copy_net_ns() doesn't copy anything, it creates fresh netns,
so get/put of old netns is unneeded.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
net/core/net_namespace.c |5 +
1 file changed, 1 insertion(+), 4 deletions(-)
--- a/net/core/net_namespace.c
+++ b/net/core
clone_nsproxy() does useless copying of old nsproxy -- every pointer
will be rewritten to new ns or to old ns.
Remove copying, rename clone_nsproxy(), it will be used by C/R code
to create fresh nsproxy on restart.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
kernel/nsproxy.c | 19
copy_ipcs() doesn't actually copy anything. If new ipcns is created,
it's created from scratch, in this case get/put on old ipcns isn't needed.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
ipc/namespace.c |6 +-
1 file changed, 1 insertion(+), 5 deletions(-)
--- a/ipc
net_create() will be used by C/R code to create fresh netns on restart.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
include/net/net_namespace.h |1 +
net/core/net_namespace.c| 44
2 files changed, 21 insertions(+), 24 deletions
it after the patch.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
arch/x86/include/asm/processor.h |3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/arch/x86/include/asm/processor.h
+++ b/arch/x86/include/asm/processor.h
@@ -422,7 +422,9 @@ struct thread_struct
Create/restore ipc_ns as an object, restore sysctl values.
FIXME: restoration of sysctls is buggy as-is, values should be written
at the very last moment
FIXME: actual restoration of IPC objects.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
include/linux/cr.h | 14
FIXME: opened tty won't passed -checkpoint check.
currently in desperate need on how to test it.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
include/linux/cr.h | 37
kernel/cr/Kconfig |1
kernel/cr/Makefile |1
kernel/cr/cpt-sys.c |6 +
kernel/cr/cr
On Fri, Apr 10, 2009 at 06:32:07AM +0400, Alexey Dobriyan wrote:
This is to show how we see C/R and to provoke discussion on number of
important issues (mounts, ...).
This is small part of long-awaited to be cleanuped code.
It's able to restore busyloop on i386 and x86_64 and restore i386
C/R tsk-files and opened files!
fd should have struct file::checkpoint ;-)
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
include/linux/cr.h | 16 +++
kernel/cr/cpt-sys.c |6 +
kernel/cr/cr-file.c | 249
kernel/cr/cr-task.c
To save nsproxy, or to not save nsproxy?
Don't think much, save it.
I argue that nsproxy should be removed totally, if someone thinks otherwise. ;-)
The idea is that relations between in-kernel data structures close map
relations in dumpfile.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
include/linux/cr.h | 14 +
kernel/cr/Kconfig |1
kernel/cr/Makefile |1
kernel/cr/cpt-sys.c|6 ++
kernel/cr/cr-nsproxy.c | 21 +++-
kernel/cr/cr-uts.c | 123
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
include/linux/cr.h|3 ++
kernel/cr/cr-x86_64.c | 72 --
2 files changed, 67 insertions(+), 8 deletions(-)
--- a/include/linux/cr.h
+++ b/include/linux/cr.h
@@ -140,6 +140,9 @@ struct
C/R struct pid and struct pid_namespace.
Userspace should see same pids as before.
-last_pid is visible though /proc/loadavg, so it needs to be dumped too, sigh.
FIXME: restoration of pidns is recursive.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
include/linux/cr.h
Dump/restore struct cred, struct user, struct user_namespace, struct group_info
FIXME: restore struct user
FIXME: restore struct file::f_cred
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
include/linux/cr.h | 46
include/linux/cred.h |1
kernel/cr/Kconfig|1
FIXME: actual LDT restore
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
kernel/cr/cr-x86_64.c | 22 +-
1 file changed, 13 insertions(+), 9 deletions(-)
--- a/kernel/cr/cr-x86_64.c
+++ b/kernel/cr/cr-x86_64.c
@@ -1,6 +1,7 @@
/* Copyright (C) 2000-2009 Parallels
Add start argument, it will be used to map vDSO to exactly same place
on restart(2).
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
arch/powerpc/include/asm/elf.h |1 +
arch/powerpc/kernel/vdso.c |2 +-
arch/s390/include/asm/elf.h|2 +-
arch/s390/kernel
Segment registers abstraction is done to allow i386 = x86_64 COMPAT=y
migration.
What is unsupported is in cr_arch_check_task_struct().
FIXME: support more that busyloop.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
arch/x86/include/asm/unistd_32.h |2
arch/x86/kernel
Dump signal_struct, sighand_struct.
FIXME: correstly restore, check everything
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
include/linux/cr.h | 28
include/linux/signal.h |1
kernel/cr/Makefile |1
kernel/cr/cpt-sys.c| 12 +
kernel/cr/cr-signal.c
netns is full of questions too.
Restore netns itself, and core.somaxconn, unix.max_dgram_qlen for start.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
include/linux/cr.h | 13 +
kernel/cr/Kconfig |1
kernel/cr/Makefile |1
kernel/cr/cpt-sys.c|6
This is one big FIXME:
What to do with overmounted files?
What to do with mounts at all, who should restore them?
just restore something to not oops on task exit
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
fs/namespace.c| 22 ++--
include/linux
FIXME: LDT actual restoration
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
kernel/cr/cr-x86_32.c | 21 +
1 file changed, 13 insertions(+), 8 deletions(-)
--- a/kernel/cr/cr-x86_32.c
+++ b/kernel/cr/cr-x86_32.c
@@ -1,6 +1,7 @@
/* Copyright (C) 2000-2009
struct thread_struct::ip isn't used on x86_64, struct pt_regs::ip is used
instead.
kgdb should be reading 0, but I can't check it.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
arch/x86/include/asm/processor.h |2 ++
arch/x86/kernel/kgdb.c |2 +-
2 files changed, 3
Dump umask, root, pwd.
root, pwd are dumped as names returned by d_path.
FIXME, FIXME, FIXME: think through what to do with overmount
and vfsmount themselves!!!
FIXME: restore root, pwd, tsk-fs itself
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
include/linux/cr.h | 12
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
include/linux/cr.h|3 +++
kernel/cr/cr-x86_32.c | 49 ++---
2 files changed, 45 insertions(+), 7 deletions(-)
--- a/include/linux/cr.h
+++ b/include/linux/cr.h
@@ -96,6 +96,9 @@ struct
Nothing will be dumped because socket file_operations aren't ready.
This is one big FIXME item.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
include/linux/cr.h|8
kernel/cr/Makefile|1
kernel/cr/cpt-sys.c |6 +++
kernel/cr/cr-net.c|7 +++
kernel/cr
FIXME: check VMA has same parameters.
FIXME: abort if target kernel has vDSO disabled (?)
FIXME: restore pages, vDSO is writable after all.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
arch/x86/vdso/vdso32-setup.c |6 ++
include/linux/cr.h | 11 +
include/linux
FIXME: support more that busyloop
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
arch/x86/ia32/ia32entry.S|2
arch/x86/include/asm/unistd_64.h |4
include/linux/cr.h | 41
kernel/cr/Makefile |1
kernel/cr/cr-x86_64.c
On Fri, Apr 10, 2009 at 11:19:31AM +0200, Ingo Molnar wrote:
* Matt Helsley matth...@us.ibm.com wrote:
On Fri, Apr 10, 2009 at 06:35:22AM +0400, Alexey Dobriyan wrote:
struct thread_struct::ip isn't used on x86_64, struct pt_regs::ip is used
instead.
kgdb should be reading 0
On Fri, Apr 10, 2009 at 11:01:49AM +0200, Ingo Molnar wrote:
* Alexey Dobriyan adobri...@gmail.com wrote:
--- a/include/linux/ipc_namespace.h
+++ b/include/linux/ipc_namespace.h
@@ -97,6 +97,7 @@ static inline int mq_init_ns(struct ipc_namespace *ns) {
return 0; }
#if defined
On Fri, Apr 10, 2009 at 10:28:15AM +0200, Ingo Molnar wrote:
* Alexey Dobriyan adobri...@gmail.com wrote:
This is to show how we see C/R and to provoke discussion on number
of important issues (mounts, ...).
This is small part of long-awaited to be cleanuped code.
It's able
On Fri, Apr 10, 2009 at 11:35:20AM +0200, Ingo Molnar wrote:
* Alexey Dobriyan adobri...@gmail.com wrote:
+int cr_restore_file(struct cr_context *ctx, loff_t pos)
+{
I tried to review this code, but it's almost unreadable to me,
Pity you.
due to basic code structure mistakes like
On Fri, Apr 10, 2009 at 10:47:47AM +0200, Ingo Molnar wrote:
* Alexey Dobriyan adobri...@gmail.com wrote:
+struct kern_ipc_perm;
Please, not yet another forward declaration...
I believe this should be cleaned up properly, instead of sprinkling
the kernel with random placed forward
On Fri, Apr 10, 2009 at 05:56:36PM -0500, Serge E. Hallyn wrote:
Quoting Alexey Dobriyan (adobri...@gmail.com):
net_create() will be used by C/R code to create fresh netns on restart.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
Acked-by: Serge Hallyn se...@us.ibm.com
Although
On Fri, Apr 10, 2009 at 08:06:55AM -0700, Linus Torvalds wrote:
On Fri, 10 Apr 2009, Alexey Dobriyan wrote:
This is to show how we see C/R and to provoke discussion on number of
important issues (mounts, ...).
My only initial reaction is that I absolutely hate the naming (not to say
I
On Fri, Apr 10, 2009 at 12:19:23PM -0400, Brian Haley wrote:
Alexey Dobriyan wrote:
And of course, I don't want to see multiline
vmflags = ~(VM_READ|VM_WRITE|
[5 lines skipped]
Then why don't you:
#define VM_CR_FOO (VM_READ|VM_WRITE|...)
vmflags
On Thu, Apr 09, 2009 at 10:07:11PM -0700, Dave Hansen wrote:
I'm curious how you see these fitting in with the work that we've been
doing with Oren. Do you mean to just start a discussion or are you
really proposing these as an alternative to what Oren has been posting?
Yes, this is posted as
On Fri, Apr 10, 2009 at 06:36:49AM +0400, Alexey Dobriyan wrote:
Now x86 matrix of migration is:
task/kernel kernel
--
i386/i386 = i386
i386/i386 = x86_64
i386/x86_64 = i386
i386
On Mon, Apr 13, 2009 at 11:39:51AM -0700, Linus Torvalds wrote:
On Mon, 13 Apr 2009, Alexey Dobriyan wrote:
Well, in OpenVZ everything is in kernel/cpt/ and prefixed with cpt_
and rst_.
So?
We're not merging OpenVZ code _either_.
This is to give example of other prefixes: cpt_
On Tue, Apr 14, 2009 at 12:26:50AM -0400, Oren Laadan wrote:
Alexey Dobriyan wrote:
On Thu, Apr 09, 2009 at 10:07:11PM -0700, Dave Hansen wrote:
I'm curious how you see these fitting in with the work that we've been
doing with Oren. Do you mean to just start a discussion or are you
.
This is incomplete part. But, yes, freeze, dump, thaw/kill as separate
actions make sense.
checkpoint(CR_CPT_FREEZE);
[rsync fs]
checkpoint(CR_CPT_DUMP|CR_CPT_KILL);
with check that CR_CPT_THAW doesn't happen during dump.
* A plethora of FIXME comments ...
Alexey Dobriyan wrote
On Mon, Apr 13, 2009 at 04:47:01PM -0500, Serge E. Hallyn wrote:
Quoting Alexey Dobriyan (adobri...@gmail.com):
Hi Alexey,
as far as I can see, the main differences between this patch and the
equivalent in Oren's tree are:
1. kernel auto-selects container init to freeze
Note, auto
On Tue, Apr 14, 2009 at 01:22:03AM -0400, Oren Laadan wrote:
Alexey Dobriyan wrote:
* add struct file_operations::checkpoint
The point of hook is to serialize enough information to allow restoration
of an opened file.
The idea (good one!) is that the code which supplies
On Mon, Apr 13, 2009 at 11:43:30PM -0400, Oren Laadan wrote:
For checkpoint/restart (c/r) we need a method to (re)create the tasks
tree during restart. There are basically two approaches: in userspace
(zap approach) or in the kernel (openvz approach).
Once tasks have been created both
On Tue, Apr 14, 2009 at 08:41:34AM -0700, Dave Hansen wrote:
On Tue, 2009-04-14 at 19:27 +0400, Alexey Dobriyan wrote:
Also, since Dave introduced the fops-checkpoint(), we (or at least I)
have been struck by the ugly assymetry with checkpoint() being in fops,
and restart() not. Do you
1) somebody should write registers before final jump to userspace.
Task itself can't generally do it: struct pt_regs is in the same place
as kernel stack.
cr_load_cpu_regs() does exactly this: as current writes to it's own
pt_regs. Oren, why don't you see crashes?
I first
On Tue, Apr 14, 2009 at 10:41:39AM -0500, Serge E. Hallyn wrote:
Quoting Alexey Dobriyan (adobri...@gmail.com):
On Mon, Apr 13, 2009 at 04:47:01PM -0500, Serge E. Hallyn wrote:
Quoting Alexey Dobriyan (adobri...@gmail.com):
Hi Alexey,
as far as I can see, the main differences
On Tue, Apr 14, 2009 at 10:41:39AM -0500, Serge E. Hallyn wrote:
Quoting Alexey Dobriyan (adobri...@gmail.com):
On Mon, Apr 13, 2009 at 04:47:01PM -0500, Serge E. Hallyn wrote:
Quoting Alexey Dobriyan (adobri...@gmail.com):
Hi Alexey,
as far as I can see, the main differences
On Tue, Apr 14, 2009 at 09:39:50AM -0700, Dave Hansen wrote:
On Tue, 2009-04-14 at 20:00 +0400, Alexey Dobriyan wrote:
Are you suggesting that conversion of a checkpoint image from an older
version to a newer version be done in the kernel ?
For mainline kernel it's completely
The ability to streamline the checkpoint image IMHO is invaluable.
It's the unix way (TM) of doing things; it makes the process pipe-able.
You can do many nice things when the checkpoint can be streamed: you
can compress, sign, encrypt etc on the fly without taking additional
In the end correctness of chopping will be equal to how good user
understands that two task_struct's are independent of each other.
But it will still be a useful tool for many use cases, like batch cpu jobs,
some servers, vnc sessions (if you want graphics) etc. Imagine you run
On Tue, Apr 14, 2009 at 03:31:55PM -0400, Oren Laadan wrote:
Alexey Dobriyan wrote:
On Tue, Apr 14, 2009 at 02:08:21PM -0400, Oren Laadan wrote:
Alexey Dobriyan wrote:
On Tue, Apr 14, 2009 at 12:26:50AM -0400, Oren Laadan wrote:
Alexey Dobriyan wrote:
On Thu, Apr 09, 2009 at 10:07
* not having CAP_SYS_ADMIN on restart(2)
Surely you have read already on the containers mailing list that
for the *time being* we attempt to get as far as possible without
requiring root privileges, to identify security hot-spots.
More or less everything is hotspot.
Going back to
On Tue, Apr 14, 2009 at 04:10:53PM -0400, Oren Laadan wrote:
Alexey Dobriyan wrote:
In the end correctness of chopping will be equal to how good user
understands that two task_struct's are independent of each other.
But it will still be a useful tool for many use cases, like batch cpu
On Wed, Apr 15, 2009 at 04:16:09PM -0500, Serge E. Hallyn wrote:
Quoting Oren Laadan (or...@cs.columbia.edu):
Serge E. Hallyn wrote:
Quoting Dave Hansen (d...@linux.vnet.ibm.com):
On Wed, 2009-04-15 at 23:21 +0400, Alexey Dobriyan wrote:
Is sysctl to control CAP_SYS_ADMIN
On Mon, Apr 27, 2009 at 01:07:17PM -0500, Serge E. Hallyn wrote:
Heh, because there is no such thing as a 'container'.
Oh, yes, there is.
Set of tasks shares set of uts_ns, ipc_ns, mnt_ns, pid_ns and net_ns.
No other task shares this set.
Pid_ns set has tree hierarchy.
All user_ns which come
On Tue, Apr 14, 2009 at 10:23:20AM -0700, Dave Hansen wrote:
On Tue, 2009-04-14 at 21:04 +0400, Alexey Dobriyan wrote:
Right while I have opinions on some things in this list, I didn't
mean to imply positions on these items. My question was: are
there are differences you want to call
create_pid_namespace() creates everything, but caller has to assign parent
pidns by hand, which is unnatural. At the moment of call new -level has
to be taken from somewhere and parent pidns is already available.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
kernel/pid_namespace.c
copy_pid_ns() is a perfect example of a case where unwinding leads to more
code and makes it less clear. Watch the diffstat.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
kernel/pid_namespace.c | 18 +++---
1 files changed, 3 insertions(+), 15 deletions(-)
diff --git
clone_ipc_ns() is misnamed, it doesn't clone anything and doesn't use passed
parameter. Rename it.
create_ipc_ns() will be used by C/R to create fresh ipcns.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
Acked-by: Serge Hallyn se...@us.ibm.com
---
ipc/namespace.c |9 ++---
1 files
copy_net_ns() doesn't copy anything, it creates fresh netns, so get/put of old
netns isn't needed.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
Acked-by: Serge Hallyn se...@us.ibm.com
---
net/core/net_namespace.c |5 +
1 files changed, 1 insertions(+), 4 deletions(-)
diff --git
copy_ipcs() doesn't actually copy anything. If new ipcns is created, it's
created from scratch, in this case get/put on old ipcns isn't needed.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
Acked-by: Serge Hallyn se...@us.ibm.com
---
ipc/namespace.c |6 +-
1 files changed, 1
net_create() will be used by C/R to create fresh netns on restart.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
Acked-by: Serge Hallyn se...@us.ibm.com
---
net/core/net_namespace.c | 44
1 files changed, 20 insertions(+), 24 deletions(-)
diff
stopped touching it after the patch.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
arch/x86/include/asm/processor.h |3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
index c2cceae..a6732ff 100644
struct thread_struct::ip isn't used on x86_64, struct pt_regs::ip is used
instead.
kgdb should be reading 0 always, but I can't check it.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
arch/x86/include/asm/processor.h |2 ++
arch/x86/kernel/kgdb.c |2 +-
2 files
the same way they are checked on PTRACE_POKEUSR.
Question 1: TIF_DEBUG can set even if none of breakpoints is turned on,
should this be optimized?
Question 2: Breakpoints are allowed to be globally enabled, is this a
security risk?
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
arch/x86
On Mon, May 04, 2009 at 04:16:01AM +0400, Alexey Dobriyan wrote:
+static int ptrace_check_debugreg(int _32bit,
+ unsigned long dr0, unsigned long dr1,
+ unsigned long dr2, unsigned long dr3,
+ unsigned long
On Tue, May 12, 2009 at 10:07:13AM -0500, Serge E. Hallyn wrote:
do you object to this patch? The idea is to not give away any
privilege not otherwise needed.
--- a/checkpoint/sys.c
+++ b/checkpoint/sys.c
@@ -281,7 +281,7 @@ asmlinkage long sys_checkpoint(pid_t pid, int fd,
unsigned long
On Mon, May 11, 2009 at 11:05:39AM -0500, Serge E. Hallyn wrote:
--- a/checkpoint/objhash.c
+++ b/checkpoint/objhash.c
+#define CKPT_MAXGROUPS 15
+#define MAX_GROUPINFO_SIZE (sizeof(*h)+CKPT_MAXGROUPS*sizeof(gid_t))
+/* move this fn into kernel/sys.c next to group functions? */
+static int
On Thu, May 14, 2009 at 12:18:50PM +0400, Alexey Dobriyan wrote:
On Mon, May 11, 2009 at 11:05:39AM -0500, Serge E. Hallyn wrote:
--- a/checkpoint/objhash.c
+++ b/checkpoint/objhash.c
+#define CKPT_MAXGROUPS 15
+#define MAX_GROUPINFO_SIZE (sizeof(*h)+CKPT_MAXGROUPS*sizeof(gid_t
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
include/linux/ipc_namespace.h |1
ipc/namespace.c | 48 +-
2 files changed, 24 insertions(+), 25 deletions(-)
--- a/include/linux/ipc_namespace.h
+++ b/include/linux
Function is really private to ipc/ and avoid struct kern_ipc_perm
forward declaration.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
include/linux/ipc_namespace.h |4
ipc/util.h|3 ++-
2 files changed, 2 insertions(+), 5 deletions(-)
--- a/include
cred.h can't be included as first header because it uses __init and
doesn't include init.h which is enough to break compilation on at least
ia64.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
include/linux/cred.h |1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git
clone_nsproxy() does useless copying of old nsproxy -- every pointer will be
rewritten to new ns or to old ns. Remove copying, rename clone_nsproxy(),
create_nsproxy() will be used by C/R code to create fresh nsproxy on restart.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
Acked-by: Serge
create_uts_ns() will be used by C/R to create fresh uts_ns.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
kernel/utsname.c | 13 +++--
1 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/kernel/utsname.c b/kernel/utsname.c
index 815237a..8a82b4b 100644
--- a/kernel
clone_ipc_ns() is misnamed, it doesn't clone anything and doesn't use passed
parameter. Rename it.
create_ipc_ns() will be used by C/R to create fresh ipcns.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
Acked-by: Serge Hallyn se...@us.ibm.com
---
ipc/namespace.c |9 ++---
1 files
create_pid_namespace() creates everything, but caller has to assign parent
pidns by hand, which is unnatural. At the moment of call new -level has
to be taken from somewhere and parent pidns is already available.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
kernel/pid_namespace.c
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
include/linux/ipc_namespace.h |1 -
ipc/namespace.c | 48
2 files changed, 24 insertions(+), 25 deletions(-)
diff --git a/include/linux/ipc_namespace.h b/include/linux
copy_pid_ns() is a perfect example of a case where unwinding leads to more
code and makes it less clear. Watch the diffstat.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
kernel/pid_namespace.c | 18 +++---
1 files changed, 3 insertions(+), 15 deletions(-)
diff --git
Function is really private to ipc/ and avoid struct kern_ipc_perm
forward declaration.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
include/linux/ipc_namespace.h |4
ipc/util.h|3 ++-
2 files changed, 2 insertions(+), 5 deletions(-)
diff --git
copy_net_ns() doesn't copy anything, it creates fresh netns, so get/put of old
netns isn't needed.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
Acked-by: Serge Hallyn se...@us.ibm.com
---
net/core/net_namespace.c |5 +
1 files changed, 1 insertions(+), 4 deletions(-)
diff --git
stopped touching it after the patch.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
arch/x86/include/asm/processor.h |3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
index c2cceae..a6732ff 100644
struct thread_struct::ip isn't used on x86_64, struct pt_regs::ip is used
instead.
kgdb should be reading 0 always, but I can't check it.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
arch/x86/include/asm/processor.h |2 ++
arch/x86/kernel/kgdb.c |2 +-
2 files
, no need to save and restore -exe_file and to count
additional references to check if there is a leak of struct file outside
group of checkpointed resources.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
fs/exec.c|2 -
fs/proc/base.c | 105
to something like:
if (ctx-dump_live)
down_read(uts_sem);
...
if (ctx-dump_live)
up_read(uts_sem);
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
include/linux/kstate-image.h | 14 +
include/linux/kstate.h |5
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
include/linux/kstate-image.h |6 ++
include/linux/kstate.h | 19 +++
include/net/net_namespace.h|1 +
kernel/kstate/cpt-sys.c|6 ++
kernel/kstate/kstate-context.c |8 +++
kernel/kstate/kstate
Move supplementary groups implementation to kernel/groups.c .
kernel/sys.c already accumulated quite a few random stuff.
Do strictly copy/paste + add required headers to compile.
Compile-tested on many configs and archs.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
kernel/Makefile
Again, checks aren't enough on all counts.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
include/linux/kstate-image.h |3 ++
kernel/kstate/kstate-x86_64.c | 44
2 files changed, 42 insertions(+), 5 deletions(-)
diff --git a/include/linux
In theory and in practice, x86_64 COMPAT=y kernel will restore i386 images
and in other direction. There are small problems still and it doesn't work,
but mentioning anyway.
Right now x86_64 kernel restores only x86_64 images and 64-bit tasks.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
include/linux/kstate-image.h | 10 +++
include/linux/kstate.h |5 ++
kernel/cred.c | 30 +-
kernel/groups.c| 125
kernel/kstate/cpt-sys.c
Segment registers are abstracted to allow i386 = x86_64
migration (BTW, I'm not so sure if just making 32-bit selectors
the same will achieve same effect)
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
arch/x86/include/asm/unistd_32.h |2 +
arch/x86/kernel/syscall_table_32.S |2
We have first loop -- user-user_ns-creator (which is struct user_struct)
user_ns image references -creator image but only partially because
user_namespaces are dumped before user_structs.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
include/linux/kstate-image.h | 12 +++
include
-group_info, -user will be done in next patches
FIXME: insufficient checks for capabilities at least.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
include/linux/kstate-image.h | 25 ++
include/linux/kstate.h |5 +
kernel/cred.c | 164
No IPC objects are done yet, only struct ipc_namespace itself and
tsk-nsproxy-ipc_ns skeleton.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
include/linux/ipc_namespace.h |3 +
include/linux/kstate-image.h |6 ++
include/linux/kstate.h | 19
ipc/namespace.c
More patches before [PATCH 18/38] C/R: core stuff were already
sent via usual channels and some are already in -next.
There are being repeated to maintain clean series against mainline.
I forgot to mention that -checkpoint hook was not added to vDSO
mapping for several reasons so if someone want
Make extensive checks to not allow restoration of breakpoints
inside kernel code.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
arch/x86/include/asm/ptrace.h |5 +
arch/x86/kernel/ptrace.c |8
include/linux/kstate-image.h |7 +++
kernel/kstate/kstate
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
include/linux/kstate-image.h |7 +++
kernel/kstate/kstate-x86_64.c | 26 ++
2 files changed, 29 insertions(+), 4 deletions(-)
diff --git a/include/linux/kstate-image.h b/include/linux/kstate-image.h
index
The only check is if xstate length doesn't match.
This is insufficient, but posted anyway, because glibc manages
to do FP calculations and create xstate which would prevent
checkpointing.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
include/linux/kstate-image.h |3 ++
kernel
- dump nsproxy as KSTATE_OBJ_NSPROXY type filled with references
- on restore, read reference, read and restore namespace if needed,
bump refcount, glue namespace to nsproxy.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
include/linux/kstate-image.h |6 ++
include/linux/kstate.h
File descriptor is dumped as formally an object, despite it can't be shared
by itself, only files_struct can.
Opening is done, veryfying that we opened right file, restoration of file
position and nothing more.
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
include/linux/kstate-image.h
the same way they are checked on PTRACE_POKEUSR.
Question 1: TIF_DEBUG can set even if none of breakpoints is turned on,
should this be optimized?
Question 2: Breakpoints are allowed to be globally enabled, is this a
security risk?
Signed-off-by: Alexey Dobriyan adobri...@gmail.com
---
arch/x86
301 - 400 of 455 matches
Mail list logo