RE: [PATCH] binder: ipc namespace support for android binder
> > > It's not obvious from this patch where this dependency comes > > > from...why is SYSVIPC required? I'd like to not have to require > > > IPC_NS either for devices. > > > > Yes, the patch is not highly dependent on SYSVIPC, but it will be > > convenient if require it. I will update it to drop dependency of it in > > V2 patch. This patch doesn't need IPC_NS set at present. > > Actually it is dependent on IPC_NS since it makes changes to ipc/namespace.c > which is compiled only if CONFIG_IPC_NS. > Actually it does not require IPC_NS, the code in ipc/namespace.c are namespace specific, and is *not needed* if ipc namespace is not supported. <-- fixed here > There are a couple more implementations similar to this one. > https://lwn.net/Articles/577957/ and some submissions to AOSP derived from > that one that introduce a generic registration function for namespace support > [1], and changes to binder to implement namespaces [2]. > > If this is really needed, then we should have a solution that works for > devices without requiring IPC_NS or SYSVIPC. Also, we should not add > binder-specific code to ipc/namespace.c or include/linux/ipc_namespace.h. > > -Todd > > [1] https://android-review.googlesource.com/c/kernel/common/+/471961 > [2] https://android-review.googlesource.com/c/kernel/common/+/471825 > If the binder will be isolated by namespace, it must put binder proc and binder context in ipc_namespace (or with something like void* as [1] did) I have sent the V2 patch, that patch does not require SYSVIPC or IPC_NS. If IPC_NS is not set, binder_init will put proc and context into init_ipc_ns. If SYSVIPC and CONFIG_POSIX_MQUEUE are both unset, I will make a fake init_ipc_ns to put them. it is marked as no static intentionally to let compile generate an error if it has defined somewhere alse. The code in ipc/namespace.c is just to notify binder to do some installationwhere namespace are creating, If no IPC_NS set, the initialization in binder_init will be enough. So please review and test the V2 patch.
RE: [PATCH] binder: ipc namespace support for android binder
> > > It's not obvious from this patch where this dependency comes > > > from...why is SYSVIPC required? I'd like to not have to require > > > IPC_NS either for devices. > > > > Yes, the patch is not highly dependent on SYSVIPC, but it will be > > convenient if require it. I will update it to drop dependency of it in > > V2 patch. This patch doesn't need IPC_NS set at present. > > Actually it is dependent on IPC_NS since it makes changes to ipc/namespace.c > which is compiled only if CONFIG_IPC_NS. > Actually it does not require IPC_NS, the code in ipc/namespace.c are namespace specific, and is *not needed* if ipc namespace is not supported. <-- fixed here > There are a couple more implementations similar to this one. > https://lwn.net/Articles/577957/ and some submissions to AOSP derived from > that one that introduce a generic registration function for namespace support > [1], and changes to binder to implement namespaces [2]. > > If this is really needed, then we should have a solution that works for > devices without requiring IPC_NS or SYSVIPC. Also, we should not add > binder-specific code to ipc/namespace.c or include/linux/ipc_namespace.h. > > -Todd > > [1] https://android-review.googlesource.com/c/kernel/common/+/471961 > [2] https://android-review.googlesource.com/c/kernel/common/+/471825 > If the binder will be isolated by namespace, it must put binder proc and binder context in ipc_namespace (or with something like void* as [1] did) I have sent the V2 patch, that patch does not require SYSVIPC or IPC_NS. If IPC_NS is not set, binder_init will put proc and context into init_ipc_ns. If SYSVIPC and CONFIG_POSIX_MQUEUE are both unset, I will make a fake init_ipc_ns to put them. it is marked as no static intentionally to let compile generate an error if it has defined somewhere alse. The code in ipc/namespace.c is just to notify binder to do some installationwhere namespace are creating, If no IPC_NS set, the initialization in binder_init will be enough. So please review and test the V2 patch.
RE: [PATCH] binder: ipc namespace support for android binder
> > > It's not obvious from this patch where this dependency comes > > > from...why is SYSVIPC required? I'd like to not have to require > > > IPC_NS either for devices. > > > > Yes, the patch is not highly dependent on SYSVIPC, but it will be > > convenient if require it. I will update it to drop dependency of it in > > V2 patch. This patch doesn't need IPC_NS set at present. > > Actually it is dependent on IPC_NS since it makes changes to ipc/namespace.c > which is compiled only if CONFIG_IPC_NS. > Actually it does not require IPC_NS, the code in ipc/namespace.c are namespace specific, and is *not needed* if ipc namespace is supported. > There are a couple more implementations similar to this one. > https://lwn.net/Articles/577957/ and some submissions to AOSP derived from > that one that introduce a generic registration function for namespace support > [1], and changes to binder to implement namespaces [2]. > > If this is really needed, then we should have a solution that works for > devices without requiring IPC_NS or SYSVIPC. Also, we should not add > binder-specific code to ipc/namespace.c or include/linux/ipc_namespace.h. > > -Todd > > [1] https://android-review.googlesource.com/c/kernel/common/+/471961 > [2] https://android-review.googlesource.com/c/kernel/common/+/471825 > If the binder will be isolated by namespace, it must put binder proc and binder context in ipc_namespace (or with something like void* as [1] did) I have sent the V2 patch, that patch does not require SYSVIPC or IPC_NS. If IPC_NS is not set, binder_init will put proc and context into init_ipc_ns. If SYSVIPC and CONFIG_POSIX_MQUEUE are both unset, I will make a fake init_ipc_ns to put them. it is marked as no static intentionally to let compile generate an error if it has defined somewhere alse. The code in ipc/namespace.c is just to notify binder to do some installationwhere namespace are creating, If no IPC_NS set, the initialization in binder_init will be enough. So please review and test the V2 patch.
RE: [PATCH] binder: ipc namespace support for android binder
> > > It's not obvious from this patch where this dependency comes > > > from...why is SYSVIPC required? I'd like to not have to require > > > IPC_NS either for devices. > > > > Yes, the patch is not highly dependent on SYSVIPC, but it will be > > convenient if require it. I will update it to drop dependency of it in > > V2 patch. This patch doesn't need IPC_NS set at present. > > Actually it is dependent on IPC_NS since it makes changes to ipc/namespace.c > which is compiled only if CONFIG_IPC_NS. > Actually it does not require IPC_NS, the code in ipc/namespace.c are namespace specific, and is *not needed* if ipc namespace is supported. > There are a couple more implementations similar to this one. > https://lwn.net/Articles/577957/ and some submissions to AOSP derived from > that one that introduce a generic registration function for namespace support > [1], and changes to binder to implement namespaces [2]. > > If this is really needed, then we should have a solution that works for > devices without requiring IPC_NS or SYSVIPC. Also, we should not add > binder-specific code to ipc/namespace.c or include/linux/ipc_namespace.h. > > -Todd > > [1] https://android-review.googlesource.com/c/kernel/common/+/471961 > [2] https://android-review.googlesource.com/c/kernel/common/+/471825 > If the binder will be isolated by namespace, it must put binder proc and binder context in ipc_namespace (or with something like void* as [1] did) I have sent the V2 patch, that patch does not require SYSVIPC or IPC_NS. If IPC_NS is not set, binder_init will put proc and context into init_ipc_ns. If SYSVIPC and CONFIG_POSIX_MQUEUE are both unset, I will make a fake init_ipc_ns to put them. it is marked as no static intentionally to let compile generate an error if it has defined somewhere alse. The code in ipc/namespace.c is just to notify binder to do some installationwhere namespace are creating, If no IPC_NS set, the initialization in binder_init will be enough. So please review and test the V2 patch.
Re: [PATCH] binder: ipc namespace support for android binder
+christ...@brauner.io On Sun, Oct 28, 2018 at 7:29 PM chouryzhou(周威) wrote: ... > > > It's not obvious from this patch where this dependency comes > > from...why is SYSVIPC required? I'd like to not have to require IPC_NS > > either for devices. > > Yes, the patch is not highly dependent on SYSVIPC, but it will be convenient > if require it. I will update it to drop dependency of it in V2 patch. This > patch > doesn't need IPC_NS set at present. Actually it is dependent on IPC_NS since it makes changes to ipc/namespace.c which is compiled only if CONFIG_IPC_NS. There are a couple more implementations similar to this one. https://lwn.net/Articles/577957/ and some submissions to AOSP derived from that one that introduce a generic registration function for namespace support [1], and changes to binder to implement namespaces [2]. If this is really needed, then we should have a solution that works for devices without requiring IPC_NS or SYSVIPC. Also, we should not add binder-specific code to ipc/namespace.c or include/linux/ipc_namespace.h. -Todd [1] https://android-review.googlesource.com/c/kernel/common/+/471961 [2] https://android-review.googlesource.com/c/kernel/common/+/471825
Re: [PATCH] binder: ipc namespace support for android binder
+christ...@brauner.io On Sun, Oct 28, 2018 at 7:29 PM chouryzhou(周威) wrote: ... > > > It's not obvious from this patch where this dependency comes > > from...why is SYSVIPC required? I'd like to not have to require IPC_NS > > either for devices. > > Yes, the patch is not highly dependent on SYSVIPC, but it will be convenient > if require it. I will update it to drop dependency of it in V2 patch. This > patch > doesn't need IPC_NS set at present. Actually it is dependent on IPC_NS since it makes changes to ipc/namespace.c which is compiled only if CONFIG_IPC_NS. There are a couple more implementations similar to this one. https://lwn.net/Articles/577957/ and some submissions to AOSP derived from that one that introduce a generic registration function for namespace support [1], and changes to binder to implement namespaces [2]. If this is really needed, then we should have a solution that works for devices without requiring IPC_NS or SYSVIPC. Also, we should not add binder-specific code to ipc/namespace.c or include/linux/ipc_namespace.h. -Todd [1] https://android-review.googlesource.com/c/kernel/common/+/471961 [2] https://android-review.googlesource.com/c/kernel/common/+/471825
RE: [PATCH] binder: ipc namespace support for android binder
>> Hi >> We are working for running android in container, but we found that binder >> is >> not isolated by ipc namespace. Since binder is a form of IPC and therefore >> should >> be tied to ipc namespace. With this patch, we can run more than one android >> container on one host. >> This patch move "binder_procs" and "binder_context" into ipc_namespace, >> driver will find the context from it when opening. Althought statistics in >> debugfs >> remain global. >> >> Signed-off-by: choury zhou >> --- >> drivers/android/Kconfig | 2 +- >> drivers/android/binder.c | 126 +- >> include/linux/ipc_namespace.h | 14 >> ipc/namespace.c | 4 ++ >> 4 files changed, 111 insertions(+), 35 deletions(-) >> >> diff --git a/drivers/android/Kconfig b/drivers/android/Kconfig >> index 432e9ad77070..09883443b2da 100644 >> --- a/drivers/android/Kconfig >> +++ b/drivers/android/Kconfig >> @@ -10,7 +10,7 @@ if ANDROID >> >> config ANDROID_BINDER_IPC >> bool "Android Binder IPC Driver" >> - depends on MMU >> + depends on MMU && SYSVIPC > > NAK. We can't force SYSVIPC on for Android. The notion of running > binder in a container is reasonable, but needs to be done without > explicit requirement for SYSVIPC. binder-in-container is a topic in > the android microconf at Linux plumbers -- are you going to be at LPC? > We have no plan to going to attend LPC temporarily. > It's not obvious from this patch where this dependency comes > from...why is SYSVIPC required? I'd like to not have to require IPC_NS > either for devices. Yes, the patch is not highly dependent on SYSVIPC, but it will be convenient if require it. I will update it to drop dependency of it in V2 patch. This patch doesn't need IPC_NS set at present.
RE: [PATCH] binder: ipc namespace support for android binder
>> Hi >> We are working for running android in container, but we found that binder >> is >> not isolated by ipc namespace. Since binder is a form of IPC and therefore >> should >> be tied to ipc namespace. With this patch, we can run more than one android >> container on one host. >> This patch move "binder_procs" and "binder_context" into ipc_namespace, >> driver will find the context from it when opening. Althought statistics in >> debugfs >> remain global. >> >> Signed-off-by: choury zhou >> --- >> drivers/android/Kconfig | 2 +- >> drivers/android/binder.c | 126 +- >> include/linux/ipc_namespace.h | 14 >> ipc/namespace.c | 4 ++ >> 4 files changed, 111 insertions(+), 35 deletions(-) >> >> diff --git a/drivers/android/Kconfig b/drivers/android/Kconfig >> index 432e9ad77070..09883443b2da 100644 >> --- a/drivers/android/Kconfig >> +++ b/drivers/android/Kconfig >> @@ -10,7 +10,7 @@ if ANDROID >> >> config ANDROID_BINDER_IPC >> bool "Android Binder IPC Driver" >> - depends on MMU >> + depends on MMU && SYSVIPC > > NAK. We can't force SYSVIPC on for Android. The notion of running > binder in a container is reasonable, but needs to be done without > explicit requirement for SYSVIPC. binder-in-container is a topic in > the android microconf at Linux plumbers -- are you going to be at LPC? > We have no plan to going to attend LPC temporarily. > It's not obvious from this patch where this dependency comes > from...why is SYSVIPC required? I'd like to not have to require IPC_NS > either for devices. Yes, the patch is not highly dependent on SYSVIPC, but it will be convenient if require it. I will update it to drop dependency of it in V2 patch. This patch doesn't need IPC_NS set at present.
Re: [PATCH] binder: ipc namespace support for android binder
On Fri, Oct 26, 2018 at 2:20 AM chouryzhou(周威) wrote: > > Hi > We are working for running android in container, but we found that binder is > not isolated by ipc namespace. Since binder is a form of IPC and therefore > should > be tied to ipc namespace. With this patch, we can run more than one android > container on one host. > This patch move "binder_procs" and "binder_context" into ipc_namespace, > driver will find the context from it when opening. Althought statistics in > debugfs > remain global. > > Signed-off-by: choury zhou > --- > drivers/android/Kconfig | 2 +- > drivers/android/binder.c | 126 +- > include/linux/ipc_namespace.h | 14 > ipc/namespace.c | 4 ++ > 4 files changed, 111 insertions(+), 35 deletions(-) > > diff --git a/drivers/android/Kconfig b/drivers/android/Kconfig > index 432e9ad77070..09883443b2da 100644 > --- a/drivers/android/Kconfig > +++ b/drivers/android/Kconfig > @@ -10,7 +10,7 @@ if ANDROID > > config ANDROID_BINDER_IPC > bool "Android Binder IPC Driver" > - depends on MMU > + depends on MMU && SYSVIPC NAK. We can't force SYSVIPC on for Android. The notion of running binder in a container is reasonable, but needs to be done without explicit requirement for SYSVIPC. binder-in-container is a topic in the android microconf at Linux plumbers -- are you going to be at LPC? It's not obvious from this patch where this dependency comes from...why is SYSVIPC required? I'd like to not have to require IPC_NS either for devices. > default n > ---help--- > Binder is used in Android for both communication between processes, > diff --git a/drivers/android/binder.c b/drivers/android/binder.c > index d58763b6b009..e061dba9b8b3 100644 > --- a/drivers/android/binder.c > +++ b/drivers/android/binder.c > @@ -68,6 +68,7 @@ > #include > #include > #include > +#include > #include > #include > #include > @@ -79,13 +80,12 @@ > #include "binder_alloc.h" > #include "binder_trace.h" > > +#define ipcns (current->nsproxy->ipc_ns) > + > static HLIST_HEAD(binder_deferred_list); > static DEFINE_MUTEX(binder_deferred_lock); > > static HLIST_HEAD(binder_devices); > -static HLIST_HEAD(binder_procs); > -static DEFINE_MUTEX(binder_procs_lock); > - > static HLIST_HEAD(binder_dead_nodes); > static DEFINE_SPINLOCK(binder_dead_nodes_lock); > > @@ -231,7 +231,7 @@ struct binder_transaction_log_entry { > int return_error_line; > uint32_t return_error; > uint32_t return_error_param; > - const char *context_name; > + int context_device; > }; > struct binder_transaction_log { > atomic_t cur; > @@ -262,19 +262,66 @@ static struct binder_transaction_log_entry > *binder_transaction_log_add( > } > > struct binder_context { > + struct hlist_node hlist; > struct binder_node *binder_context_mgr_node; > struct mutex context_mgr_node_lock; > > kuid_t binder_context_mgr_uid; > - const char *name; > + intdevice; > }; > > struct binder_device { > struct hlist_node hlist; > struct miscdevice miscdev; > - struct binder_context context; > }; > > +void binder_exit_ns(struct ipc_namespace *ns) > +{ > + struct binder_context *context; > + struct hlist_node *tmp; > + > + mutex_destroy(>binder_procs_lock); > + mutex_destroy(>binder_contexts_lock); > + hlist_for_each_entry_safe(context, tmp, >binder_contexts, hlist) { > + mutex_destroy(>context_mgr_node_lock); > + hlist_del(>hlist); > + kfree(context); > + } > +} > + > +int binder_init_ns(struct ipc_namespace *ns) > +{ > + int ret; > + struct binder_device *device; > + > + mutex_init(>binder_procs_lock); > + INIT_HLIST_HEAD(>binder_procs); > + mutex_init(>binder_contexts_lock); > + INIT_HLIST_HEAD(>binder_contexts); > + > + hlist_for_each_entry(device, _devices, hlist) { > + struct binder_context *context; > + > + context = kzalloc(sizeof(*context), GFP_KERNEL); > + if (!context) { > + ret = -ENOMEM; > + goto err; > + } > + > + context->device = device->miscdev.minor; > + context->binder_context_mgr_uid = INVALID_UID; > + mutex_init(>context_mgr_node_lock); > + > + hlist_add_head(>hlist, >binder_contexts); > + } > + > + return 0; > +err: > + binder_exit_ns(ns); > + return ret; > +} > + > + > /** > * struct binder_work - work enqueued on a worklist > * @entry: node enqueued on list > @@ -2748,7 +2795,7 @@ static void binder_transaction(struct binder_proc *proc, > e->target_handle = tr->target.handle; > e->data_size = tr->data_size; > e->offsets_size = tr->offsets_size; > - e->context_name
Re: [PATCH] binder: ipc namespace support for android binder
On Fri, Oct 26, 2018 at 2:20 AM chouryzhou(周威) wrote: > > Hi > We are working for running android in container, but we found that binder is > not isolated by ipc namespace. Since binder is a form of IPC and therefore > should > be tied to ipc namespace. With this patch, we can run more than one android > container on one host. > This patch move "binder_procs" and "binder_context" into ipc_namespace, > driver will find the context from it when opening. Althought statistics in > debugfs > remain global. > > Signed-off-by: choury zhou > --- > drivers/android/Kconfig | 2 +- > drivers/android/binder.c | 126 +- > include/linux/ipc_namespace.h | 14 > ipc/namespace.c | 4 ++ > 4 files changed, 111 insertions(+), 35 deletions(-) > > diff --git a/drivers/android/Kconfig b/drivers/android/Kconfig > index 432e9ad77070..09883443b2da 100644 > --- a/drivers/android/Kconfig > +++ b/drivers/android/Kconfig > @@ -10,7 +10,7 @@ if ANDROID > > config ANDROID_BINDER_IPC > bool "Android Binder IPC Driver" > - depends on MMU > + depends on MMU && SYSVIPC NAK. We can't force SYSVIPC on for Android. The notion of running binder in a container is reasonable, but needs to be done without explicit requirement for SYSVIPC. binder-in-container is a topic in the android microconf at Linux plumbers -- are you going to be at LPC? It's not obvious from this patch where this dependency comes from...why is SYSVIPC required? I'd like to not have to require IPC_NS either for devices. > default n > ---help--- > Binder is used in Android for both communication between processes, > diff --git a/drivers/android/binder.c b/drivers/android/binder.c > index d58763b6b009..e061dba9b8b3 100644 > --- a/drivers/android/binder.c > +++ b/drivers/android/binder.c > @@ -68,6 +68,7 @@ > #include > #include > #include > +#include > #include > #include > #include > @@ -79,13 +80,12 @@ > #include "binder_alloc.h" > #include "binder_trace.h" > > +#define ipcns (current->nsproxy->ipc_ns) > + > static HLIST_HEAD(binder_deferred_list); > static DEFINE_MUTEX(binder_deferred_lock); > > static HLIST_HEAD(binder_devices); > -static HLIST_HEAD(binder_procs); > -static DEFINE_MUTEX(binder_procs_lock); > - > static HLIST_HEAD(binder_dead_nodes); > static DEFINE_SPINLOCK(binder_dead_nodes_lock); > > @@ -231,7 +231,7 @@ struct binder_transaction_log_entry { > int return_error_line; > uint32_t return_error; > uint32_t return_error_param; > - const char *context_name; > + int context_device; > }; > struct binder_transaction_log { > atomic_t cur; > @@ -262,19 +262,66 @@ static struct binder_transaction_log_entry > *binder_transaction_log_add( > } > > struct binder_context { > + struct hlist_node hlist; > struct binder_node *binder_context_mgr_node; > struct mutex context_mgr_node_lock; > > kuid_t binder_context_mgr_uid; > - const char *name; > + intdevice; > }; > > struct binder_device { > struct hlist_node hlist; > struct miscdevice miscdev; > - struct binder_context context; > }; > > +void binder_exit_ns(struct ipc_namespace *ns) > +{ > + struct binder_context *context; > + struct hlist_node *tmp; > + > + mutex_destroy(>binder_procs_lock); > + mutex_destroy(>binder_contexts_lock); > + hlist_for_each_entry_safe(context, tmp, >binder_contexts, hlist) { > + mutex_destroy(>context_mgr_node_lock); > + hlist_del(>hlist); > + kfree(context); > + } > +} > + > +int binder_init_ns(struct ipc_namespace *ns) > +{ > + int ret; > + struct binder_device *device; > + > + mutex_init(>binder_procs_lock); > + INIT_HLIST_HEAD(>binder_procs); > + mutex_init(>binder_contexts_lock); > + INIT_HLIST_HEAD(>binder_contexts); > + > + hlist_for_each_entry(device, _devices, hlist) { > + struct binder_context *context; > + > + context = kzalloc(sizeof(*context), GFP_KERNEL); > + if (!context) { > + ret = -ENOMEM; > + goto err; > + } > + > + context->device = device->miscdev.minor; > + context->binder_context_mgr_uid = INVALID_UID; > + mutex_init(>context_mgr_node_lock); > + > + hlist_add_head(>hlist, >binder_contexts); > + } > + > + return 0; > +err: > + binder_exit_ns(ns); > + return ret; > +} > + > + > /** > * struct binder_work - work enqueued on a worklist > * @entry: node enqueued on list > @@ -2748,7 +2795,7 @@ static void binder_transaction(struct binder_proc *proc, > e->target_handle = tr->target.handle; > e->data_size = tr->data_size; > e->offsets_size = tr->offsets_size; > - e->context_name
[PATCH] binder: ipc namespace support for android binder
Hi We are working for running android in container, but we found that binder is not isolated by ipc namespace. Since binder is a form of IPC and therefore should be tied to ipc namespace. With this patch, we can run more than one android container on one host. This patch move "binder_procs" and "binder_context" into ipc_namespace, driver will find the context from it when opening. Althought statistics in debugfs remain global. Signed-off-by: choury zhou --- drivers/android/Kconfig | 2 +- drivers/android/binder.c | 126 +- include/linux/ipc_namespace.h | 14 ipc/namespace.c | 4 ++ 4 files changed, 111 insertions(+), 35 deletions(-) diff --git a/drivers/android/Kconfig b/drivers/android/Kconfig index 432e9ad77070..09883443b2da 100644 --- a/drivers/android/Kconfig +++ b/drivers/android/Kconfig @@ -10,7 +10,7 @@ if ANDROID config ANDROID_BINDER_IPC bool "Android Binder IPC Driver" - depends on MMU + depends on MMU && SYSVIPC default n ---help--- Binder is used in Android for both communication between processes, diff --git a/drivers/android/binder.c b/drivers/android/binder.c index d58763b6b009..e061dba9b8b3 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -68,6 +68,7 @@ #include #include #include +#include #include #include #include @@ -79,13 +80,12 @@ #include "binder_alloc.h" #include "binder_trace.h" +#define ipcns (current->nsproxy->ipc_ns) + static HLIST_HEAD(binder_deferred_list); static DEFINE_MUTEX(binder_deferred_lock); static HLIST_HEAD(binder_devices); -static HLIST_HEAD(binder_procs); -static DEFINE_MUTEX(binder_procs_lock); - static HLIST_HEAD(binder_dead_nodes); static DEFINE_SPINLOCK(binder_dead_nodes_lock); @@ -231,7 +231,7 @@ struct binder_transaction_log_entry { int return_error_line; uint32_t return_error; uint32_t return_error_param; - const char *context_name; + int context_device; }; struct binder_transaction_log { atomic_t cur; @@ -262,19 +262,66 @@ static struct binder_transaction_log_entry *binder_transaction_log_add( } struct binder_context { + struct hlist_node hlist; struct binder_node *binder_context_mgr_node; struct mutex context_mgr_node_lock; kuid_t binder_context_mgr_uid; - const char *name; + intdevice; }; struct binder_device { struct hlist_node hlist; struct miscdevice miscdev; - struct binder_context context; }; +void binder_exit_ns(struct ipc_namespace *ns) +{ + struct binder_context *context; + struct hlist_node *tmp; + + mutex_destroy(>binder_procs_lock); + mutex_destroy(>binder_contexts_lock); + hlist_for_each_entry_safe(context, tmp, >binder_contexts, hlist) { + mutex_destroy(>context_mgr_node_lock); + hlist_del(>hlist); + kfree(context); + } +} + +int binder_init_ns(struct ipc_namespace *ns) +{ + int ret; + struct binder_device *device; + + mutex_init(>binder_procs_lock); + INIT_HLIST_HEAD(>binder_procs); + mutex_init(>binder_contexts_lock); + INIT_HLIST_HEAD(>binder_contexts); + + hlist_for_each_entry(device, _devices, hlist) { + struct binder_context *context; + + context = kzalloc(sizeof(*context), GFP_KERNEL); + if (!context) { + ret = -ENOMEM; + goto err; + } + + context->device = device->miscdev.minor; + context->binder_context_mgr_uid = INVALID_UID; + mutex_init(>context_mgr_node_lock); + + hlist_add_head(>hlist, >binder_contexts); + } + + return 0; +err: + binder_exit_ns(ns); + return ret; +} + + /** * struct binder_work - work enqueued on a worklist * @entry: node enqueued on list @@ -2748,7 +2795,7 @@ static void binder_transaction(struct binder_proc *proc, e->target_handle = tr->target.handle; e->data_size = tr->data_size; e->offsets_size = tr->offsets_size; - e->context_name = proc->context->name; + e->context_device = proc->context->device; if (reply) { binder_inner_proc_lock(proc); @@ -4754,6 +4801,7 @@ static int binder_open(struct inode *nodp, struct file *filp) { struct binder_proc *proc; struct binder_device *binder_dev; + struct binder_context *context; binder_debug(BINDER_DEBUG_OPEN_CLOSE, "%s: %d:%d\n", __func__, current->group_leader->pid, current->pid); @@ -4770,7 +4818,17 @@ static int binder_open(struct inode *nodp, struct file *filp) proc->default_priority = task_nice(current); binder_dev = container_of(filp->private_data, struct binder_device, miscdev); -
[PATCH] binder: ipc namespace support for android binder
Hi We are working for running android in container, but we found that binder is not isolated by ipc namespace. Since binder is a form of IPC and therefore should be tied to ipc namespace. With this patch, we can run more than one android container on one host. This patch move "binder_procs" and "binder_context" into ipc_namespace, driver will find the context from it when opening. Althought statistics in debugfs remain global. Signed-off-by: choury zhou --- drivers/android/Kconfig | 2 +- drivers/android/binder.c | 126 +- include/linux/ipc_namespace.h | 14 ipc/namespace.c | 4 ++ 4 files changed, 111 insertions(+), 35 deletions(-) diff --git a/drivers/android/Kconfig b/drivers/android/Kconfig index 432e9ad77070..09883443b2da 100644 --- a/drivers/android/Kconfig +++ b/drivers/android/Kconfig @@ -10,7 +10,7 @@ if ANDROID config ANDROID_BINDER_IPC bool "Android Binder IPC Driver" - depends on MMU + depends on MMU && SYSVIPC default n ---help--- Binder is used in Android for both communication between processes, diff --git a/drivers/android/binder.c b/drivers/android/binder.c index d58763b6b009..e061dba9b8b3 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -68,6 +68,7 @@ #include #include #include +#include #include #include #include @@ -79,13 +80,12 @@ #include "binder_alloc.h" #include "binder_trace.h" +#define ipcns (current->nsproxy->ipc_ns) + static HLIST_HEAD(binder_deferred_list); static DEFINE_MUTEX(binder_deferred_lock); static HLIST_HEAD(binder_devices); -static HLIST_HEAD(binder_procs); -static DEFINE_MUTEX(binder_procs_lock); - static HLIST_HEAD(binder_dead_nodes); static DEFINE_SPINLOCK(binder_dead_nodes_lock); @@ -231,7 +231,7 @@ struct binder_transaction_log_entry { int return_error_line; uint32_t return_error; uint32_t return_error_param; - const char *context_name; + int context_device; }; struct binder_transaction_log { atomic_t cur; @@ -262,19 +262,66 @@ static struct binder_transaction_log_entry *binder_transaction_log_add( } struct binder_context { + struct hlist_node hlist; struct binder_node *binder_context_mgr_node; struct mutex context_mgr_node_lock; kuid_t binder_context_mgr_uid; - const char *name; + intdevice; }; struct binder_device { struct hlist_node hlist; struct miscdevice miscdev; - struct binder_context context; }; +void binder_exit_ns(struct ipc_namespace *ns) +{ + struct binder_context *context; + struct hlist_node *tmp; + + mutex_destroy(>binder_procs_lock); + mutex_destroy(>binder_contexts_lock); + hlist_for_each_entry_safe(context, tmp, >binder_contexts, hlist) { + mutex_destroy(>context_mgr_node_lock); + hlist_del(>hlist); + kfree(context); + } +} + +int binder_init_ns(struct ipc_namespace *ns) +{ + int ret; + struct binder_device *device; + + mutex_init(>binder_procs_lock); + INIT_HLIST_HEAD(>binder_procs); + mutex_init(>binder_contexts_lock); + INIT_HLIST_HEAD(>binder_contexts); + + hlist_for_each_entry(device, _devices, hlist) { + struct binder_context *context; + + context = kzalloc(sizeof(*context), GFP_KERNEL); + if (!context) { + ret = -ENOMEM; + goto err; + } + + context->device = device->miscdev.minor; + context->binder_context_mgr_uid = INVALID_UID; + mutex_init(>context_mgr_node_lock); + + hlist_add_head(>hlist, >binder_contexts); + } + + return 0; +err: + binder_exit_ns(ns); + return ret; +} + + /** * struct binder_work - work enqueued on a worklist * @entry: node enqueued on list @@ -2748,7 +2795,7 @@ static void binder_transaction(struct binder_proc *proc, e->target_handle = tr->target.handle; e->data_size = tr->data_size; e->offsets_size = tr->offsets_size; - e->context_name = proc->context->name; + e->context_device = proc->context->device; if (reply) { binder_inner_proc_lock(proc); @@ -4754,6 +4801,7 @@ static int binder_open(struct inode *nodp, struct file *filp) { struct binder_proc *proc; struct binder_device *binder_dev; + struct binder_context *context; binder_debug(BINDER_DEBUG_OPEN_CLOSE, "%s: %d:%d\n", __func__, current->group_leader->pid, current->pid); @@ -4770,7 +4818,17 @@ static int binder_open(struct inode *nodp, struct file *filp) proc->default_priority = task_nice(current); binder_dev = container_of(filp->private_data, struct binder_device, miscdev); -