[Devel] [PATCH 2/4] namespace container: move nsproxy setting code
Serge E. Hallyn
serue at us.ibm.com
Mon Feb 19 14:16:00 PST 2007
From: Serge E. Hallyn <serue at us.ibm.com>
Subject: [PATCH 2/4] namespace container: move nsproxy setting code
Move nsproxy setting code from clone and unshare into container_clone.
Containers will need to do this for namespace entering functionality, so
go ahead and move all setting of tsk->nsproxy there for simplicity/
consistency.
The clone path (at kernel/nsproxy.c:copy_namespaces()) should be
cleaned up:
1. The kfree(new_ns) on error at bottom may not be safe,
if the nscont->nsproxy has already been set to it.
However if it has been set, then container_clone() should
have succeeded, so this *should* not be possible.
2. This path is taking a few extra copies - it sets the
tsk->nsproxy to the new nsproxy early, then the
swap_nsproxies() function copies it again. This should
be cleaned up, but at least it is currently correct.
Best thing would be to create a common helper for the unshare
and clone cases.
Changelog:
Feb 14: move swap_nsproxies call into ns_container.c so as to leave nsproxy
knowledge out of container.c
Signed-off-by: Serge E. Hallyn <serue at us.ibm.com>
---
include/linux/nsproxy.h | 20 ++++++++++++++++++--
kernel/fork.c | 7 +------
kernel/ns_container.c | 4 +++-
kernel/nsproxy.c | 2 +-
4 files changed, 23 insertions(+), 10 deletions(-)
225efc9fea0771d283d22c393d948492162c84d4
diff --git a/include/linux/nsproxy.h b/include/linux/nsproxy.h
index 0255e27..d11eb09 100644
--- a/include/linux/nsproxy.h
+++ b/include/linux/nsproxy.h
@@ -58,10 +58,26 @@ static inline void exit_task_namespaces(
put_nsproxy(ns);
}
}
+
+static inline void swap_nsproxies(struct task_struct *tsk, struct nsproxy *nsproxy)
+{
+ struct nsproxy *oldnsp;
+
+ task_lock(tsk);
+ oldnsp = tsk->nsproxy;
+ tsk->nsproxy = nsproxy;
+ get_nsproxy(nsproxy);
+ task_unlock(tsk);
+ put_nsproxy(oldnsp);
+}
+
#ifdef CONFIG_CONTAINER_NS
-int ns_container_clone(struct task_struct *tsk);
+int ns_container_clone(struct task_struct *tsk, struct nsproxy *nsproxy);
#else
-static inline int ns_container_clone(struct task_struct *tsk) { return 0; }
+static inline int ns_container_clone(struct task_struct *tsk, struct nsproxy *nsproxy) {
+ swap_nsproxies(tsk, nsproxy);
+ return 0;
+}
#endif
#endif
diff --git a/kernel/fork.c b/kernel/fork.c
index b1a3d6c..4ebdd53 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1663,7 +1663,7 @@ asmlinkage long sys_unshare(unsigned lon
err = -ENOMEM;
goto bad_unshare_cleanup_ipc;
}
- err = ns_container_clone(current);
+ err = ns_container_clone(current, new_nsproxy);
if (err)
goto bad_unshare_cleanup_dupns;
}
@@ -1673,11 +1673,6 @@ asmlinkage long sys_unshare(unsigned lon
task_lock(current);
- if (new_nsproxy) {
- current->nsproxy = new_nsproxy;
- new_nsproxy = old_nsproxy;
- }
-
if (new_fs) {
fs = current->fs;
current->fs = new_fs;
diff --git a/kernel/ns_container.c b/kernel/ns_container.c
index c90485d..23fac0e 100644
--- a/kernel/ns_container.c
+++ b/kernel/ns_container.c
@@ -7,6 +7,7 @@
#include <linux/module.h>
#include <linux/container.h>
#include <linux/fs.h>
+#include <linux/nsproxy.h>
struct nscont {
struct container_subsys_state css;
@@ -21,8 +22,9 @@ static inline struct nscont *container_n
struct nscont, css);
}
-int ns_container_clone(struct task_struct *tsk)
+int ns_container_clone(struct task_struct *tsk, struct nsproxy *nsproxy)
{
+ swap_nsproxies(tsk, nsproxy);
return container_clone(tsk, &ns_subsys);
}
diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c
index 1123ab2..6312ef8 100644
--- a/kernel/nsproxy.c
+++ b/kernel/nsproxy.c
@@ -111,7 +111,7 @@ int copy_namespaces(int flags, struct ta
if (err)
goto out_pid;
- err = ns_container_clone(tsk);
+ err = ns_container_clone(tsk, new_ns);
if (err)
goto out_container;
out:
--
1.1.6
More information about the Devel
mailing list