OpenVZ Forum: Devel » [PATCH] IPC namespace

Home » Mailing lists » Devel » [PATCH] IPC namespace

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Re: [PATCH 2/6] IPC namespace - utils [message #3725 is a reply to message #3724]

Mon, 12 June 2006 21:49

ebiederm
Messages: 1354
Registered: February 2006

Senior Member

Cedric Le Goater <clg@fr.ibm.com> writes:

> Eric W. Biederman wrote:
>> Cedric Le Goater <clg@fr.ibm.com> writes:
>>
>>> I've used the ipc namespace patchset in rc6-mm2. Thanks for putting this
>>> together, it works pretty well ! A few questions when we clone :
>>>
>>> * We should do something close to what exit_sem() already does to clear the
>>> sem_undo list from the task doing the clone() or unshare().
>>
>> Possibly which case are you trying to prevent?
>
> task records a list of struct sem_undo each containing a semaphore id. When
> we unshare ipc namespace, we break the 'reference' between the semaphore id
> and the struct sem_array because the struct sem_array are cleared and freed
> in the new namespace. When the task exit, that inconstency could lead to
> unexpected results in exit_sem(), task locks, BUG_ON, etc. Nope ?

Agreed. Hmm. I bet I didn't see this one earlier because it is specific
to the unshare case. In this case I guess we should either deny the unshare
or simply undo all of the semaphores. Because we will never be able to
talk to them again.

Thinking about this some more we need to unsharing the semaphore undo semantics
when we create a new instances of the sysvipc namespace. Which means that
until that piece is implemented we can't unshare the sysvipc namespace.

But we clearly need the check in check_unshare_flags and the start of copy_process.

>>> * I don't like the idea of being able to unshare the ipc namespace and keep
>>> some shared memory from the previous ipc namespace mapped in the process mm.
>>> Should we forbid the unshare ?
>>
>> No. As long as the code handles that case properly we should be fine.
>
> what is the proper way to handle that case ? the current patchset is not
> protected : a process can be in one ipc namespace and use a shared segment
> from a previous ipc namespace. This situation is not desirable in a
> migration scenario. May be asking too much for the moment ... and I agree
> this can be fixed by the way namespaces are created.

As long as the appropriate reference counting happens it shouldn't be
a problem. We obviously can't use the sysvipc name of the shm area
but mmap and reads and writes should continue to work.

>> As a general principle we should be able to keep things from other namespaces
>> open if we get them. The chroot or equivalent binary is the one that needs
>> to ensure these kinds of issues don't exist if we care.
>>
>> Speaking of we should put together a small test application probably similar
>> to chroot so people can access these features at least for testing.
>
> are you thinking about a command unshare()ing each namespace or some kind
> of create_nsproxy ?

A little user space program like chroot. That takes a flag of which
namespaces not to share. I have one around somewhere. Just enough
of something that these interfaces can be exercised from userspace.

Eric

Report message to a moderator

[Message index]

		[PATCH] IPC namespace By: Kirill Korotaev on Fri, 09 June 2006 14:55
		[PATCH 1/6] IPC namespace core By: Kirill Korotaev on Fri, 09 June 2006 15:01
		Re: [PATCH 1/6] IPC namespace core By: James Morris on Fri, 09 June 2006 15:26
		Re: [PATCH 1/6] IPC namespace core By: Cedric Le Goater on Fri, 09 June 2006 15:20
		Re: [PATCH 1/6] IPC namespace core By: Andrew Morton on Fri, 09 June 2006 18:38
		Re: [PATCH 1/6] IPC namespace core By: ebiederm on Sat, 10 June 2006 00:44
		Re: [PATCH 1/6] IPC namespace core By: Andrew Morton on Sat, 10 June 2006 03:22
		[PATCH 2/6] IPC namespace - utils By: Kirill Korotaev on Fri, 09 June 2006 15:05
		Re: [PATCH 2/6] IPC namespace - utils By: Cedric Le Goater on Mon, 12 June 2006 17:08
		Re: [PATCH 2/6] IPC namespace - utils By: ebiederm on Mon, 12 June 2006 18:01
		Re: [PATCH 2/6] IPC namespace - utils By: Cedric Le Goater on Mon, 12 June 2006 21:05
		Re: [PATCH 2/6] IPC namespace - utils By: ebiederm on Mon, 12 June 2006 21:49
		Re: [PATCH 2/6] IPC namespace - utils By: Cedric Le Goater on Tue, 13 June 2006 21:17
		Re: [PATCH 2/6] IPC namespace - utils By: dev on Wed, 14 June 2006 11:14
		[PATCH 3/6] IPC namespace - msg By: Kirill Korotaev on Fri, 09 June 2006 15:07
		[PATCH 4/6] IPC namespace - sem By: Kirill Korotaev on Fri, 09 June 2006 15:08
		[PATCH 5/6] IPC namespace - shm By: Kirill Korotaev on Fri, 09 June 2006 15:09
		[PATCH 6/6] IPC namespace - sysctls By: Kirill Korotaev on Fri, 09 June 2006 15:11
		Re: [PATCH] IPC namespace By: Dave Hansen on Mon, 12 June 2006 17:19
		Re: [PATCH] IPC namespace By: ebiederm on Tue, 13 June 2006 02:44
		Re: [PATCH] IPC namespace By: dev on Tue, 13 June 2006 16:41
		Re: [PATCH] IPC namespace By: ebiederm on Tue, 13 June 2006 17:01

Previous Topic:	[PATCH 2.6.17-rc6-mm2] ipc namespace : unshare fix
Next Topic:	Re: Linux-VServer and OpenVZ for Debian

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Fri Apr 17 07:07:12 GMT 2026

Total time taken to generate the page: 0.30896 seconds