From: Al Viro
for now - just move corresponding ->proc_inum instances over there
Acked-by: "Eric W. Biederman"
Signed-off-by: Al Viro
(cherry picked from VZ8 commit 435d5f4bb2ccba3b791d9ef61d2590e30b8e806e)
https://jira.sw.ru/browse/PSBM-102357
Signed-off-by: Pavel Tikhomirov
---
fs/mount
From: Al Viro
We can do that now. And kill ->inum(), while we are at it - all instances
are identical.
Signed-off-by: Al Viro
(cherry picked from VZ8 commit 64964528b24ea390824f0e5ce9d34b8d39b28cde)
https://jira.sw.ru/browse/PSBM-102357
Signed-off-by: Pavel Tikhomirov
---
fs/namespace.c
From: Kirill Tkhai
This function will be used to obtain net of tun device.
Signed-off-by: Kirill Tkhai
Signed-off-by: David S. Miller
(cherry picked from commit 24dce0800baaa508b1a8ccf01ae0a9c8e600a5aa)
https://jira.sw.ru/browse/PSBM-102357
Signed-off-by: Pavel Tikhomirov
---
fs/nsfs.c |
This reverts commit b823f8df2fcbc936ef228d5eeb419d06df4cc4f7.
We switch from procfs ns-files to nsfs ones, so we will apply nsfs
version of the patch instead.
https://jira.sw.ru/browse/PSBM-102357
Signed-off-by: Pavel Tikhomirov
---
drivers/net/tun.c | 10 --
include/uapi/lin
From: Andrey Vagin
Each socket operates in a network namespace where it has been created,
so if we want to dump and restore a socket, we have to know its network
namespace.
We have a socket_diag to get information about sockets, it doesn't
report sockets which are not bound or connected.
This p
This reverts commit a8e0dd94d5cd9e0efefdd928a55d669eff176723.
We switch from procfs ns-files to nsfs ones, so we will apply nsfs
version of the patch instead.
https://jira.sw.ru/browse/PSBM-102357
Signed-off-by: Pavel Tikhomirov
---
fs/proc/namespaces.c | 81 ---
From: Cong Wang
Andrey reported a use-after-free in __ns_get_path():
spin_lock include/linux/spinlock.h:299 [inline]
lockref_get_not_dead+0x19/0x80 lib/lockref.c:179
__ns_get_path+0x197/0x860 fs/nsfs.c:66
open_related_ns+0xda/0x200 fs/nsfs.c:143
sock_ioctl+0x39d/0x440 net/socket.c:1001
From: Kirill Tkhai
pid_ns_for_children set by a task is known only to the task itself, and
it's impossible to identify it from outside.
It's a big problem for checkpoint/restore software like CRIU, because it
can't correctly handle tasks, that do setns(CLONE_NEWPID) in proccess of
their work.
T
This reverts commit 7cb9e7ae7041f348f2be384ea17352e117f3d00d.
We switch from procfs ns-files to nsfs ones, so we will apply nsfs
version of the patch instead.
https://jira.sw.ru/browse/PSBM-102357
Signed-off-by: Pavel Tikhomirov
---
drivers/net/tun.c | 11 +--
1 file changed, 1 inserti
From: Al Viro
Signed-off-by: Al Viro
(cherry picked from VZ8 commit 3c0411846118a578de3a979faf2da3ab5fb81179)
https://jira.sw.ru/browse/PSBM-102357
Signed-off-by: Pavel Tikhomirov
---
ipc/namespace.c | 15 +--
kernel/pid_namespace.c | 14 +-
kernel/user_name
From: Kirill Tkhai
Patch series "Expose task pid_ns_for_children to userspace".
pid_ns_for_children set by a task is known only to the task itself, and
it's impossible to identify it from outside.
It's a big problem for checkpoint/restore software like CRIU, because it
can't correctly handle ta
From: Al Viro
Acked-by: "Eric W. Biederman"
Signed-off-by: Al Viro
(cherry picked from VZ8 commit 58be28256d98a6b996b20f49130ea11afb8de75a)
https://jira.sw.ru/browse/PSBM-102357
Signed-off-by: Pavel Tikhomirov
---
fs/namespace.c | 21 +
1 file changed, 13 insertions(+),
Looks like it was accidentally moved far away from where it has to be.
Moving it back helps to apply next patches cleaner.
https://jira.sw.ru/browse/PSBM-102357
Signed-off-by: Pavel Tikhomirov
---
kernel/user_namespace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel
From: Al Viro
the only in-tree instance checks d_unhashed() anyway,
out-of-tree code can preserve the current behaviour by
adding such check if they want it and we get an ability
to use it in cases where we *want* to be notified of
killing being inevitable before ->d_lock is dropped,
whether it's
From: Al Viro
Signed-off-by: Al Viro
(cherry picked from VZ8 commit ff24870f46d51d79fc74a241fd7c12ccb933c69f)
https://jira.sw.ru/browse/PSBM-102357
Signed-off-by: Pavel Tikhomirov
---
net/core/net_namespace.c | 16 ++--
1 file changed, 10 insertions(+), 6 deletions(-)
diff --gi
From: Al Viro
New pseudo-filesystem: nsfs. Targets of /proc/*/ns/* live there now.
It's not mountable (not even registered, so it's not in /proc/filesystems,
etc.). Files on it *are* bindable - we explicitly permit that in do_loopback().
This stuff lives in fs/nsfs.c now; proc_ns_fget() moved
From: Kirill Tkhai
In commit f2780d6d7475 "tun: Add ioctl() SIOCGSKNS cmd to allow
obtaining net ns of tun device" it was missed that tun may change
its net ns, while net ns of socket remains the same as it was
created initially. SIOCGSKNS returns net ns of socket, so it is
not suitable for obtai
From: Kirill Tkhai
This function will be used to obtain net of tun device.
Signed-off-by: Kirill Tkhai
Signed-off-by: David S. Miller
(cherry picked from commit d8d211a2a0c37755a8660dc69f97b7c70bf210b1)
https://jira.sw.ru/browse/PSBM-102357
Signed-off-by: Pavel Tikhomirov
---
include/linu
From: "Eric W. Biederman"
Today mountinfo displays a very unhelpful "/" for nsfs files. Add a
show_path method returning the same string as ns_dname. This results
in a bind mount of /proc//ns/net showing up in /proc//mountinfo as
"net:[1234...]" instead of "/".
Signed-off-by: "Eric W. Biederma
From: Al Viro
take struct ns_common *, for now simply wrappers around proc_{alloc,free}_inum()
(cherry picked from VZ8 commit 6344c433a452b1a05d03a61a6a85d89f793bb7b8)
https://jira.sw.ru/browse/PSBM-102357
Signed-off-by: Al Viro
Signed-off-by: Pavel Tikhomirov
---
fs/namespace.c |
This reverts commit ac08c64138ac52eaba5a451801a931181e845359.
We switch from procfs ns-files to nsfs ones, so we will apply nsfs
version of the patch instead.
https://jira.sw.ru/browse/PSBM-102357
Signed-off-by: Pavel Tikhomirov
---
fs/proc/namespaces.c| 6 --
include/linux/proc_ns.h
From: Kirill Tkhai
This patch adds possibility to get tun device's net namespace fd
in the same way we allow to do that for sockets.
Socket ioctl numbers do not intersect with tun-specific, and there
is already SIOCSIFHWADDR used in tun code. So, SIOCGSKNS number
is choosen instead of custom-mad
From: Al Viro
Signed-off-by: Al Viro
(cherry picked from VZ8 commit 33c429405a2c8d9e42afb9fee88a63cfb2de1e98)
https://jira.sw.ru/browse/PSBM-102357
Signed-off-by: Pavel Tikhomirov
---
fs/namespace.c| 1 +
fs/proc/inode.c | 6 ++
include/linux/ns_common.h | 3 +++
i
This reverts commit 2b151c3f890947af0f9ad091cfc00e74cfdfcdce.
We switch from procfs ns-files to nsfs ones, so we will apply nsfs
version of the patch instead.
https://jira.sw.ru/browse/PSBM-102357
Signed-off-by: Pavel Tikhomirov
---
fs/proc/namespaces.c| 4 +---
include/linux/proc_ns.h | 1
This reverts commit 93dca538d184c711212f44ac92791772a56a6617.
We switch from procfs ns-files to nsfs ones, so we will apply nsfs
version of the patch instead.
https://jira.sw.ru/browse/PSBM-102357
Signed-off-by: Pavel Tikhomirov
---
fs/namespace.c | 7 ---
include/linux/pr
This reverts commit 8782a0069f1b31dc9550e98e351a43eb20b9887a.
We switch from procfs ns-files to nsfs ones, so we will apply nsfs
version of the patch instead.
https://jira.sw.ru/browse/PSBM-102357
Signed-off-by: Pavel Tikhomirov
---
fs/proc/inode.c | 17 -
1 file changed, 17 de
This reverts commit 302889fa2e3d0b9a36f118efa56c3378d63e0d94.
We switch from procfs ns-files to nsfs ones, so we will apply nsfs
version of the patch instead.
https://jira.sw.ru/browse/PSBM-102357
Signed-off-by: Pavel Tikhomirov
---
fs/proc/namespaces.c | 2 +-
include/linux/proc_ns.h
From: Andrey Vagin
Return -EPERM if an owning user namespace is outside of a process
current user namespace.
v2: In a first version ns_get_owner returned ENOENT for init_user_ns.
This special cases was removed from this version. There is nothing
outside of init_user_ns, so we can return
From: Andrey Vagin
Each namespace has an owning user namespace and now there is not way
to discover these relationships.
Understending namespaces relationships allows to answer the question:
what capability does process X have to perform operations on a resource
governed by namespace Y?
After a
This reverts commit edaecdb8adac2871e9d5afa0dd127d4a92a34162.
We switch from procfs ns-files to nsfs ones, so we will apply nsfs
version of the patch instead.
https://jira.sw.ru/browse/PSBM-102357
Signed-off-by: Pavel Tikhomirov
---
fs/proc/namespaces.c| 1 -
include/linux/proc_ns.h | 1
We have problems with /proc/pid/ns/name bind-mounts in CRIU
1) Currently (without nsfs) such a bind mount have same superblock with
/proc mount, but in case of nested pid-namespaces container can have
multiple different /proc mounts and for ns-bind-mount we need to bind it
from the right pidns. So
From: Andrey Vagin
Pid and user namepaces are hierarchical. There is no way to discover
parent-child relationships.
In a future we will use this interface to dump and restore nested
namespaces.
Acked-by: Serge Hallyn
Signed-off-by: Andrei Vagin
Signed-off-by: Eric W. Biederman
(cherry picke
From: Al Viro
a) make get_proc_ns() return a pointer to struct ns_common
b) mirror ns_ops in dentry->d_fsdata of ns dentries, so that
is_mnt_ns_file() could get away with fewer dereferences.
That way struct proc_ns becomes invisible outside of fs/proc/*.c
Signed-off-by: Al Viro
(cherry picked
The commit is pushed to "branch-rh8-4.18.0-80.1.2.vz8.3.x-ovz" and will appear
at https://src.openvz.org/scm/ovz/vzkernel.git
after rh8-4.18.0-80.1.2.vz8.3.11
-->
commit c11a2463a01f78a90bb42d0e3b20506474af3ac5
Author: Valeriy Vdovin
Date: Mon Jun 8 19:07:29 2020 +0300
ve/binfmt_misc:
The commit is pushed to "branch-rh7-3.10.0-1127.8.2.vz7.151.x-ovz" and will
appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1127.8.2.vz7.151.11
-->
commit 52b6f16dcbefd7acc150c0f8573b4813c1398c87
Author: Andrey Ryabinin
Date: Mon Jun 8 13:49:10 2020 +0300
kernel/
On 08.06.2020 13:04, Andrey Ryabinin wrote:
> There are cgroups with several css'es like, e.g. cpu,cpuacct.
> The increment of the cgroup->online_cnt counter happens in the online_css()
> which is called per each css on cgroup onlining. This leads to leaking such
> cgroups as ->online_cnt can't bec
There are cgroups with several css'es like, e.g. cpu,cpuacct.
The increment of the cgroup->online_cnt counter happens in the online_css()
which is called per each css on cgroup onlining. This leads to leaking such
cgroups as ->online_cnt can't become zero.
Move refcount increments to the upper lev
37 matches
Mail list logo