[CRIU] [PATCH 1/4] check: seccomp suspend is now in mainline
Kir Kolyshkin
kir at openvz.org
Mon Oct 19 09:37:42 PDT 2015
On 10/19/2015 07:25 AM, Tycho Andersen wrote:
> Hi Kir,
>
> On Sun, Oct 18, 2015 at 02:30:13PM -0700, Kir Kolyshkin wrote:
>>
>> On 10/15/2015 03:28 PM, Tycho Andersen wrote:
>>> As of
>>> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13c4a9011
>>> PTRACE_O_SUSPEND_SECCOMP is in the mainline kernel, so we should check for
>>> it in --ms.
>> Well, it was actually only merged in
>> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b793c00
>> so the first kernel it's included is v4.3-rc1. As 4.3 is not yet released,
>> I'd say hold this patch for a few months.
>>
>> In the mean time, I found out a horrible horrible thing -- apparently we
>> can't
>> rely on "git describe --tags" to tell us when a patch was included. For
>> example,
>> this patch adding PTRACE_O_SUSPEND_SECCOMP is commit 13c4a90, and
>>
>> [kir at kir-tpad linux]$ git describe --tags 13c4a901
>> v4.1-rc1-43-g13c4a90
>>
>> I guess this is the reason why https://criu.org/Upstream_kernel_commits
>> [incorrectly] lists (listed -- I just fixed it) it to be included into
>> 4.1-rc2.
>> In fact, it was only included into v4.3-rc1, as shown above.
>>
>> This is because git describe looks back in history from the given commit
>> to the previous, i.e. earlier tag. In order to make sure since when the
>> patch
>> is included, we need to look the other direction. The problem, of course, is
>> there is no single way.
> Interesting that it still gave 4.1 instead of something in 4.3-rc.
Do you mean wiki or git describe?
Wiki looks good to me, and for git describe you need to use --contains
option as explained below.
> Anyway, thanks for pointing this out.
>
> Tycho
>
>> It took me quite some time to figure out how to do this, ended up with this:
>>
>> $ git log --topo-order --oneline | awk '($2 == "(tag:") {tag=$3} /^13c4a90/
>> {print tag; exit}'
>>
>> And once it worked, I found out "git describe --contains" which does exactly
>> what I need:
>>
>> [kir at kir-tpad linux]$ git describe --contains 13c4a90
>> v4.3-rc1~56^2~11^2~1
>>
>> So, long story short, this is what should be used to figure out which tagged
>> version
>> contains a given commit. I wrote a short script and fixed a few other
>> mistakes in
>> https://criu.org/Upstream_kernel_commits
>>
>>> Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
>>> ---
>>> cr-check.c | 5 -----
>>> 1 file changed, 5 deletions(-)
>>>
>>> diff --git a/cr-check.c b/cr-check.c
>>> index 4842d9d..21bd508 100644
>>> --- a/cr-check.c
>>> +++ b/cr-check.c
>>> @@ -589,11 +589,6 @@ static int check_ptrace_suspend_seccomp(void)
>>> pid_t pid;
>>> int ret = 0;
>>> - if (opts.check_ms_kernel) {
>>> - pr_warn("Skipping PTRACE_O_SUSPEND_SECCOMP check\n");
>>> - return 0;
>>> - }
>>> -
>>> pid = fork_and_ptrace_attach();
>>> if (pid < 0)
>>> return -1;
More information about the CRIU
mailing list