B?MDlLN0oxbmRGSEFVcERjYXVjcEZyTmNhQVluV3c3SnVPQTMweVhYZ3h6aG9R?= =?utf-8?B?clBydEZQRFlFMHlXcXQvQ1YzR0J4VzJyQ0lNYzhkcllFYWdlUFNwYWNlYkIw?= =?utf-8?B?ZFNRZHZxSzlFM0t0R0p0R2lvTUYzZkJ6OWw4T3FseFo0Vmt4aUJFRWZLSkNO?= =?utf-8?B?L2o1K3YvbzFScUF1RDNWa0ZRS1Z0VjVTdzVVemkwcmlHNFdvMWFkWVJ6NUdW?= =?utf-8?B?N2tXeGJqUis3M1d3ZTBmVi9vaExDN0k4R3VCSzM3QmkrMHczSWd0SUM2M1JU?= =?utf-8?B?NE9jUHJBSngvaGVlMEJ4Q24wbG9YZTZsWHh6VkFUenhZMUlSMWZmTzgwZCtn?= =?utf-8?B?TzcybXpZdHlDU3dhOHNET3JiVUV4ZkVLSGN0V0kzWDJpRjI1c2tjeFRvTjNU?= =?utf-8?B?RHZ3WEJxNjZQTlU1NnhzaTAzMTZMZVZsMkpDUm5BcHlzMTRmaFhsRE8rTC9Q?= =?utf-8?B?THRtU1piSlMydVJLK3BHbjhBM1ZoWmdXS0oxK1RuaWtFaTZWWlRqb0JQUHpx?= =?utf-8?B?SWdCc3RLUHQvOTdFcEw2N3FyM2hkRHovL3ZJam16dUNrUzFaRGpjV1I0M3g4?= =?utf-8?B?RFhUamVrOENrbHloZkJEeFJieHlXVkh6ME1FWnExSFBqUTNMcVdLSU9XWXJS?= =?utf-8?B?cHhPT2pyYzRzN1lCdkF6WGVnSlkwWGV6d0NleFZHb20xYWdjRUwxWndwdWFw?= =?utf-8?B?Z2NUenY1RVE1WXBpaEI4bnVsSmZzdE1rZlNLVUloMUxzQWxXY2hlQUdGaDcx?= =?utf-8?B?UitMeVdBWDJwVng0Q05Ic2l0cDR6R3RRVFJSWGhKTHdUL0ZtVzRwMVllL1JW?= =?utf-8?B?bDZtbnpqMDMxemwySnFieWR1T0FsMkNUTmZLUlQzMUNydTIvUHh5MWZnMHR6?= =?utf-8?B?M01RZ3BnakR0ZTU1RmdORDN2Tzl3TCs2WmdwMW5KTE5Cbm1McUU4U3NSL3Ex?= =?utf-8?B?S2lKREJqbmZMbnhTVU5McXlPdjBVS0lRSnVkSWx2SXdGQzdGZEViTDFFbm9Q?= =?utf-8?B?MjBQOEhDZFlEU2NjMWJFSXRPbzVQZ0tkV3Rab054c211S2xJRE5UelhSVGhV?= =?utf-8?B?NTlPbWFRcFBZSUZaV3BPNjFoWjFkYWdmbEhDWjVMN1c2LzRGVnVLNTdmWDl0?= =?utf-8?B?ak1kcUpGSG9zckFMS2tXZFVYKzBpUXpWOXZhcm42a1hhOERHUHg5bDhpTFFi?= =?utf-8?Q?EQyncXNS5x?= X-Microsoft-Exchange-Diagnostics: 1; HE1PR0802MB2283; 6:dUFIYbplbgI187zsGubYj6f8XieSJsAXwmSI3k1XCsdXR0DJxmY25OCDW1VjvcN2xQ4LqwNBaWgSJFgu/cEAbeCrfnpFwOmlcmcHIy9o2LY4kyyBqn0rKORciwz+VFOD3++C0sYQYeFjZZBxj5hYYRERUstonzX3B6+LHL/U90ZFNjhvxOLUfuKpqKk4LT/lXiTT5YSOKraK14Gas2AywRf/XkgNvvoBEiLxkN63tMoGXHmioSiYV5XwmgUUr2hvrWfjzIkIE8vwMxIRCOMgezO4mKv+Wsaa57Mo6tLV1XRx8kj1Z2T9/uekQPpiZDIfPWsmNVHpF3QPibJFrUyz7j7JEZxidkvIbWlfe2LwnUOIy2xpm1TQtV3e5MKGWQUno8mh5wwCv06kQOEwxiS07cP3CJUyISrm+cVI0qDI2F41B9zsM6/qbvQ7Z4vYKuVlCUUe+ytteEVBJJfXUfjHRJ9K5rAbBjd3xL6cATutz1fBDqlrPTpoE8PDfhl6o93MR91Ej8QHif9SLSlvy6HPfA==; 5:m9f+mB5kmc7xzdid0+5SQ40KuYBqp+8v52ixHi6XwPdhufWangC8u5pXvXWgbRbtX6k/00zXtmqLIEosM04mVnqxmt1t/LuQlhzsSStP0DEaWapo2/fX+oOIiIsmgGGFK8MToUL8yF/Kiaf49Zf+Fgh3lpBr7nnLKca3MT0tBkU=; 24:Z+YKiJknauu38g7Bru4zGrA+ib7etzaOP07tjLMqkUOaXmJ463Zd5e2EiL6JQwSC2i2aYrrNwTnI4yZgGu7qGXvH7LDDKN7p3O1l2lPvjVE= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; HE1PR0802MB2283; 7:q4EW1DPcnvNc7CVRgoTFB5otiqplvqq2OiBmdMA5dATuxKzfRi3dvmpO8ks9vvzC9cS8cVrGag4OuTwvJX69dyt7QPiP2HxLz8f/+hbsIgjqzoEfk/IKl4DZEa0/Zqsv3zLVH7UsMwmbLLlUCG0lbYrA6R0tYCFp7Miulu1x/WpC9xLbph1rSg3fX3tJt7BlAiYSR7NyNCrfAmX+8BsfJbs3tWnmRrrxOyAGJmqb4GIOLAPEhg5KAUpVmtXZ7Xf4YHynPdtBIW6lif3Qo9+7ia5MVHfqJkgNTbzY3V3g9jsi7xvusN7wfxfEM4hWWWZv3GFDm0rD7EMIxmXvqK9b3Q==; 20:8qAMwRhBwRtwDeYLgA+5Xqg8v/OpE57RuCku/vhM1ryRLNQLxs9Rpkwtlk7I3dEkpSqaUjP5b/MgjyuDRugm05n85WpNyxa4qy1dLd2ZzR66uV4byRc6ahvRGVncIEVeVqG6KbeGeAqFMShzS1B7i/oxXhdd5UnSG2G0R8rarZQ= X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 May 2017 09:48:52.7944 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0802MB2283 Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP On implementing of nested pid namespaces support in CRIU (checkpoint-restore in userspace tool) we run into the situation, that it's impossible to create a task with specific NSpid effectively. After commit 49f4d8b93ccf "pidns: Capture the user namespace and filter ns_last_pid" it is impossible to set ns_last_pid on any pid namespace, except task's active pid_ns (before the commit it was possible to write to pid_ns_for_children). Thus, if a restored task in a container has more than one pid_ns levels, the restorer code must have a task helper for every pid namespace of the task's pid_ns hierarhy. This is a big problem, because of communication with a helper for every pid_ns in the hierarchy is not cheap. It's not performance-good as it implies many helpers wakeups to create a single task (independently, how you communicate with the helpers). This patch tries to decide the problem. It introduces a new pid_ns ioctl(NS_SET_LAST_PID_VEC), which allows to write a vector of last pids on pid_ns hierarchy. The vector is passed as array of pids in struct ns_ioc_pid_vec, written in reverse order. The first number corresponds to the opened namespace ns_last_pid, the second is to its parent, etc. So, if you have the pid namespaces hierarchy like: pid_ns1 (grand father) | v pid_ns2 (father) | v pid_ns3 (child) and the pid_ns3 is open, then the corresponding vector will be {last_ns_pid3, last_ns_pid2, last_ns_pid1}. This vector may be short and it may contain less levels. For example, {last_ns_pid3, last_ns_pid2} or even {last_ns_pid3}, in dependence of which levels you want to populate. v5: Move pid_max up for !CONFIG_CHECKPOINT_RESTORE builds (found by kbuild test robot). v4: Declare struct ns_ioc_pid_vec directly instead of include uapi file. Make the interface independent of CONFIG_CHECKPOINT_RESTORE. Include linux/types.h in nsfs.h for pid_t. Get all vectors at once. Make checks atomical. v3: Use __u32 in uapi instead of unsigned int. v2: Kill pid_ns->child_reaper check as it's impossible to have such a pid namespace file open. Use generic namespaces ioctl() number. Pass pids as array, not as a string. Signed-off-by: Kirill Tkhai --- fs/nsfs.c | 5 +++++ include/linux/pid_namespace.h | 9 ++++++++- include/uapi/linux/nsfs.h | 8 ++++++++ kernel/pid_namespace.c | 38 +++++++++++++++++++++++++++++++++++++- 4 files changed, 58 insertions(+), 2 deletions(-) diff --git a/fs/nsfs.c b/fs/nsfs.c index 323f492e0822..f669a1552003 100644 --- a/fs/nsfs.c +++ b/fs/nsfs.c @@ -6,6 +6,7 @@ #include #include #include +#include #include #include @@ -186,6 +187,10 @@ static long ns_ioctl(struct file *filp, unsigned int ioctl, argp = (uid_t __user *) arg; uid = from_kuid_munged(current_user_ns(), user_ns->owner); return put_user(uid, argp); + case NS_SET_LAST_PID_VEC: + if (ns->ops->type != CLONE_NEWPID) + return -EINVAL; + return pidns_set_last_pid_vec(ns, (void *)arg); default: return -ENOTTY; } diff --git a/include/linux/pid_namespace.h b/include/linux/pid_namespace.h index c2a989dee876..661fad08bf8c 100644 --- a/include/linux/pid_namespace.h +++ b/include/linux/pid_namespace.h @@ -54,6 +54,7 @@ struct pid_namespace { struct ns_common ns; }; +struct ns_ioc_pid_vec; extern struct pid_namespace init_pid_ns; #define PIDNS_HASH_ADDING (1U << 31) @@ -71,7 +72,8 @@ extern struct pid_namespace *copy_pid_ns(unsigned long flags, extern void zap_pid_ns_processes(struct pid_namespace *pid_ns); extern int reboot_pid_ns(struct pid_namespace *pid_ns, int cmd); extern void put_pid_ns(struct pid_namespace *ns); - +extern long pidns_set_last_pid_vec(struct ns_common *ns, + struct ns_ioc_pid_vec __user *vec); #else /* !CONFIG_PID_NS */ #include @@ -101,6 +103,11 @@ static inline int reboot_pid_ns(struct pid_namespace *pid_ns, int cmd) { return 0; } +static inline long pidns_set_last_pid_vec(struct ns_common *ns, + struct ns_ioc_pid_vec __user *vec) +{ + return -ENOTTY; +} #endif /* CONFIG_PID_NS */ extern struct pid_namespace *task_active_pid_ns(struct task_struct *tsk); diff --git a/include/uapi/linux/nsfs.h b/include/uapi/linux/nsfs.h index 1a3ca79f466b..9d320276eafe 100644 --- a/include/uapi/linux/nsfs.h +++ b/include/uapi/linux/nsfs.h @@ -2,6 +2,7 @@ #define __LINUX_NSFS_H #include +#include #define NSIO 0xb7 @@ -14,5 +15,12 @@ #define NS_GET_NSTYPE _IO(NSIO, 0x3) /* Get owner UID (in the caller's user namespace) for a user namespace */ #define NS_GET_OWNER_UID _IO(NSIO, 0x4) +/* Set a vector of ns_last_pid for a pid namespace stack */ +#define NS_SET_LAST_PID_VEC _IO(NSIO, 0x5) + +struct ns_ioc_pid_vec { + __u32 nr; + pid_t pid[0]; +}; #endif /* __LINUX_NSFS_H */ diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c index de461aa0bf9a..d675b4d22dfe 100644 --- a/kernel/pid_namespace.c +++ b/kernel/pid_namespace.c @@ -21,6 +21,7 @@ #include #include #include +#include struct pid_cache { int nr_ids; @@ -32,6 +33,7 @@ struct pid_cache { static LIST_HEAD(pid_caches_lh); static DEFINE_MUTEX(pid_caches_mutex); static struct kmem_cache *pid_ns_cachep; +extern int pid_max; /* * creates the kmem cache to allocate pids from. @@ -311,7 +313,6 @@ static int pid_ns_ctl_handler(struct ctl_table *table, int write, return proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); } -extern int pid_max; static int zero = 0; static struct ctl_table pid_ns_ctl_table[] = { { @@ -428,6 +429,41 @@ static struct ns_common *pidns_get_parent(struct ns_common *ns) return &get_pid_ns(pid_ns)->ns; } +long pidns_set_last_pid_vec(struct ns_common *ns, + struct ns_ioc_pid_vec __user *vec) +{ + struct pid_namespace *pid_ns = to_pid_ns(ns), *top; + pid_t pid[MAX_PID_NS_LEVEL]; + u32 i, nr; + + BUILD_BUG_ON(sizeof(pid_t) * MAX_PID_NS_LEVEL > 128); + if (get_user(nr, &vec->nr)) + return -EFAULT; + if (nr > MAX_PID_NS_LEVEL || nr < 1) + return -EINVAL; + if (copy_from_user(pid, &vec->pid[0], nr * sizeof(pid_t)) != 0) + return -EFAULT; + + top = pid_ns; + for (i = 0; i < nr-1; i++) { + top = top->parent; + if (!top || pid[i] < 0 || pid[i] > pid_max) + return -EINVAL; + } + if (!ns_capable(top->user_ns, CAP_SYS_ADMIN)) + return -EPERM; + if (pid[nr-1] < 0 || pid[nr-1] > pid_max) + return -EINVAL; + + for (i = 0; i < nr; i++) { + /* Write directly: see the comment in pid_ns_ctl_handler() */ + pid_ns->last_pid = pid[i]; + pid_ns = pid_ns->parent; + } + + return 0; +} + static struct user_namespace *pidns_owner(struct ns_common *ns) { return to_pid_ns(ns)->user_ns;