[Devel] [PATCH vz8 2/3] pid_ns: Virtualize pid_max
Konstantin Khorenko
khorenko at virtuozzo.com
Fri Jun 11 21:14:34 MSK 2021
On 06/10/2021 02:52 PM, Valeriy Vdovin wrote:
> From: Kirill Tkhai <ktkhai at virtuozzo.com>
>
> Introduce per pid namespace pid_max.
>
> Extracted from "Initial patch".
>
> Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>
> (cherry-picked from 80da364693217a54d23e1a8a32ae311b108f5e7d)
> https://jira.sw.ru/browse/PSBM-127857
> Signed-off-by: Valeriy Vdovin <valeriy.vdovin at virtuozzo.com>
Reviewed-by: Konstantin Khorenko <khorenko at virtuozzo.com>
> ---
> include/linux/pid_namespace.h | 1 +
> include/linux/threads.h | 1 +
> kernel/pid.c | 2 +-
> kernel/pid_namespace.c | 4 ++--
> kernel/sysctl.c | 15 ++++++++++++---
> 5 files changed, 17 insertions(+), 6 deletions(-)
>
> diff --git a/include/linux/pid_namespace.h b/include/linux/pid_namespace.h
> index 41a948c37e0f..4115f64f7df6 100644
> --- a/include/linux/pid_namespace.h
> +++ b/include/linux/pid_namespace.h
> @@ -26,6 +26,7 @@ struct pid_namespace {
> struct idr idr;
> struct rcu_head rcu;
> unsigned int pid_allocated;
> + int pid_max;
> struct task_struct *child_reaper;
> struct kmem_cache *pid_cachep;
> unsigned int level;
> diff --git a/include/linux/threads.h b/include/linux/threads.h
> index 3086dba525e2..9b191fba4a4b 100644
> --- a/include/linux/threads.h
> +++ b/include/linux/threads.h
> @@ -26,6 +26,7 @@
> * This controls the default maximum pid allocated to a process
> */
> #define PID_MAX_DEFAULT (CONFIG_BASE_SMALL ? 0x1000 : 0x8000)
> +#define PID_MAX_NS_DEFAULT (PID_MAX_DEFAULT)
>
> /*
> * A maximum of 4 million PIDs should be enough for a while.
> diff --git a/kernel/pid.c b/kernel/pid.c
> index 439e0068e4f9..e39cf422c875 100644
> --- a/kernel/pid.c
> +++ b/kernel/pid.c
> @@ -190,7 +190,7 @@ struct pid *alloc_pid(struct pid_namespace *ns)
> * a partially initialized PID (see below).
> */
> nr = idr_alloc_cyclic(&tmp->idr, NULL, pid_min,
> - pid_max, GFP_ATOMIC);
> + ns->pid_max, GFP_ATOMIC);
> spin_unlock_irq(&pidmap_lock);
> idr_preload_end();
>
> diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c
> index a25046a55dbd..c1a84b83a6f6 100644
> --- a/kernel/pid_namespace.c
> +++ b/kernel/pid_namespace.c
> @@ -118,6 +118,7 @@ static struct pid_namespace *create_pid_namespace(struct user_namespace *user_ns
> ns->ucounts = ucounts;
> ns->pid_allocated = PIDNS_ADDING;
> INIT_WORK(&ns->proc_work, proc_cleanup_work);
> + ns->pid_max = PID_MAX_NS_DEFAULT;
>
> return ns;
>
> @@ -289,6 +290,7 @@ static int pid_ns_ctl_handler(struct ctl_table *table, int write,
> next = idr_get_cursor(&pid_ns->idr) - 1;
>
> tmp.data = &next;
> + tmp.extra2 = &pid_ns->pid_max;
> ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
> if (!ret && write)
> idr_set_cursor(&pid_ns->idr, next + 1);
> @@ -296,7 +298,6 @@ static int pid_ns_ctl_handler(struct ctl_table *table, int write,
> return ret;
> }
>
> -extern int pid_max;
> static struct ctl_table pid_ns_ctl_table[] = {
> {
> .procname = "ns_last_pid",
> @@ -304,7 +305,6 @@ static struct ctl_table pid_ns_ctl_table[] = {
> .mode = 0666 | S_ISVTX, /* permissions are checked in the handler */
> .proc_handler = pid_ns_ctl_handler,
> .extra1 = SYSCTL_ZERO,
> - .extra2 = &pid_max,
> },
> { }
> };
> diff --git a/kernel/sysctl.c b/kernel/sysctl.c
> index 7ec1f1e99431..e7c9b0e23fbb 100644
> --- a/kernel/sysctl.c
> +++ b/kernel/sysctl.c
> @@ -338,6 +338,16 @@ static int min_extfrag_threshold;
> static int max_extfrag_threshold = 1000;
> #endif
>
> +static int proc_dointvec_pidmax(struct ctl_table *table, int write,
> + void __user *buffer, size_t *lenp, loff_t *ppos)
> +{
> + struct ctl_table tmp;
> +
> + tmp = *table;
> + tmp.data = ¤t->nsproxy->pid_ns->pid_max;
> + return proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
> +}
> +
> #ifdef CONFIG_COREDUMP
> sysctl_virtual(proc_dostring_coredump);
> #endif
> @@ -853,10 +863,9 @@ static struct ctl_table kern_table[] = {
> #endif
> {
> .procname = "pid_max",
> - .data = &pid_max,
> .maxlen = sizeof (int),
> - .mode = 0644,
> - .proc_handler = proc_dointvec_minmax,
> + .mode = 0644 | S_ISVTX,
> + .proc_handler = proc_dointvec_pidmax,
> .extra1 = &pid_max_min,
> .extra2 = &pid_max_max,
> },
>
More information about the Devel
mailing list