[CRIU] [PATCH v4 3/3] net: Create child with CLONE_VM in prepare_net_namespaces()

Kirill Tkhai ktkhai at virtuozzo.com
Tue Mar 21 02:04:49 PDT 2017 

Some functions in prepare_net_ns() use vmalloc(), and this
memory should be visible to our children.

v4: munmap() stack or err path.
v3: Call prepare_userns_creds() before restore net.
v2: No functional changes, just killed continue.

Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>
---
 criu/net.c |   31 ++++++++++++++++++++++---------
 1 file changed, 22 insertions(+), 9 deletions(-)

diff --git a/criu/net.c b/criu/net.c
index 309e2bd66..45f6fcee0 100644
--- a/criu/net.c
+++ b/criu/net.c
@@ -1749,6 +1749,10 @@ static int create_net_ns(void *arg)
 		pr_perror("Can't set user ns");
 		exit(2);
 	}
+	if (prepare_userns_creds() < 0) {
+		pr_err("Can't prepare creds");
+		exit(3);
+	}
 	close(ufd);
 	ret = do_create_net_ns(ns) ? 3 : 0;
 	exit(ret);
@@ -1756,20 +1760,27 @@ static int create_net_ns(void *arg)
 
 int prepare_net_namespaces()
 {
-	char stack[128] __stack_aligned__;
+	int status, stack_size, ret = -1;
 	struct ns_id *nsid;
-	int status;
+	char *stack;
 	pid_t pid;
 
 	if (!(root_ns_mask & CLONE_NEWNET))
 		return 0;
 
+	stack_size = 2 * 1024 * 1024;
+	stack = mmap(NULL, stack_size, PROT_WRITE | PROT_READ, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0);
+	if (stack == MAP_FAILED) {
+		pr_perror("Can't allocate stack");
+		return -1;
+	}
+
 	for (nsid = ns_ids; nsid != NULL; nsid = nsid->next) {
 		if (nsid->nd != &net_ns_desc)
 			continue;
 
 		if (root_user_ns && nsid->user_ns != root_user_ns) {
-			pid = clone(create_net_ns, stack + 128, SIGCHLD, nsid);
+			pid = clone(create_net_ns, stack + stack_size, CLONE_VM | CLONE_FILES | SIGCHLD, nsid);
 			if (pid < 0) {
 				pr_perror("Can't clone");
 				goto err;
@@ -1778,18 +1789,20 @@ int prepare_net_namespaces()
 				pr_perror("Child process waiting %d", status);
 				goto err;
 			}
-			continue;
+		} else {
+			if (do_create_net_ns(nsid))
+				goto err;
+
 		}
 
-		if (do_create_net_ns(nsid))
-			goto err;
 	}
 
 	close_service_fd(NS_FD_OFF);
-
-	return 0;
+	ret = 0;
 err:
-	return -1;
+	munmap(stack, stack_size);
+
+	return ret;
 }
 
 static int do_restore_task_net_ns(struct ns_id *nsid, struct pstree_item *current)

More information about the CRIU mailing list