On Tue, Oct 06, 2015 at 11:24:32PM +0300, Vladimir Davydov wrote:
> On Tue, Oct 06, 2015 at 12:35:41PM +0300, Kirill Tkhai wrote:
>
> > @@ -238,6 +238,21 @@ int vz_security_protocol_check(struct net *net, int
> > protocol)
> > }
> > EXPORT_SYMBOL_GPL(vz_security_protocol_check);
> >
> > +/* Check if current user_ns is initial for current ve */
> > +bool current_user_ns_initial(void)
> > +{
> > + struct ve_struct *ve = get_exec_env();
> > + bool ret = false;
> > +
> > + rcu_read_lock();
> > + if (ve->ve_ns && ve->init_cred->user_ns == current_user_ns())
> > + ret = true;
>
> Any reason to call this under rcu_read_lock? We don't dereference
> ve->ve_ns here, and ve->init_cred is not RCU-protected if I'm not
> missing something.
After digging a bit deeper, everything looks correct to me: if ve->ve_ns
is not NULL, ve->init_cred must be actual, because it is freed after
synchronize_rcu, while ve->ve_ns is cleared before. So never mind my
question.
>
> > + rcu_read_unlock();
> > +
> > + return ret;
> > +}
> > +EXPORT_SYMBOL(current_user_ns_initial);
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel
