[Devel] [PATCH rh7 v3 1/2] ve: Implement current_user_ns_initial() helper

[Vladimir Davydov]

On Tue, Oct 06, 2015 at 11:24:32PM +0300, Vladimir Davydov wrote:
> On Tue, Oct 06, 2015 at 12:35:41PM +0300, Kirill Tkhai wrote:
> 
> > @@ -238,6 +238,21 @@ int vz_security_protocol_check(struct net *net, int protocol)
> >  }
> >  EXPORT_SYMBOL_GPL(vz_security_protocol_check);
> >  
> > +/* Check if current user_ns is initial for current ve */
> > +bool current_user_ns_initial(void)
> > +{
> > +	struct ve_struct *ve = get_exec_env();
> > +	bool ret = false;
> > +
> > +	rcu_read_lock();
> > +	if (ve->ve_ns && ve->init_cred->user_ns == current_user_ns())
> > +		ret = true;
> 
> Any reason to call this under rcu_read_lock? We don't dereference
> ve->ve_ns here, and ve->init_cred is not RCU-protected if I'm not
> missing something.

After digging a bit deeper, everything looks correct to me: if ve->ve_ns
is not NULL, ve->init_cred must be actual, because it is freed after
synchronize_rcu, while ve->ve_ns is cleared before. So never mind my
question.

> 
> > +	rcu_read_unlock();
> > +
> > +	return ret;
> > +}
> > +EXPORT_SYMBOL(current_user_ns_initial);