)]}' { "log": [ { "commit": "c876ad7682155958d0c9c27afe9017925c230d64", "tree": "926064bd7909f60daed3b6b963555e57cab7b520", "parents": [ "8382fcac1b813ad0a4e68a838fc7ae93fa39eda0" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Fri Dec 21 20:27:12 2012 -0800" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Tue Dec 25 16:10:05 2012 -0800" }, "message": "pidns: Stop pid allocation when init dies\n\nOleg pointed out that in a pid namespace the sequence.\n- pid 1 becomes a zombie\n- setns(thepidns), fork,...\n- reaping pid 1.\n- The injected processes exiting.\n\nCan lead to processes attempting access their child reaper and\ninstead following a stale pointer.\n\nThat waitpid for init can return before all of the processes in\nthe pid namespace have exited is also unfortunate.\n\nAvoid these problems by disabling the allocation of new pids in a pid\nnamespace when init dies, instead of when the last process in a pid\nnamespace is reaped.\n\nPointed-out-by: Oleg Nesterov \u003coleg@redhat.com\u003e\nReviewed-by: Oleg Nesterov \u003coleg@redhat.com\u003e\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\n" }, { "commit": "5e4a08476b50fa39210fca82e03325cc46b9c235", "tree": "fb3a3c6b4c3f613abf354adefcff8a74051acdce", "parents": [ "520d9eabce18edfef76a60b7b839d54facafe1f9" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Fri Dec 14 07:55:36 2012 -0800" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Fri Dec 14 16:12:03 2012 -0800" }, "message": "userns: Require CAP_SYS_ADMIN for most uses of setns.\n\nAndy Lutomirski \u003cluto@amacapital.net\u003e found a nasty little bug in\nthe permissions of setns. With unprivileged user namespaces it\nbecame possible to create new namespaces without privilege.\n\nHowever the setns calls were relaxed to only require CAP_SYS_ADMIN in\nthe user nameapce of the targed namespace.\n\nWhich made the following nasty sequence possible.\n\npid \u003d clone(CLONE_NEWUSER | CLONE_NEWNS);\nif (pid \u003d\u003d 0) { /* child */\n\tsystem(\"mount --bind /home/me/passwd /etc/passwd\");\n}\nelse if (pid !\u003d 0) { /* parent */\n\tchar path[PATH_MAX];\n\tsnprintf(path, sizeof(path), \"/proc/%u/ns/mnt\");\n\tfd \u003d open(path, O_RDONLY);\n\tsetns(fd, 0);\n\tsystem(\"su -\");\n}\n\nPrevent this possibility by requiring CAP_SYS_ADMIN\nin the current user namespace when joing all but the user namespace.\n\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\n" }, { "commit": "98f842e675f96ffac96e6c50315790912b2812be", "tree": "ed4dee9a6e54e3443e9f3f1614c8a2fcf9b31e0a", "parents": [ "bf056bfa80596a5d14b26b17276a56a0dcb080e5" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Wed Jun 15 10:21:48 2011 -0700" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Tue Nov 20 04:19:49 2012 -0800" }, "message": "proc: Usable inode numbers for the namespace file descriptors.\n\nAssign a unique proc inode to each namespace, and use that\ninode number to ensure we only allocate at most one proc\ninode for every namespace in proc.\n\nA single proc inode per namespace allows userspace to test\nto see if two processes are in the same namespace.\n\nThis has been a long requested feature and only blocked because\na naive implementation would put the id in a global space and\nwould ultimately require having a namespace for the names of\nnamespaces, making migration and certain virtualization tricks\nimpossible.\n\nWe still don\u0027t have per superblock inode numbers for proc, which\nappears necessary for application unaware checkpoint/restart and\nmigrations (if the application is using namespace file descriptors)\nbut that is now allowd by the design if it becomes important.\n\nI have preallocated the ipc and uts initial proc inode numbers so\ntheir structures can be statically initialized.\n\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n" }, { "commit": "50804fe3737ca6a5942fdc2057a18a8141d00141", "tree": "ae85d7ba1f24111f225f794e3310c39319d5a412", "parents": [ "1c4042c29bd2e85aac4110552ca8ade763762e84" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Tue Mar 02 15:41:50 2010 -0800" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Nov 19 05:59:16 2012 -0800" }, "message": "pidns: Support unsharing the pid namespace.\n\nUnsharing of the pid namespace unlike unsharing of other namespaces\ndoes not take affect immediately. Instead it affects the children\ncreated with fork and clone. The first of these children becomes the init\nprocess of the new pid namespace, the rest become oddball children\nof pid 0. From the point of view of the new pid namespace the process\nthat created it is pid 0, as it\u0027s pid does not map.\n\nA couple of different semantics were considered but this one was\nsettled on because it is easy to implement and it is usable from\npam modules. The core reasons for the existence of unshare.\n\nI took a survey of the callers of pam modules and the following\nappears to be a representative sample of their logic.\n{\n\tsetup stuff include pam\n\tchild \u003d fork();\n\tif (!child) {\n\t\tsetuid()\n exec /bin/bash\n }\n waitpid(child);\n\n pam and other cleanup\n}\n\nAs you can see there is a fork to create the unprivileged user\nspace process. Which means that the unprivileged user space\nprocess will appear as pid 1 in the new pid namespace. Further\nmost login processes do not cope with extraneous children which\nmeans shifting the duty of reaping extraneous child process to\nthe creator of those extraneous children makes the system more\ncomprehensible.\n\nThe practical reason for this set of pid namespace semantics is\nthat it is simple to implement and verify they work correctly.\nWhereas an implementation that requres changing the struct\npid on a process comes with a lot more races and pain. Not\nthe least of which is that glibc caches getpid().\n\nThese semantics are implemented by having two notions\nof the pid namespace of a proces. There is task_active_pid_ns\nwhich is the pid namspace the process was created with\nand the pid namespace that all pids are presented to\nthat process in. The task_active_pid_ns is stored\nin the struct pid of the task.\n\nThen there is the pid namespace that will be used for children\nthat pid namespace is stored in task-\u003ensproxy-\u003epid_ns.\n\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n" }, { "commit": "57e8391d327609cbf12d843259c968b9e5c1838f", "tree": "53a5750360300da641fea08890bb531789ffba91", "parents": [ "225778d68d98e7cfe2579f8d8b2d7b76f8541b8b" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Sun Mar 07 18:17:03 2010 -0800" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Nov 19 05:59:14 2012 -0800" }, "message": "pidns: Add setns support\n\n- Pid namespaces are designed to be inescapable so verify that the\n passed in pid namespace is a child of the currently active\n pid namespace or the currently active pid namespace itself.\n\n Allowing the currently active pid namespace is important so\n the effects of an earlier setns can be cancelled.\n\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n" }, { "commit": "225778d68d98e7cfe2579f8d8b2d7b76f8541b8b", "tree": "d4bc4b78c3e19821eaaffacc5341d02328bcd3c9", "parents": [ "af4b8a83add95ef40716401395b44a1b579965f4" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Thu Aug 02 08:35:35 2012 -0700" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Nov 19 05:59:13 2012 -0800" }, "message": "pidns: Deny strange cases when creating pid namespaces.\n\ntask_active_pid_ns(current) !\u003d current-\u003ens_proxy-\u003epid_ns will\nsoon be allowed to support unshare and setns.\n\nThe definition of creating a child pid namespace when\ntask_active_pid_ns(current) !\u003d current-\u003ens_proxy-\u003epid_ns could be that\nwe create a child pid namespace of current-\u003ens_proxy-\u003epid_ns. However\nthat leads to strange cases like trying to have a single process be\ninit in multiple pid namespaces, which is racy and hard to think\nabout.\n\nThe definition of creating a child pid namespace when\ntask_active_pid_ns(current) !\u003d current-\u003ens_proxy-\u003epid_ns could be that\nwe create a child pid namespace of task_active_pid_ns(current). While\nthat seems less racy it does not provide any utility.\n\nTherefore define the semantics of creating a child pid namespace when\ntask_active_pid_ns(current) !\u003d current-\u003ens_proxy-\u003epid_ns to be that the\npid namespace creation fails. That is easy to implement and easy\nto think about.\n\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\n" }, { "commit": "af4b8a83add95ef40716401395b44a1b579965f4", "tree": "2f3f606b7327f74c1c1beb8a75886318c51c838a", "parents": [ "5e1182deb81ae8c68494017c4a8a71811659c870" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Wed Aug 01 15:03:42 2012 -0700" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Nov 19 05:59:12 2012 -0800" }, "message": "pidns: Wait in zap_pid_ns_processes until pid_ns-\u003enr_hashed \u003d\u003d 1\n\nLooking at pid_ns-\u003enr_hashed is a bit simpler and it works for\ndisjoint process trees that an unshare or a join of a pid_namespace\nmay create.\n\nAcked-by: \"Serge E. Hallyn\" \u003cserge@hallyn.com\u003e\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\n" }, { "commit": "0a01f2cc390e10633a54f72c608cc3fe19a50c3d", "tree": "e713a1c45b5ce125a5d33b61d528cd45264d47a7", "parents": [ "17cf22c33e1f1b5e435469c84e43872579497653" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Wed Aug 01 10:33:47 2012 -0700" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Nov 19 05:59:10 2012 -0800" }, "message": "pidns: Make the pidns proc mount/umount logic obvious.\n\nTrack the number of pids in the proc hash table. When the number of\npids goes to 0 schedule work to unmount the kernel mount of proc.\n\nMove the mount of proc into alloc_pid when we allocate the pid for\ninit.\n\nRemove the surprising calls of pid_ns_release proc in fork and\nproc_flush_task. Those code paths really shouldn\u0027t know about proc\nnamespace implementation details and people have demonstrated several\ntimes that finding and understanding those code paths is difficult and\nnon-obvious.\n\nBecause of the call path detach pid is alwasy called with the\nrtnl_lock held free_pid is not allowed to sleep, so the work to\nunmounting proc is moved to a work queue. This has the side benefit\nof not blocking the entire world waiting for the unnecessary\nrcu_barrier in deactivate_locked_super.\n\nIn the process of making the code clear and obvious this fixes a bug\nreported by Gao feng \u003cgaofeng@cn.fujitsu.com\u003e where we would leak a\nmount of proc during clone(CLONE_NEWPID|CLONE_NEWNET) if copy_pid_ns\nsucceeded and copy_net_ns failed.\n\nAcked-by: \"Serge E. Hallyn\" \u003cserge@hallyn.com\u003e\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\n" }, { "commit": "49f4d8b93ccf9454284b6f524b96c66d8d7fbccc", "tree": "06540b59a9d302687fd0519239729c1612d0e2b7", "parents": [ "ae06c7c83fc6e97ba247a261921c101960f3d28f" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Thu Aug 02 04:25:10 2012 -0700" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Nov 19 05:57:31 2012 -0800" }, "message": "pidns: Capture the user namespace and filter ns_last_pid\n\n- Capture the the user namespace that creates the pid namespace\n- Use that user namespace to test if it is ok to write to\n /proc/sys/kernel/ns_last_pid.\n\nZhao Hongjiang \u003czhaohongjiang@huawei.com\u003e noticed I was missing a put_user_ns\nin when destroying a pid_ns. I have foloded his patch into this one\nso that bisects will work properly.\n\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\n" }, { "commit": "f2302505775fd13ba93f034206f1e2a587017929", "tree": "0397e3cbf7556e93618ed7ad7316578049707ca1", "parents": [ "d5ea7b5ec1ee4dac868143806c0bd94855754677" ], "author": { "name": "Andrew Vagin", "email": "avagin@openvz.org", "time": "Thu Oct 25 13:38:07 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Oct 25 14:37:53 2012 -0700" }, "message": "pidns: limit the nesting depth of pid namespaces\n\n\u0027struct pid\u0027 is a \"variable sized struct\" - a header with an array of\nupids at the end.\n\nThe size of the array depends on a level (depth) of pid namespaces. Now a\nlevel of pidns is not limited, so \u0027struct pid\u0027 can be more than one page.\n\nLooks reasonable, that it should be less than a page. MAX_PIS_NS_LEVEL is\nnot calculated from PAGE_SIZE, because in this case it depends on\narchitectures, config options and it will be reduced, if someone adds a\nnew fields in struct pid or struct upid.\n\nI suggest to set MAX_PIS_NS_LEVEL \u003d 32, because it saves ability to expand\n\"struct pid\" and it\u0027s more than enough for all known for me use-cases.\nWhen someone finds a reasonable use case, we can add a config option or a\nsysctl parameter.\n\nIn addition it will reduce the effect of another problem, when we have\nmany nested namespaces and the oldest one starts dying.\nzap_pid_ns_processe will be called for each namespace and find_vpid will\nbe called for each process in a namespace. find_vpid will be called\nminimum max_level^2 / 2 times. The reason of that is that when we found a\nbit in pidmap, we can\u0027t determine this pidns is top for this process or it\nisn\u0027t.\n\nvpid is a heavy operation, so a fork bomb, which create many nested\nnamespace, can make a system inaccessible for a long time. For example my\nsystem becomes inaccessible for a few minutes with 4000 processes.\n\n[akpm@linux-foundation.org: return -EINVAL in response to excessive nesting, not -ENOMEM]\nSigned-off-by: Andrew Vagin \u003cavagin@openvz.org\u003e\nAcked-by: Oleg Nesterov \u003coleg@redhat.com\u003e\nCc: Cyrill Gorcunov \u003cgorcunov@openvz.org\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: Pavel Emelyanov \u003cxemul@parallels.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "bbc2e3ef87851bc5430b2b4cf4ca3a2f29baeda6", "tree": "d9cef396c8370184f23e99480725aa8fde4bea08", "parents": [ "dc36d7e7cd422d69b15e7ec7cc1f021f581a6b6d" ], "author": { "name": "Cyrill Gorcunov", "email": "gorcunov@openvz.org", "time": "Fri Oct 19 13:56:53 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Oct 19 14:07:47 2012 -0700" }, "message": "pidns: remove recursion from free_pid_ns()\n\nfree_pid_ns() operates in a recursive fashion:\n\nfree_pid_ns(parent)\n put_pid_ns(parent)\n kref_put(\u0026ns-\u003ekref, free_pid_ns);\n free_pid_ns\n\nthus if there was a huge nesting of namespaces the userspace may trigger\navalanche calling of free_pid_ns leading to kernel stack exhausting and a\npanic eventually.\n\nThis patch turns the recursion into an iterative loop.\n\nBased on a patch by Andrew Vagin.\n\n[akpm@linux-foundation.org: export put_pid_ns() to modules]\nSigned-off-by: Cyrill Gorcunov \u003cgorcunov@openvz.org\u003e\nCc: Andrew Vagin \u003cavagin@openvz.org\u003e\nCc: Oleg Nesterov \u003coleg@redhat.com\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: Pavel Emelyanov \u003cxemul@parallels.com\u003e\nCc: Greg KH \u003cgreg@kroah.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "437589a74b6a590d175f86cf9f7b2efcee7765e7", "tree": "37bf8635b1356d80ef002b00e84f3faf3d555a63", "parents": [ "68d47a137c3bef754923bccf73fb639c9b0bbd5e", "72235465864d84cedb2d9f26f8e1de824ee20339" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 11:11:09 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 11:11:09 2012 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace\n\nPull user namespace changes from Eric Biederman:\n \"This is a mostly modest set of changes to enable basic user namespace\n support. This allows the code to code to compile with user namespaces\n enabled and removes the assumption there is only the initial user\n namespace. Everything is converted except for the most complex of the\n filesystems: autofs4, 9p, afs, ceph, cifs, coda, fuse, gfs2, ncpfs,\n nfs, ocfs2 and xfs as those patches need a bit more review.\n\n The strategy is to push kuid_t and kgid_t values are far down into\n subsystems and filesystems as reasonable. Leaving the make_kuid and\n from_kuid operations to happen at the edge of userspace, as the values\n come off the disk, and as the values come in from the network.\n Letting compile type incompatible compile errors (present when user\n namespaces are enabled) guide me to find the issues.\n\n The most tricky areas have been the places where we had an implicit\n union of uid and gid values and were storing them in an unsigned int.\n Those places were converted into explicit unions. I made certain to\n handle those places with simple trivial patches.\n\n Out of that work I discovered we have generic interfaces for storing\n quota by projid. I had never heard of the project identifiers before.\n Adding full user namespace support for project identifiers accounts\n for most of the code size growth in my git tree.\n\n Ultimately there will be work to relax privlige checks from\n \"capable(FOO)\" to \"ns_capable(user_ns, FOO)\" where it is safe allowing\n root in a user names to do those things that today we only forbid to\n non-root users because it will confuse suid root applications.\n\n While I was pushing kuid_t and kgid_t changes deep into the audit code\n I made a few other cleanups. I capitalized on the fact we process\n netlink messages in the context of the message sender. I removed\n usage of NETLINK_CRED, and started directly using current-\u003etty.\n\n Some of these patches have also made it into maintainer trees, with no\n problems from identical code from different trees showing up in\n linux-next.\n\n After reading through all of this code I feel like I might be able to\n win a game of kernel trivial pursuit.\"\n\nFix up some fairly trivial conflicts in netfilter uid/git logging code.\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: (107 commits)\n userns: Convert the ufs filesystem to use kuid/kgid where appropriate\n userns: Convert the udf filesystem to use kuid/kgid where appropriate\n userns: Convert ubifs to use kuid/kgid\n userns: Convert squashfs to use kuid/kgid where appropriate\n userns: Convert reiserfs to use kuid and kgid where appropriate\n userns: Convert jfs to use kuid/kgid where appropriate\n userns: Convert jffs2 to use kuid and kgid where appropriate\n userns: Convert hpfs to use kuid and kgid where appropriate\n userns: Convert btrfs to use kuid/kgid where appropriate\n userns: Convert bfs to use kuid/kgid where appropriate\n userns: Convert affs to use kuid/kgid wherwe appropriate\n userns: On alpha modify linux_to_osf_stat to use convert from kuids and kgids\n userns: On ia64 deal with current_uid and current_gid being kuid and kgid\n userns: On ppc convert current_uid from a kuid before printing.\n userns: Convert s390 getting uid and gid system calls to use kuid and kgid\n userns: Convert s390 hypfs to use kuid and kgid where appropriate\n userns: Convert binder ipc to use kuids\n userns: Teach security_path_chown to take kuids and kgids\n userns: Add user namespace support to IMA\n userns: Convert EVM to deal with kuids and kgids in it\u0027s hmac computation\n ...\n" }, { "commit": "579035dc5ddd6d48fd8529e7358b03d911ab9d8a", "tree": "bd54e0a33715547454b241124258c0c3c0d2be5e", "parents": [ "35c448a8a3471b95ebc0ebcf91eb1183401b4274" ], "author": { "name": "Andrew Vagin", "email": "avagin@openvz.org", "time": "Mon Sep 17 14:09:12 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Sep 17 15:00:38 2012 -0700" }, "message": "pid-namespace: limit value of ns_last_pid to (0, max_pid)\n\nThe kernel doesn\u0027t check the pid for negative values, so if you try to\nwrite -2 to /proc/sys/kernel/ns_last_pid, you will get a kernel panic.\n\nThe crash happens because the next pid is -1, and alloc_pidmap() will\ntry to access to a nonexistent pidmap.\n\n map \u003d \u0026pid_ns-\u003epidmap[pid/BITS_PER_PAGE];\n\nSigned-off-by: Andrew Vagin \u003cavagin@openvz.org\u003e\nAcked-by: Cyrill Gorcunov \u003cgorcunov@openvz.org\u003e\nAcked-by: Oleg Nesterov \u003coleg@redhat.com\u003e\nCc: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nCc: Pavel Emelyanov \u003cxemul@parallels.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "523a6a945f3cf5f1d337e50634687a577a732a5f", "tree": "2a144c95d6034489a72bfd67b8b61e04d015c3c6", "parents": [ "4f82f45730c68fdaf9b0472495a965188404866e" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Fri Aug 03 19:11:22 2012 -0700" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Tue Aug 14 21:49:35 2012 -0700" }, "message": "pidns: Export free_pid_ns\n\nThere is a least one modular user so export free_pid_ns so modules can\ncapture and use the pid namespace on the very rare occasion when it\nmakes sense.\n\nAcked-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\n" }, { "commit": "6347e90091041e34bea625370794c92f4ce71228", "tree": "20614d4eedd2993248be3c3562177c7e00f24b68", "parents": [ "f39cdaebb89dc3e6dd4f3e75b6d4e87ef12190af" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Wed Jun 20 12:53:03 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Jun 20 14:39:36 2012 -0700" }, "message": "pidns: guarantee that the pidns init will be the last pidns process reaped\n\nToday we have a twofold bug. Sometimes release_task on pid \u003d\u003d 1 in a pid\nnamespace can run before other processes in a pid namespace have had\nrelease task called. With the result that pid_ns_release_proc can be\ncalled before the last proc_flus_task() is done using upid-\u003ens-\u003eproc_mnt,\nresulting in the use of a stale pointer. This same set of circumstances\ncan lead to waitpid(...) returning for a processes started with\nclone(CLONE_NEWPID) before the every process in the pid namespace has\nactually exited.\n\nTo fix this modify zap_pid_ns_processess wait until all other processes in\nthe pid namespace have exited, even EXIT_DEAD zombies.\n\nThe delay_group_leader and related tests ensure that the thread gruop\nleader will be the last thread of a process group to be reaped, or to\nbecome EXIT_DEAD and self reap. With the change to zap_pid_ns_processes\nwe get the guarantee that pid \u003d\u003d 1 in a pid namespace will be the last\ntask that release_task is called on.\n\nWith pid \u003d\u003d 1 being the last task to pass through release_task\npid_ns_release_proc can no longer be called too early nor can wait return\nbefore all of the EXIT_DEAD tasks in a pid namespace have exited.\n\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nSigned-off-by: Oleg Nesterov \u003coleg@redhat.com\u003e\nCc: Louis Rilling \u003clouis.rilling@kerlabs.com\u003e\nCc: Mike Galbraith \u003cefault@gmx.de\u003e\nAcked-by: Pavel Emelyanov \u003cxemul@parallels.com\u003e\nTested-by: Andrew Wagin \u003cavagin@gmail.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "98ed57eef9f67dfe541be0bca34660ffc88365b2", "tree": "1dee418c15205a31a811597587bdec9d1bc0cdd2", "parents": [ "ac34ebb3a67e699edcb5ac72f19d31679369dfaa" ], "author": { "name": "Cyrill Gorcunov", "email": "gorcunov@gmail.com", "time": "Thu May 31 16:26:42 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu May 31 17:49:32 2012 -0700" }, "message": "sysctl: make kernel.ns_last_pid control dependent on CHECKPOINT_RESTORE\n\nFor those who doesn\u0027t need C/R functionality there is no need to control\nlast pid, ie the pid for the next fork() call.\n\nSigned-off-by: Cyrill Gorcunov \u003cgorcunov@openvz.org\u003e\nCc: Pavel Emelyanov \u003cxemul@parallels.com\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Oleg Nesterov \u003coleg@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "00c10bc13cdb58447d6bb2a003afad7bd60f5a5f", "tree": "64058d4c643706035e2327adecd8be18b852dfb6", "parents": [ "3208450488ae724196f1efffc457e4265957c04e" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Thu May 31 16:26:40 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu May 31 17:49:32 2012 -0700" }, "message": "pidns: make killed children autoreap\n\nForce SIGCHLD handling to SIG_IGN so that signals are not generated and so\nthat the children autoreap. This increases the parallelize and in general\nthe speed of network namespace shutdown.\n\nNote self reaping childrean can exist past zap_pid_ns_processess but they\nwill all be reaped before we allow the pid namespace init task with pid \u003d\u003d\n1 to be reaped.\n\n[akpm@linux-foundation.org: checkpatch fixes]\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nCc: Oleg Nesterov \u003coleg@redhat.com\u003e\nCc: Pavel Emelyanov \u003cxemul@parallels.com\u003e\nCc: Cyrill Gorcunov \u003cgorcunov@openvz.org\u003e\nCc: Louis Rilling \u003clouis.rilling@kerlabs.com\u003e\nCc: Mike Galbraith \u003cefault@gmx.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "cf3f89214ef6a33fad60856bc5ffd7bb2fc4709b", "tree": "d6f5d7eb93bad10cd146a737a3a72e3459ec3e61", "parents": [ "5a04cca6c39cdd0b8c75b0628da634248f381b62" ], "author": { "name": "Daniel Lezcano", "email": "daniel.lezcano@free.fr", "time": "Wed Mar 28 14:42:51 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 28 17:14:36 2012 -0700" }, "message": "pidns: add reboot_pid_ns() to handle the reboot syscall\n\nIn the case of a child pid namespace, rebooting the system does not really\nmakes sense. When the pid namespace is used in conjunction with the other\nnamespaces in order to create a linux container, the reboot syscall leads\nto some problems.\n\nA container can reboot the host. That can be fixed by dropping the\nsys_reboot capability but we are unable to correctly to poweroff/\nhalt/reboot a container and the container stays stuck at the shutdown time\nwith the container\u0027s init process waiting indefinitively.\n\nAfter several attempts, no solution from userspace was found to reliabily\nhandle the shutdown from a container.\n\nThis patch propose to make the init process of the child pid namespace to\nexit with a signal status set to : SIGINT if the child pid namespace\ncalled \"halt/poweroff\" and SIGHUP if the child pid namespace called\n\"reboot\". When the reboot syscall is called and we are not in the initial\npid namespace, we kill the pid namespace for \"HALT\", \"POWEROFF\",\n\"RESTART\", and \"RESTART2\". Otherwise we return EINVAL.\n\nReturning EINVAL is also an easy way to check if this feature is supported\nby the kernel when invoking another \u0027reboot\u0027 option like CAD.\n\nBy this way the parent process of the child pid namespace knows if it\nrebooted or not and can take the right decision.\n\nTest case:\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n\n#include \u003calloca.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003csched.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003csignal.h\u003e\n#include \u003csys/reboot.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003csys/wait.h\u003e\n\n#include \u003clinux/reboot.h\u003e\n\nstatic int do_reboot(void *arg)\n{\n int *cmd \u003d arg;\n\n if (reboot(*cmd))\n printf(\"failed to reboot(%d): %m\\n\", *cmd);\n}\n\nint test_reboot(int cmd, int sig)\n{\n long stack_size \u003d 4096;\n void *stack \u003d alloca(stack_size) + stack_size;\n int status;\n pid_t ret;\n\n ret \u003d clone(do_reboot, stack, CLONE_NEWPID | SIGCHLD, \u0026cmd);\n if (ret \u003c 0) {\n printf(\"failed to clone: %m\\n\");\n return -1;\n }\n\n if (wait(\u0026status) \u003c 0) {\n printf(\"unexpected wait error: %m\\n\");\n return -1;\n }\n\n if (!WIFSIGNALED(status)) {\n printf(\"child process exited but was not signaled\\n\");\n return -1;\n }\n\n if (WTERMSIG(status) !\u003d sig) {\n printf(\"signal termination is not the one expected\\n\");\n return -1;\n }\n\n return 0;\n}\n\nint main(int argc, char *argv[])\n{\n int status;\n\n status \u003d test_reboot(LINUX_REBOOT_CMD_RESTART, SIGHUP);\n if (status \u003c 0)\n return 1;\n printf(\"reboot(LINUX_REBOOT_CMD_RESTART) succeed\\n\");\n\n status \u003d test_reboot(LINUX_REBOOT_CMD_RESTART2, SIGHUP);\n if (status \u003c 0)\n return 1;\n printf(\"reboot(LINUX_REBOOT_CMD_RESTART2) succeed\\n\");\n\n status \u003d test_reboot(LINUX_REBOOT_CMD_HALT, SIGINT);\n if (status \u003c 0)\n return 1;\n printf(\"reboot(LINUX_REBOOT_CMD_HALT) succeed\\n\");\n\n status \u003d test_reboot(LINUX_REBOOT_CMD_POWER_OFF, SIGINT);\n if (status \u003c 0)\n return 1;\n printf(\"reboot(LINUX_REBOOT_CMD_POWERR_OFF) succeed\\n\");\n\n status \u003d test_reboot(LINUX_REBOOT_CMD_CAD_ON, -1);\n if (status \u003e\u003d 0) {\n printf(\"reboot(LINUX_REBOOT_CMD_CAD_ON) should have failed\\n\");\n return 1;\n }\n printf(\"reboot(LINUX_REBOOT_CMD_CAD_ON) has failed as expected\\n\");\n\n return 0;\n}\n\n[akpm@linux-foundation.org: tweak and add comments]\n[akpm@linux-foundation.org: checkpatch fixes]\nSigned-off-by: Daniel Lezcano \u003cdaniel.lezcano@free.fr\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nTested-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nReviewed-by: Oleg Nesterov \u003coleg@redhat.com\u003e\nCc: Michael Kerrisk \u003cmtk.manpages@gmail.com\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "a02d6fd643cbd4c559113b35b31d3b04e4ec60c7", "tree": "77bb1bca3380e8a8187bbeb25af6a03307401887", "parents": [ "d2d393099de21eda91c5ec6a05d60e5dee4d5175" ], "author": { "name": "Oleg Nesterov", "email": "oleg@redhat.com", "time": "Fri Mar 23 15:02:46 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Mar 23 16:58:41 2012 -0700" }, "message": "signal: zap_pid_ns_processes: s/SEND_SIG_NOINFO/SEND_SIG_FORCED/\n\nChange zap_pid_ns_processes() to use SEND_SIG_FORCED, it looks more\nclear compared to SEND_SIG_NOINFO which relies on from_ancestor_ns logic\nsend_signal().\n\nIt is also more efficient if we need to kill a lot of tasks because it\ndoesn\u0027t alloc sigqueue.\n\nWhile at it, add the __fatal_signal_pending(task) check as a minor\noptimization.\n\nSigned-off-by: Oleg Nesterov \u003coleg@redhat.com\u003e\nCc: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Anton Vorontsov \u003canton.vorontsov@linaro.org\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: KOSAKI Motohiro \u003ckosaki.motohiro@gmail.com\u003e\nCc: David Rientjes \u003crientjes@google.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "b8f566b04d3cddd192cfd2418ae6d54ac6353792", "tree": "32a5bf86548cd43feff4822d800b6a99e157b5d7", "parents": [ "f5138e42211d4e8bfbd6ac5b3816348da1533433" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@parallels.com", "time": "Thu Jan 12 17:20:27 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Jan 12 20:13:11 2012 -0800" }, "message": "sysctl: add the kernel.ns_last_pid control\n\nThe sysctl works on the current task\u0027s pid namespace, getting and setting\nits last_pid field.\n\nWriting is allowed for CAP_SYS_ADMIN-capable tasks thus making it possible\nto create a task with desired pid value. This ability is required badly\nfor the checkpoint/restore in userspace.\n\nThis approach suits all the parties for now.\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@parallels.com\u003e\nAcked-by: Tejun Heo \u003ctj@kernel.org\u003e\nCc: Oleg Nesterov \u003coleg@redhat.com\u003e\nCc: Cyrill Gorcunov \u003cgorcunov@openvz.org\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "4308eebbeb2026827d4492ce8c23d99f7f144a82", "tree": "3781e227988b4d986bf98dcc0390df17c6fe8f10", "parents": [ "45a68628d37222e655219febce9e91b6484789b2" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Wed Mar 23 16:43:13 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 23 19:46:58 2011 -0700" }, "message": "pidns: call pid_ns_prepare_proc() from create_pid_namespace()\n\nReorganize proc_get_sb() so it can be called before the struct pid of the\nfirst process is allocated.\n\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nSigned-off-by: Daniel Lezcano \u003cdaniel.lezcano@free.fr\u003e\nCc: Oleg Nesterov \u003coleg@redhat.com\u003e\nCc: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nAcked-by: Serge E. Hallyn \u003cserge@hallyn.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "5a0e3ad6af8660be21ca98a971cd00f331318c05", "tree": "5bfb7be11a03176a87296a43ac6647975c00a1d1", "parents": [ "ed391f4ebf8f701d3566423ce8f17e614cde9806" ], "author": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Wed Mar 24 17:04:11 2010 +0900" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Tue Mar 30 22:02:32 2010 +0900" }, "message": "include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h\n\npercpu.h is included by sched.h and module.h and thus ends up being\nincluded when building most .c files. percpu.h includes slab.h which\nin turn includes gfp.h making everything defined by the two files\nuniversally available and complicating inclusion dependencies.\n\npercpu.h -\u003e slab.h dependency is about to be removed. Prepare for\nthis change by updating users of gfp and slab facilities include those\nheaders directly instead of assuming availability. As this conversion\nneeds to touch large number of source files, the following script is\nused as the basis of conversion.\n\n http://userweb.kernel.org/~tj/misc/slabh-sweep.py\n\nThe script does the followings.\n\n* Scan files for gfp and slab usages and update includes such that\n only the necessary includes are there. ie. if only gfp is used,\n gfp.h, if slab is used, slab.h.\n\n* When the script inserts a new include, it looks at the include\n blocks and try to put the new include such that its order conforms\n to its surrounding. It\u0027s put in the include block which contains\n core kernel includes, in the same order that the rest are ordered -\n alphabetical, Christmas tree, rev-Xmas-tree or at the end if there\n doesn\u0027t seem to be any matching order.\n\n* If the script can\u0027t find a place to put a new include (mostly\n because the file doesn\u0027t have fitting include block), it prints out\n an error message indicating which .h file needs to be added to the\n file.\n\nThe conversion was done in the following steps.\n\n1. The initial automatic conversion of all .c files updated slightly\n over 4000 files, deleting around 700 includes and adding ~480 gfp.h\n and ~3000 slab.h inclusions. The script emitted errors for ~400\n files.\n\n2. Each error was manually checked. Some didn\u0027t need the inclusion,\n some needed manual addition while adding it to implementation .h or\n embedding .c file was more appropriate for others. This step added\n inclusions to around 150 files.\n\n3. The script was run again and the output was compared to the edits\n from #2 to make sure no file was left behind.\n\n4. Several build tests were done and a couple of problems were fixed.\n e.g. lib/decompress_*.c used malloc/free() wrappers around slab\n APIs requiring slab.h to be added manually.\n\n5. The script was run on all .h files but without automatically\n editing them as sprinkling gfp.h and slab.h inclusions around .h\n files could easily lead to inclusion dependency hell. Most gfp.h\n inclusion directives were ignored as stuff from gfp.h was usually\n wildly available and often used in preprocessor macros. Each\n slab.h inclusion directive was examined and added manually as\n necessary.\n\n6. percpu.h was updated not to include slab.h.\n\n7. Build test were done on the following configurations and failures\n were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my\n distributed build env didn\u0027t work with gcov compiles) and a few\n more options had to be turned off depending on archs to make things\n build (like ipr on powerpc/64 which failed due to missing writeq).\n\n * x86 and x86_64 UP and SMP allmodconfig and a custom test config.\n * powerpc and powerpc64 SMP allmodconfig\n * sparc and sparc64 SMP allmodconfig\n * ia64 SMP allmodconfig\n * s390 SMP allmodconfig\n * alpha SMP allmodconfig\n * um on x86_64 SMP allmodconfig\n\n8. percpu.h modifications were reverted so that it could be applied as\n a separate patch and serve as bisection point.\n\nGiven the fact that I had only a couple of failures from tests on step\n6, I\u0027m fairly confident about the coverage of this conversion patch.\nIf there is a breakage, it\u0027s likely to be something in one of the arch\nheaders which should be easily discoverable easily on most builds of\nthe specific arch.\n\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nGuess-its-ok-by: Christoph Lameter \u003ccl@linux-foundation.org\u003e\nCc: Ingo Molnar \u003cmingo@redhat.com\u003e\nCc: Lee Schermerhorn \u003cLee.Schermerhorn@hp.com\u003e\n" }, { "commit": "13aa9a6b0f2371d2ce0de57c2ede62ab7a787157", "tree": "cf6e3d79a3defc5a291575aa26a5405d9815a5a5", "parents": [ "6edb6764409392836b44a61b06d94954efd6200f" ], "author": { "name": "Oleg Nesterov", "email": "oleg@redhat.com", "time": "Wed Mar 10 15:23:09 2010 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Mar 12 15:52:40 2010 -0800" }, "message": "pid_ns: zap_pid_ns_processes: use SEND_SIG_NOINFO instead of force_sig()\n\nzap_pid_ns_processes() uses force_sig(SIGKILL) to ensure SIGKILL will be\ndelivered to sub-namespace inits as well. This is correct, but we are\ngoing to change force_sig_info() semantics. See\nhttp://bugzilla.kernel.org/show_bug.cgi?id\u003d15395#c31\n\nWe can use send_sig_info(SEND_SIG_NOINFO) instead, since\n614c517d7c00af1b26ded20646b329397d6f51a1 (\"signals: SEND_SIG_NOINFO should\nbe considered as SI_FROMUSER()\") SEND_SIG_NOINFO means \"from user\" and\ntherefore send_signal() will get the correct from_ancestor_ns \u003d T flag.\n\nSigned-off-by: Oleg Nesterov \u003coleg@redhat.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nAcked-by: Roland McGrath \u003croland@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "e5a4738699d6eca408dcb225bd350413927701e2", "tree": "1a24e5d7d5eb85affbaf435dbe626ba0a401bb62", "parents": [ "123be07b0b399670a7cc3d82fef0cb4f93ef885c" ], "author": { "name": "Sukadev Bhattiprolu", "email": "sukadev@linux.vnet.ibm.com", "time": "Wed Sep 23 15:57:22 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Sep 24 07:21:04 2009 -0700" }, "message": "pidns: deny CLONE_PARENT|CLONE_NEWPID combination\n\nCLONE_PARENT was used to implement an older threading model. For\nconsistency with the CLONE_THREAD check in copy_pid_ns(), disable\nCLONE_PARENT with CLONE_NEWPID, at least until the required semantics of\npid namespaces are clear.\n\nSigned-off-by: Sukadev Bhattiprolu \u003csukadev@us.ibm.com\u003e\nAcked-by: Roland McGrath \u003croland@redhat.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Oren Laadan \u003corenl@cs.columbia.edu\u003e\nCc: Oleg Nesterov \u003coleg@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "dca4a979604da1bac6956c0117abc2114d6dd3ec", "tree": "88d37178c05c0441900e81df9fbb217b0ac778d6", "parents": [ "ed469a63c37a996fa2c7041d2dc980715707902c" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Wed Jun 17 16:27:53 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Jun 18 13:03:55 2009 -0700" }, "message": "pidns: rewrite copy_pid_ns()\n\ncopy_pid_ns() is a perfect example of a case where unwinding leads to more\ncode and makes it less clear. Watch the diffstat.\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nReviewed-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: Sukadev Bhattiprolu \u003csukadev@linux.vnet.ibm.com\u003e\nReviewed-by: WANG Cong \u003cxiyou.wangcong@gmail.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "ed469a63c37a996fa2c7041d2dc980715707902c", "tree": "a81bb7ff48cf56a10facf949407a28eb9e5961ea", "parents": [ "17f98dcf6010a1cfd25d179fd0ce77d3dc2685c3" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Wed Jun 17 16:27:52 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Jun 18 13:03:55 2009 -0700" }, "message": "pidns: make create_pid_namespace() accept parent pidns\n\ncreate_pid_namespace() creates everything, but caller has to assign parent\npidns by hand, which is unnatural. At the moment of call new -\u003elevel has\nto be taken from somewhere and parent pidns is already available.\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: Sukadev Bhattiprolu \u003csukadev@linux.vnet.ibm.com\u003e\nReviewed-by: WANG Cong \u003cxiyou.wangcong@gmail.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "e4da026f980df125a4918c3bb9fe93185c7ef12a", "tree": "bb755bb687bca82feb05ba3bb6962ef57257dd9a", "parents": [ "921cf9f63089c7442d44083477620132f4cea066" ], "author": { "name": "Sukadev Bhattiprolu", "email": "sukadev@linux.vnet.ibm.com", "time": "Thu Apr 02 16:58:06 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Apr 02 19:04:58 2009 -0700" }, "message": "signals: zap_pid_ns_process() should use force_sig()\n\nsend_signal() assumes that signals with SEND_SIG_PRIV are generated from\nwithin the same namespace. So any nested container-init processes become\nimmune to the SIGKILL generated by kill_proc_info() in\nzap_pid_ns_processes().\n\nUse force_sig() in zap_pid_ns_processes() instead - force_sig() clears the\nSIGNAL_UNKILLABLE flag ensuring the signal is processed by\ncontainer-inits.\n\nSigned-off-by: Sukadev Bhattiprolu \u003csukadev@linux.vnet.ibm.com\u003e\nCc: Oleg Nesterov \u003coleg@tv-sign.ru\u003e\nCc: Roland McGrath \u003croland@redhat.com\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: Daniel Lezcano \u003cdaniel.lezcano@free.fr\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "950bbabb5a804690a0201190de5c22837f72f83f", "tree": "0d198ac02244138936acdf201c80aa4cd2da0bbc", "parents": [ "add0d4dfd660e9e4fd0af3eac3cad23583c9558f" ], "author": { "name": "Oleg Nesterov", "email": "oleg@tv-sign.ru", "time": "Tue Sep 02 14:35:49 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Sep 02 19:21:38 2008 -0700" }, "message": "pid_ns: (BUG 11391) change -\u003echild_reaper when init-\u003egroup_leader exits\n\nWe don\u0027t change pid_ns-\u003echild_reaper when the main thread of the\nsubnamespace init exits. As Robert Rex \u003crobert.rex@exasol.com\u003e pointed\nout this is wrong.\n\nYes, the re-parenting itself works correctly, but if the reparented task\nexits it needs -\u003eparent-\u003ensproxy-\u003epid_ns in do_notify_parent(), and if the\nmain thread is zombie its -\u003ensproxy was already cleared by\nexit_task_namespaces().\n\nIntroduce the new function, find_new_reaper(), which finds the new\n-\u003eparent for the re-parenting and changes -\u003echild_reaper if needed. Kill\nthe now unneeded exit_child_reaper().\n\nAlso move the changing of -\u003echild_reaper from zap_pid_ns_processes() to\nfind_new_reaper(), this consolidates the games with -\u003echild_reaper and\nmakes it stable under tasklist_lock.\n\nAddresses http://bugzilla.kernel.org/show_bug.cgi?id\u003d11391\n\nReported-by: Robert Rex \u003crobert.rex@exasol.com\u003e\nSigned-off-by: Oleg Nesterov \u003coleg@tv-sign.ru\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Sukadev Bhattiprolu \u003csukadev@linux.vnet.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "add0d4dfd660e9e4fd0af3eac3cad23583c9558f", "tree": "8bba7c39efcd5999c0925bed083a0ca68d6a5e40", "parents": [ "e385ea63f44b475e034a78b6d8bc6bb50caf72ca" ], "author": { "name": "Oleg Nesterov", "email": "oleg@tv-sign.ru", "time": "Tue Sep 02 14:35:48 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Sep 02 19:21:38 2008 -0700" }, "message": "pid_ns: zap_pid_ns_processes: fix the -\u003echild_reaper changing\n\nzap_pid_ns_processes() sets pid_ns-\u003echild_reaper \u003d NULL, this is wrong.\n\nYes, we have already killed all tasks in this namespace, and sys_wait4()\ndoesn\u0027t see any child. But this doesn\u0027t mean -\u003echildren list is empty, we\nmay have EXIT_DEAD tasks which are not visible to do_wait(). In that case\nthe subsequent forget_original_parent() will crash the kernel because it\nwill try to re-parent these tasks to the NULL reaper.\n\nEven if there are no childs, it is not good that forget_original_parent()\nuses reaper \u003d\u003d NULL.\n\nChange the code to set -\u003echild_reaper \u003d init_pid_ns.child_reaper instead.\nWe could use pid_ns-\u003eparent-\u003echild_reaper as well, I think this does not\nreally matter. These EXIT_DEAD tasks are not visible to the new -\u003eparent\nafter re-parenting, they will silently do release_task() eventually.\n\nNote that we must change -\u003echild_reaper, otherwise\nforget_original_parent() will use reaper \u003d\u003d father, and in that case we\nwill hit the (correct) BUG_ON(!list_empty(\u0026father-\u003echildren)).\n\nSigned-off-by: Oleg Nesterov \u003coleg@tv-sign.ru\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: Sukadev Bhattiprolu \u003csukadev@linux.vnet.ibm.com\u003e\nAcked-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "0b6b030fc30d169bb406b34b4fc60d99dde4a9c6", "tree": "2bf5160ccfe22107937ddc03a1acd4fc9b1ccaf2", "parents": [ "6248b1b342005a428b1247b4e89249da1528d88d" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@openvz.org", "time": "Fri Jul 25 01:48:47 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jul 25 10:53:47 2008 -0700" }, "message": "bsdacct: switch from global bsd_acct_struct instance to per-pidns one\n\nAllocate the structure on the first call to sys_acct(). After this each\nnamespace, that ordered the accounting, will live with this structure till\nits own death.\n\nTwo notes\n- routines, that close the accounting on fs umount time use\n the init_pid_ns\u0027s acct by now;\n- accounting routine accounts to dying task\u0027s namespace\n (also by now).\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nCc: Balbir Singh \u003cbalbir@in.ibm.com\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "84406c153a5bfa5d8b428a0933e9d39db6b59a75", "tree": "5f39add26e885b810118fbf1740a61f1aac88a4d", "parents": [ "081e4c8a75692c21f3a119a81ca3270081879d0e" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@openvz.org", "time": "Fri Jul 25 01:48:42 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jul 25 10:53:46 2008 -0700" }, "message": "pidns: use kzalloc when allocating new pid_namespace struct\n\nIt makes many fields initialization implicit helping in auto-setting\n#ifdef-ed fields (bsd-acct related pointer will be such).\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nCc: Balbir Singh \u003cbalbir@in.ibm.com\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "caafa4324335aeb11bc233d5f87aca8cce30beba", "tree": "b6371b0c084ffb91f7304a7e392b28ccfdab8a2e", "parents": [ "ab883af53ec1b87add43b32a28d8347f17d5155b" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@openvz.org", "time": "Wed Apr 30 00:54:31 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Apr 30 08:29:49 2008 -0700" }, "message": "pidns: make pid-\u003elevel and pid_ns-\u003elevel unsigned\n\nThese values represent the nesting level of a namespace and pids living in it,\nand it\u0027s always non-negative.\n\nTurning this from int to unsigned int saves some space in pid.c (11 bytes on\nx86 and 64 on ia64) by letting the compiler optimize the pid_nr_ns a bit.\nE.g. on ia64 this removes the sign extension calls, which compiler adds to\noptimize access to pid-\u003enubers[ns-\u003elevel].\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "b331d259b1147f82d692f3b866e036017cbde8fe", "tree": "db8de3a81e63c97c778b950dc6221458df6e6988", "parents": [ "d613c3e2d841889f32b1e74f251a6a6bcd9642cf" ], "author": { "name": "Harvey Harrison", "email": "harvey.harrison@gmail.com", "time": "Mon Apr 28 14:13:19 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Apr 28 17:29:18 2008 -0700" }, "message": "kernel: fix integer as NULL pointer warnings\n\nkernel/cpuset.c:1268:52: warning: Using plain integer as NULL pointer\nkernel/pid_namespace.c:95:24: warning: Using plain integer as NULL pointer\n\nSigned-off-by: Harvey Harrison \u003charvey.harrison@gmail.com\u003e\nReviewed-by: Paul Jackson \u003cpj@sgi.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "74bd59bb39eb08b4379e2590c5f160748d83f812", "tree": "2e0b8e18b0d51f9972239a0322aca313b325a8fa", "parents": [ "aee16ce73c71a241190cef3aaa265f6a3ab8e035" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@openvz.org", "time": "Fri Feb 08 04:18:24 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Fri Feb 08 09:22:23 2008 -0800" }, "message": "namespaces: cleanup the code managed with PID_NS option\n\nJust like with the user namespaces, move the namespace management code into\nthe separate .c file and mark the (already existing) PID_NS option as \"depend\non NAMESPACES\"\n\n[akpm@linux-foundation.org: coding-style fixes]\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Cedric Le Goater \u003cclg@fr.ibm.com\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: Herbert Poetzl \u003cherbert@13thfloor.at\u003e\nCc: Kirill Korotaev \u003cdev@sw.ru\u003e\nCc: Sukadev Bhattiprolu \u003csukadev@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" } ] }