| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 22 Oct 2017 08:05:44 +0000
From: Gargi Sharma <gs051095@...il.com>
To: Andrei Vagin <avagin@...tuozzo.com>
Cc: Oleg Nesterov <oleg@...hat.com>, linux-kernel@...r.kernel.org,
Rik van Riel <riel@...riel.com>,
Julia Lawall <julia.lawall@...6.fr>,
Andrew Morton <akpm@...ux-foundation.org>, mingo@...nel.org,
pasha.tatashin@...cle.com, ktkhai@...tuozzo.com,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Christoph Hellwig <hch@...radead.org>, lkp@...el.com,
tony.luck@...el.com
Subject: Re: [v6,1/2] pid: Replace pid bitmap implementation with IDR API
On Fri, Oct 20, 2017 at 6:21 PM, Andrei Vagin <avagin@...tuozzo.com> wrote:
> On Fri, Oct 20, 2017 at 05:06:47PM +0100, Gargi Sharma wrote:
>> On Thu, Oct 19, 2017 at 5:18 PM, Oleg Nesterov <oleg@...hat.com> wrote:
>> > On 10/19, Andrei Vagin wrote:
>> >>
>> >> Hi Gargi,
>> >>
>> >> This patch breaks CRIU, because it changes a meaning of ns_last_pid.
>> >
>> > ...
>> >
>> >> > @@ -311,7 +297,7 @@ static int pid_ns_ctl_handler(struct ctl_table *table, int write,
>> >> > * it should synchronize its usage with external means.
>> >> > */
>> >> >
>> >> > - tmp.data = &pid_ns->last_pid;
>> >> > + tmp.data = &pid_ns->idr.idr_next;
>> >
>> > Ah, yes, off-by-one error...
>> >
>> > Gargi, I don't think you need to make another version, I'd suggest you to send
>> > the trivial fix to Andrew, afaics you just need to replace these 2 lines with
>> >
>> > unsigned int last;
>> > int err;
>> >
>> > tmp.data = &last;
>> > err = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
>> > if (!err)
>> > idr_set_cursor(&pid_ns->idr, last + 1);
>> > return err;
>> I'm not sure entirely understand how this takes care of rolling over of PIDs?
>> Can we ignore that? If yes, won't the tests for CRIU still break?
>
> Gargi, I don't understand what you mean. Could you elaborate? Do you
> mean a case when idr_next is bigger than pid_max? I think this logic
> remains the same what we had before switching to idr.
When the PIDs are allocated, if the allocation exceeds pid_max wraps
around and starts allocating PIDs starting from pid_min.
I'm not sure if idr_set_cursor(&pid_ns->idr, pid_ns->idr.idr_next + 1)
takes care of that.
Gargi
>
> CRIU tests works with a following patch. It is slightly modified version
> of Oleg's patch.
>
> diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c
> index fea2c24..1c791b3 100644
> --- a/kernel/pid_namespace.c
> +++ b/kernel/pid_namespace.c
> @@ -287,6 +287,7 @@ static int pid_ns_ctl_handler(struct ctl_table
> *table, int write,
> {
> struct pid_namespace *pid_ns = task_active_pid_ns(current);
> struct ctl_table tmp = *table;
> + int ret;
>
> if (write && !ns_capable(pid_ns->user_ns, CAP_SYS_ADMIN))
> return -EPERM;
> @@ -298,7 +299,12 @@ static int pid_ns_ctl_handler(struct ctl_table
> *table, int write,
> */
>
> tmp.data = &pid_ns->idr.idr_next;
> - return proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
> + ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
> + if (ret < 0)
> + return ret;
> +
> + idr_set_cursor(&pid_ns->idr, pid_ns->idr.idr_next + 1);
> + return 0;
> }
>
> extern int pid_max;
>
>
>>
>> Thanks,
>> Gargi
>> >
>> > Oleg.
>> >
Powered by blists - more mailing lists