[Devel] [PATCH RH9 16/28] pid_ns: Virtualize pid_max

Thu, 14 Oct 2021 07:35:41 -0700 

From: Kirill Tkhai <ktk...@virtuozzo.com>

Introduce per pid namespace pid_max.

Extracted from "Initial patch".

Signed-off-by: Kirill Tkhai <ktk...@virtuozzo.com>

(cherry-picked from vz7 commit 80da36469321 ("pid_ns: Virtualize pid_max"))

https://jira.sw.ru/browse/PSBM-127857
Signed-off-by: Valeriy Vdovin <valeriy.vdo...@virtuozzo.com>

+++
pid: Use proper ns in proc_dointvec_pidmax()

Use current task pid ns instead of pid ns for future children
https://jira.sw.ru/browse/PSBM-121530
Signed-off-by: Kirill Tkhai <ktk...@virtuozzo.com>

(cherry-picked from vz7 commit d91a0dc98453 ("pid: Use proper ns in
proc_dointvec_pidmax()"))

https://jira.sw.ru/browse/PSBM-127857
Signed-off-by: Valeriy Vdovin <valeriy.vdo...@virtuozzo.com>

(cherry picked from vz8 commit c3299968d4753f7fdf13a792d04795605951c533)
Signed-off-by: Andrey Zhadchenko <andrey.zhadche...@virtuozzo.com>
---
 include/linux/pid_namespace.h |  1 +
 include/linux/threads.h       |  1 +
 kernel/pid.c                  |  2 +-
 kernel/pid_namespace.c        |  4 ++--
 kernel/sysctl.c               | 15 ++++++++++++---
 5 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/include/linux/pid_namespace.h b/include/linux/pid_namespace.h
index 7c7e627..f6b68fb 100644
--- a/include/linux/pid_namespace.h
+++ b/include/linux/pid_namespace.h
@@ -20,6 +20,7 @@ struct pid_namespace {
        struct idr idr;
        struct rcu_head rcu;
        unsigned int pid_allocated;
+       int pid_max;
        struct task_struct *child_reaper;
        struct kmem_cache *pid_cachep;
        unsigned int level;
diff --git a/include/linux/threads.h b/include/linux/threads.h
index 18d5a74..f7dd16f 100644
--- a/include/linux/threads.h
+++ b/include/linux/threads.h
@@ -26,6 +26,7 @@
  * This controls the default maximum pid allocated to a process
  */
 #define PID_MAX_DEFAULT (CONFIG_BASE_SMALL ? 0x1000 : 0x8000)
+#define PID_MAX_NS_DEFAULT     (PID_MAX_DEFAULT)
 
 /*
  * A maximum of 4 million PIDs should be enough for a while.
diff --git a/kernel/pid.c b/kernel/pid.c
index 8d0b41e..6b1a868 100644
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@ -231,7 +231,7 @@ struct pid *alloc_pid(struct pid_namespace *ns, pid_t 
*set_tid,
                         * a partially initialized PID (see below).
                         */
                        nr = idr_alloc_cyclic(&tmp->idr, NULL, pid_min,
-                                             pid_max, GFP_ATOMIC);
+                                             ns->pid_max, GFP_ATOMIC);
                }
                spin_unlock_irq(&pidmap_lock);
                idr_preload_end();
diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c
index 5c6555b..450d613 100644
--- a/kernel/pid_namespace.c
+++ b/kernel/pid_namespace.c
@@ -110,6 +110,7 @@ static struct pid_namespace *create_pid_namespace(struct 
user_namespace *user_ns
        ns->user_ns = get_user_ns(user_ns);
        ns->ucounts = ucounts;
        ns->pid_allocated = PIDNS_ADDING;
+       ns->pid_max = PID_MAX_NS_DEFAULT;
 
        return ns;
 
@@ -281,6 +282,7 @@ static int pid_ns_ctl_handler(struct ctl_table *table, int 
write,
        next = idr_get_cursor(&pid_ns->idr) - 1;
 
        tmp.data = &next;
+       tmp.extra2 = &pid_ns->pid_max;
        ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
        if (!ret && write)
                idr_set_cursor(&pid_ns->idr, next + 1);
@@ -288,7 +290,6 @@ static int pid_ns_ctl_handler(struct ctl_table *table, int 
write,
        return ret;
 }
 
-extern int pid_max;
 static struct ctl_table pid_ns_ctl_table[] = {
        {
                .procname = "ns_last_pid",
@@ -296,7 +297,6 @@ static int pid_ns_ctl_handler(struct ctl_table *table, int 
write,
                .mode = 0666 | S_ISVTX, /* permissions are checked in the 
handler */
                .proc_handler = pid_ns_ctl_handler,
                .extra1 = SYSCTL_ZERO,
-               .extra2 = &pid_max,
        },
        { }
 };
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 53090d6..9bb8935 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -1808,6 +1808,16 @@ int proc_do_static_key(struct ctl_table *table, int 
write,
        return ret;
 }
 
+static int proc_dointvec_pidmax(struct ctl_table *table, int write,
+               void __user *buffer, size_t *lenp, loff_t *ppos)
+{
+       struct ctl_table tmp;
+
+       tmp = *table;
+       tmp.data = &task_active_pid_ns(current)->pid_max;
+       return proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
+}
+
 #ifdef CONFIG_COREDUMP
 sysctl_virtual(proc_dostring_coredump);
 #endif
@@ -2290,10 +2300,9 @@ int proc_do_static_key(struct ctl_table *table, int 
write,
 #endif /* CONFIG_SMP */
        {
                .procname       = "pid_max",
-               .data           = &pid_max,
                .maxlen         = sizeof (int),
-               .mode           = 0644,
-               .proc_handler   = proc_dointvec_minmax,
+               .mode           = 0644 | S_ISVTX,
+               .proc_handler   = proc_dointvec_pidmax,
                .extra1         = &pid_max_min,
                .extra2         = &pid_max_max,
        },
-- 
1.8.3.1

_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel

Reply via email to