Re: Re: [PATCH V3] binder: ipc namespace support for android binder(Internet mail)

2018-11-09 Thread Todd Kjos
On Fri, Nov 9, 2018 at 9:43 PM chouryzhou(周威) wrote: > > > > > > > If IPC_NS is disabled, "current-nsporxy->ipc_ns" will also exists, it > > > will be a static > > > reference of "init_ipc_ns" (in ipc/msgutil.c, not defined in binder.c by > > > me) with > > > no namespace-ization. You will get

Re: Re: [PATCH V3] binder: ipc namespace support for android binder(Internet mail)

2018-11-09 Thread 周威
> > > > If IPC_NS is disabled, "current-nsporxy->ipc_ns" will also exists,  it will > > be a static > > reference of "init_ipc_ns" (in ipc/msgutil.c, not defined in binder.c by > > me) with > > no namespace-ization. You will get the same one in all processes, > > everything is > > the same as  w

Re: Re: [PATCH V3] binder: ipc namespace support for android binder(Internet mail)

2018-11-09 Thread Todd Kjos
On Fri, Nov 9, 2018 at 8:43 PM chouryzhou(周威) wrote: > > If IPC_NS is disabled, "current-nsporxy->ipc_ns" will also exists, it will > be a static > reference of "init_ipc_ns" (in ipc/msgutil.c, not defined in binder.c by me) > with > no namespace-ization. You will get the same one in all proce

Re: Re: [PATCH V3] binder: ipc namespace support for android binder(Internet mail)

2018-11-09 Thread 周威
> > > I still don't understand the dependencies on SYSVIPC or POSIX_MQUEUE. > > > It seems like this mechanism would work even if both are disabled -- > > > as long as IPC_NS is enabled. Seems cleaner to change init/Kconfig and > > > allow IPC_NS if CONFIG_ANDROID_BINDER_IPC and change this line t

Re: Re: [PATCH V3] binder: ipc namespace support for android binder

2018-11-09 Thread Todd Kjos
On Fri, Nov 9, 2018 at 7:09 PM chouryzhou(周威) wrote: > > > > > I still don't understand the dependencies on SYSVIPC or POSIX_MQUEUE. > > It seems like this mechanism would work even if both are disabled -- > > as long as IPC_NS is enabled. Seems cleaner to change init/Kconfig and > > allow IPC_NS

Re: Re: [PATCH V3] binder: ipc namespace support for android binder

2018-11-09 Thread 周威
>  > I still don't understand the dependencies on SYSVIPC or POSIX_MQUEUE. > It seems like this mechanism would work even if both are disabled -- > as long as IPC_NS is enabled. Seems cleaner to change init/Kconfig and > allow IPC_NS if CONFIG_ANDROID_BINDER_IPC and change this line to > "#ifndef C

Re: [PATCH V3] binder: ipc namespace support for android binder

2018-11-09 Thread Davidlohr Bueso
On Fri, 09 Nov 2018, Todd Kjos wrote: print_binder_proc() drops proc->inner_lock and calls binder_alloc_print_allocated() which acquires proc->alloc->mutex. Likewise, print_binder_stats() calls print_binder_proc_stats() which drops its locks to call binder_alloc_print_pages() which also acquires

Re: [PATCH V3] binder: ipc namespace support for android binder

2018-11-09 Thread Todd Kjos
On Fri, Nov 9, 2018 at 10:27 AM Davidlohr Bueso wrote: > > On Thu, 08 Nov 2018, chouryzhou(??) wrote: > > >+#ifdef CONFIG_ANDROID_BINDER_IPC > >+ /* next fields are for binder */ > >+ struct mutex binder_procs_lock; > >+ struct hlist_head binder_procs; > >+ struct

Re: [PATCH V3] binder: ipc namespace support for android binder

2018-11-09 Thread Davidlohr Bueso
On Thu, 08 Nov 2018, chouryzhou(??) wrote: +#ifdef CONFIG_ANDROID_BINDER_IPC + /* next fields are for binder */ + struct mutex binder_procs_lock; + struct hlist_head binder_procs; + struct hlist_head binder_contexts; +#endif Now, I took a look at how the binder

Re: [PATCH V3] binder: ipc namespace support for android binder

2018-11-09 Thread Todd Kjos
On Thu, Nov 8, 2018 at 5:02 AM chouryzhou(周威) wrote: > > We are working for running android in container, but we found that binder is > not isolated by ipc namespace. Since binder is a form of IPC and therefore > should > be tied to ipc namespace. With this patch, we can run more than one andro

Re: [PATCH V3] binder: ipc namespace support for android binder

2018-11-08 Thread Christian Brauner
On Thu, Nov 08, 2018 at 01:02:32PM +, chouryzhou(周威) wrote: > We are working for running android in container, but we found that binder is > not isolated by ipc namespace. Since binder is a form of IPC and therefore > should > be tied to ipc namespace. With this patch, we can run more than o