| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 7 Jan 2009 10:37:01 +0100 From: Grzegorz Nosek <root@...aldomain.pl> To: Li Zefan <lizf@...fujitsu.com> Cc: Grzegorz Nosek <root@...aldomain.pl>, containers@...ts.osdl.org, netdev@...r.kernel.org Subject: Re: [RFC][PATCH] IP address restricting cgroup subsystem On śro, sty 07, 2009 at 05:33:49 +0800, Li Zefan wrote: > >> The root cgroup is read-only, so the tasks in it always bind to INADDR_ANY. > >> For other cgroups, write is allowed only if it has no children and the > >> parent is INADDR_ANY. > > > > Yes, I like that. Will update the patch. I assume that I must check > > list_empty(&cgroup->children)? > > Yes. > > > Should I use cgroup_lock()/cgroup_unlock() > > Yes. > > > or other locking? I think it will be safe to do without locks but would > > rather get some expert advice. > > > > No. Without locks, it races with mkdir. > > ============= > > //cgroup_lock(); > > if (list_empty(&cgrp->children) && > parent->ipv4_addr == INADDR_ANY) > <--- mkdir() > ipcgroup->ipv4_addr = new_addr; > > //cgroup_unlock(); > > ============== > > In the above case, ipcgroup->ipv4_addr = new_addr, > but child_cgroup->ipv4_addr == INADDR_ANY, which is not expected. I see. Thanks a lot! Best regards, Grzegorz Nosek -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists