Re: [PATCH] autofs: don't stuck in a loop if vfs_write returns an error

2016-06-09 Thread Andrei Vagin
On Wed, Jun 8, 2016 at 6:23 PM, Ian Kent <ra...@themaw.net> wrote: > On Mon, 2016-05-30 at 13:52 +0800, Ian Kent wrote: >> On Tue, 2016-05-24 at 09:34 +0800, Ian Kent wrote: >> > On Mon, 2016-05-23 at 14:50 -0700, Andrei Vagin wrote: >> > > Hi Ian, >&

Re: x86: A process doesn't stop on hw breakpoints sometimes

2016-05-23 Thread Andrei Vagin
On Mon, May 23, 2016 at 4:05 PM, Andrei Vagin <ava...@gmail.com> wrote: > Hi, > > We use breakpoints on CRIU to stop a processes before calling > rt_sigreturn and we found that sometimes a process runs through a > break-point without stopping on it. > > https://githu

x86: A process doesn't stop on hw breakpoints sometimes

2016-05-23 Thread Andrei Vagin
Hi, We use breakpoints on CRIU to stop a processes before calling rt_sigreturn and we found that sometimes a process runs through a break-point without stopping on it. https://github.com/xemul/criu/issues/162 A small reproducer is attached. It forks a child, stops it, sets a breakpoint,

Re: [PATCH] autofs: don't stuck in a loop if vfs_write returns an error

2016-05-23 Thread Andrei Vagin
Hi Ian, When are you going to apply this patch? We can't test linux-next without it. Thanks, Andrew On Fri, Apr 1, 2016 at 12:37 AM, Ian Kent wrote: > On Thu, 2016-03-31 at 22:12 -0700, Andrey Vagin wrote: >> From: Andrey Vagin >> >> __vfs_write() returns

Re: x86: A process doesn't stop on hw breakpoints sometimes

2016-05-23 Thread Andrei Vagin
On Mon, May 23, 2016 at 6:28 PM, Andrei Vagin <ava...@gmail.com> wrote: > On Mon, May 23, 2016 at 4:05 PM, Andrei Vagin <ava...@gmail.com> wrote: >> Hi, >> >> We use breakpoints on CRIU to stop a processes before calling >> rt_sigreturn and we found that some

Re: cgroup, kernfs: make mountinfo show properly scoped path for cgroup namespaces

2016-05-11 Thread Andrei Vagin
Hello, https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=4f41fc59620fcedaa97cbdf3d7d2956d80fcd922 This commit breaks criu: [root@fc22-vm criu]# ./criu/criu check Error (mount.c:403): mnt: No root found for mountpoint 35 (@./sys/kernel/debug) The problem is that

Re: [PATCH v2 09/10] netns: Add a limit on the number of net namespaces

2016-07-26 Thread Andrei Vagin
On Thu, Jul 21, 2016 at 9:40 AM, Eric W. Biederman wrote: > Signed-off-by: "Eric W. Biederman" > --- > include/linux/user_namespace.h | 1 + > kernel/user_namespace.c| 1 + > net/core/net_namespace.c | 15 +++ > 3 files

Re: [CRIU] Introspecting userns relationships to other namespaces?

2016-07-07 Thread Andrei Vagin
On Thu, Jul 7, 2016 at 10:41 PM, Andrei Vagin <ava...@gmail.com> wrote: > On Thu, Jul 7, 2016 at 8:26 PM, James Bottomley > <james.bottom...@hansenpartnership.com> wrote: >> On Thu, 2016-07-07 at 20:00 -0700, Andrew Vagin wrote: >>> On Thu, Jul 07, 2016 at 07:

Re: [CRIU] Introspecting userns relationships to other namespaces?

2016-07-07 Thread Andrei Vagin
On Thu, Jul 7, 2016 at 8:26 PM, James Bottomley wrote: > On Thu, 2016-07-07 at 20:00 -0700, Andrew Vagin wrote: >> On Thu, Jul 07, 2016 at 07:16:18PM -0700, Andrew Vagin wrote: >> > On Thu, Jul 07, 2016 at 12:17:35PM -0700, James Bottomley wrote: >> > > On

Re: [PATCH v2 1/2] Limit dump_pipe program's permission to init for container

2016-08-05 Thread Andrei Vagin
On Tue, Aug 2, 2016 at 2:08 AM, Zhao Lei wrote: > Currently when we set core_pattern to a pipe, the pipe program is > forked by kthread running with root's permission, and write dumpfile > into host's filesystem. > Same thing happened for container, the dumper and dumpfile

Re: [PATCH v2 1/2] Limit dump_pipe program's permission to init for container

2016-08-05 Thread 'Andrei Vagin'
On Fri, Aug 05, 2016 at 03:52:25PM +0800, Zhao Lei wrote: > Hi, Andrei Vagin > > Thanks for your detailed review and suggestion. > > > -Original Message- > > From: Andrei Vagin [mailto:ava...@gmail.com] > > Sent: Friday, August 05, 2016 2:32 PM > >

[PATCH 0/2 v2] userns: show current values of user namespace counters

2016-08-15 Thread Andrei Vagin
roc//userns_counts Cc: Serge Hallyn <serge.hal...@canonical.com> Cc: Kees Cook <keesc...@chromium.org> Cc: "Eric W. Biederman" <ebied...@xmission.com> Signed-off-by: Andrei Vagin <ava...@openvz.org> Andrei Vagin (1): kernel: show current values of user na

Re: [PATCH 1/2] kernel: show current values of user namespace counters

2016-08-16 Thread Andrei Vagin
On Tue, Aug 16, 2016 at 03:05:29PM -0500, Serge E. Hallyn wrote: > Quoting Kees Cook (keesc...@chromium.org): > > On Mon, Aug 15, 2016 at 1:10 PM, Andrei Vagin <ava...@openvz.org> wrote: > > > Recently Eric added user namespace counters. User namespace counters is >

Re: seccomp: dump core when using SECCOMP_RET_KILL

2017-01-31 Thread Andrei Vagin
On Fri, Jan 27, 2017 at 01:48:30PM -0800, Kees Cook wrote: > On Wed, Jan 25, 2017 at 12:05 PM, Kees Cook <keesc...@chromium.org> wrote: > > On Tue, Jan 24, 2017 at 4:53 PM, Andrei Vagin <ava...@virtuozzo.com> wrote: > >> Hi, > >> > >> One

[PATCH] mnt: allow to add a mount into an existing group

2017-01-23 Thread Andrei Vagin
s to restore a mount namespace in a direct manner, without any super complex logic. Cc: Eric W. Biederman <ebied...@xmission.com> Cc: Alexander Viro <v...@zeniv.linux.org.uk> Signed-off-by: Andrei Vagin <ava...@openvz.org> --- fs/namespace.c | 53 ++

Re: seccomp: dump core when using SECCOMP_RET_KILL

2017-01-24 Thread Andrei Vagin
Hi, One of CRIU tests fails with this patch: https://github.com/xemul/criu/blob/master/test/zdtm/static/seccomp_filter_tsync.c Before this patch only a thread which called a "wrong" syscall is killed. Now a whole process is killed if one of threads called a "wrong" syscall. Before this patch

Re: [PATCH] seccomp: Only dump core when single-threaded

2017-02-22 Thread Andrei Vagin
On Wed, Feb 15, 2017 at 09:34:35AM +1100, James Morris wrote: > On Tue, 14 Feb 2017, Kees Cook wrote: > > > James, can you make sure this makes it into your -next tree for v4.11? > > Queued for next at: > > git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git#next-queue The

Re: [PATCH] seccomp: Only dump core when single-threaded

2017-02-13 Thread Andrei Vagin
; All CRIU tests passed with this patch. Thanks! Acked-by: Andrei Vagin <ava...@virtuozzo.com> > --- > kernel/seccomp.c | 13 - > 1 file changed, 8 insertions(+), 5 deletions(-) > > diff --git a/kernel/seccomp.c b/kernel/seccomp.c > index f8f88ebcb3ba..e1518

Re: [PATCH 2/2] pidns: Expose task pid_ns_for_children to userspace

2017-01-17 Thread Andrei Vagin
root 0 Jan 14 16:38 pid -> pid:[4026531836] > lrwxrwxrwx 1 root root 0 Jan 14 16:38 pid_for_children -> pid:[4026532286] > Cc: linux-api, Michael Kerrisk Acked-by: Andrei Vagin <ava...@virtuozzo.com> > Signed-off-by: Kirill Tkhai <ktk...@virtuozzo.com> > --- > fs

[PATCH 1/2] kernel: show current values of user namespace counters

2016-08-15 Thread Andrei Vagin
ge.hal...@canonical.com> Cc: Kees Cook <keesc...@chromium.org> Cc: "Eric W. Biederman" <ebied...@xmission.com> Signed-off-by: Andrei Vagin <ava...@openvz.org> --- fs/proc/array.c| 57 +++ fs/proc/base.c | 3 ++

[PATCH 2/2] Documentation: describe /proc//userns_counts

2016-08-15 Thread Andrei Vagin
From: Kirill Kolyshkin <k...@openvz.org> This file provides current usage of user namespace counters. Signed-off-by: Kirill Kolyshkin <k...@openvz.org> Signed-off-by: Andrei Vagin <ava...@openvz.org> --- Documentation/filesystems/proc.txt | 30 ++

Re: setitimer() doesn't work properly starting with 4.8-rc1

2016-08-17 Thread Andrei Vagin
On Wed, Aug 17, 2016 at 12:01 PM, Andrei Vagin <ava...@gmail.com> wrote: > Hello, > > I found that setitimer() doesn't work properly on out test AMD fitlet. > It works correctly in the 4.7 kernel and doesn't work in 4.8-rc1. > > A small test is attached to this message. &

setitimer() doesn't work properly starting with 4.8-rc1

2016-08-17 Thread Andrei Vagin
Hello, I found that setitimer() doesn't work properly on out test AMD fitlet. It works correctly in the 4.7 kernel and doesn't work in 4.8-rc1. A small test is attached to this message. [root@usr-LAN-dhcp-38 ~]# uname -a Linux usr-LAN-dhcp-38.99.sw.ru 4.8.0-0.rc2.git1.1.fc25.x86_64 #1 SMP Tue

Re: [RFC v2 2/3] kcmp: Add KCMP_EPOLL_TFD mode to compare epoll target files

2017-03-01 Thread Andrei Vagin
On Tue, Feb 28, 2017 at 08:12:46PM +0300, Cyrill Gorcunov wrote: > With current epoll architecture target files are addressed > with file_struct and file descriptor number, where the last > is not unique. Moreover files can be transferred from another > process via unix socket, added into queue

Re: [RFC 2/3] kcmp: Add KCMP_EPOLL_TFD mode to compare epoll target files

2017-02-27 Thread Andrei Vagin
On Tue, Feb 21, 2017 at 07:59:46PM +0300, Cyrill Gorcunov wrote: > With current epoll architecture target files are addressed > with file_struct and file descriptor number, where the last > is not unique. Moreover files can be transferred from another > process via unix socket, added into queue

Re: [PATCH] mnt: allow to add a mount into an existing group

2017-02-28 Thread Andrei Vagin
On Tue, Jan 24, 2017 at 02:03:23PM +1300, Eric W. Biederman wrote: > Andrei Vagin <ava...@openvz.org> writes: > > > Now a shared group can be only inherited from a source mount. > > This patch adds an ability to add a mount into an existing shared > > grou

[PATCH 1/4] kernel: add a helper to get an owning user namespace for a namespace

2016-09-06 Thread Andrei Vagin
utside of init_user_ns, so we can return EPERM. v3: rename ns->get_owner() to ns->owner(). get_* usually means that it grabs a reference. Acked-by: Serge Hallyn <se...@hallyn.com> Signed-off-by: Andrei Vagin <ava...@openvz.org> --- fs/namespace.c | 6 ++ include/lin

[PATCH 4/4] tools/testing: add a test to check nsfs ioctl-s

2016-09-06 Thread Andrei Vagin
espace is outside of the current process namespace. Signed-off-by: Andrei Vagin <ava...@openvz.org> --- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/nsfs/Makefile | 12 + tools/testing/selftests/nsfs/owner.c | 91 +++ tools/testing/se

[PATCH 0/4 v3] Add an interface to discover relationships between namespaces

2016-09-06 Thread Andrei Vagin
From: Andrey Vagin Each namespace has an owning user namespace and now there is not way to discover these relationships. Pid and user namepaces are hierarchical. There is no way to discover parent-child relationships too. Why we may want to know relationships between

[PATCH 3/4] nsfs: add ioctl to get a parent namespace

2016-09-06 Thread Andrei Vagin
From: Andrey Vagin <ava...@openvz.org> Pid and user namepaces are hierarchical. There is no way to discover parent-child relationships. In a future we will use this interface to dump and restore nested namespaces. Signed-off-by: Andrei Vagin <ava...@openvz.org> --

[PATCH 2/4] nsfs: add ioctl to get an owning user namespace for ns file descriptor

2016-09-06 Thread Andrei Vagin
https://lkml.org/lkml/2016/7/6/158 Signed-off-by: Andrei Vagin <ava...@openvz.org> --- fs/nsfs.c | 95 --- include/uapi/linux/nsfs.h | 11 ++ 2 files changed, 93 insertions(+), 13 deletions(-) create mode 100644 include/uapi/

Re: [PATCH v3 1/3] Make call_usermodehelper_exec possible to set pid namespace

2016-09-06 Thread Andrei Vagin
On Mon, Aug 29, 2016 at 08:06:39PM +0800, Zhao Lei wrote: > Current call_usermodehelper_exec() can not set pid namespace for > the executed program, because we need addition fork to make pid > namespace active. > > This patch add above function for call_usermodehelper_exec(). > When

[PATCH v2] mount: dont execute propagate_umount() many times for same mounts

2016-10-06 Thread Andrei Vagin
8192 | 0.227 | 50.794 16384 | 1.015 | 810 This patch is a second step to fix CVE-2016-6213. v2: fix mark_umount_candidates() to not change the existing behaviour. Signed-off-by: Andrei Vagin <ava...@openvz.org> --- fs/mount.h | 2 ++ fs/namespace.c | 19 --- fs/p

Re: [PATCH 0/2 v2] userns: show current values of user namespace counters

2016-10-06 Thread Andrei Vagin
Hello Eric, What do you think about this series? It should be useful to know current usage for user counters. Thanks, Andrei On Mon, Aug 15, 2016 at 01:10:20PM -0700, Andrei Vagin wrote: > Recently Eric added user namespace counters. User namespace counters is > a feature that allows to

Re: [PATCH v2] mount: dont execute propagate_umount() many times for same mounts

2016-10-07 Thread Andrei Vagin
On Thu, Oct 06, 2016 at 02:46:30PM -0500, Eric W. Biederman wrote: > Andrei Vagin <ava...@openvz.org> writes: > > > The reason of this optimization is that umount() can hold namespace_sem > > for a long time, this semaphore is global, so it affects all users. > > Re

[PATCH 1/4] kernel: add a helper to get an owning user namespace for a namespace

2016-08-26 Thread Andrei Vagin
utside of init_user_ns, so we can return EPERM. Signed-off-by: Andrei Vagin <ava...@openvz.org> --- fs/namespace.c | 6 ++ include/linux/proc_ns.h| 1 + include/linux/user_namespace.h | 7 +++ ipc/namespace.c| 6 ++ kernel/cgroup.c

[PATCH 2/4] nsfs: add ioctl to get an owning user namespace for ns file descriptor

2016-08-26 Thread Andrei Vagin
https://lkml.org/lkml/2016/7/6/158 Signed-off-by: Andrei Vagin <ava...@openvz.org> --- fs/nsfs.c | 95 --- include/uapi/linux/nsfs.h | 11 ++ 2 files changed, 93 insertions(+), 13 deletions(-) create mode 100644 include/uapi/

[PATCH 0/4 v2] Add an interface to discover relationships between namespaces

2016-08-26 Thread Andrei Vagin
From: Andrey Vagin Each namespace has an owning user namespace and now there is not way to discover these relationships. Pid and user namepaces are hierarchical. There is no way to discover parent-child relationships too. Why we may want to know relationships between

[PATCH 4/4] tools/testing: add a test to check nsfs ioctl-s

2016-08-26 Thread Andrei Vagin
espace is outside of the current process namespace. Signed-off-by: Andrei Vagin <ava...@openvz.org> --- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/nsfs/Makefile | 12 + tools/testing/selftests/nsfs/owner.c | 91 +++ tools/testing/se

[PATCH 3/4] nsfs: add ioctl to get a parent namespace

2016-08-26 Thread Andrei Vagin
From: Andrey Vagin <ava...@openvz.org> Pid and user namepaces are hierarchical. There is no way to discover parent-child relationships. In a future we will use this interface to dump and restore nested namespaces. Signed-off-by: Andrei Vagin <ava...@openvz.org> --

[PATCH] mount: dont execute propagate_umount() many times for same mounts

2016-08-28 Thread Andrei Vagin
CVE-2016-6213. The next step will be to add ucount (user namespace limit) for mounts. Signed-off-by: Andrei Vagin <ava...@openvz.org> --- fs/mount.h | 2 ++ fs/namespace.c | 19 --- fs/pnode.c | 23 +-- 3 files changed, 39 insertions(+), 5 del

Re: [PATCH 0/2 v2] userns: show current values of user namespace counters

2016-10-10 Thread Andrei Vagin
On Thu, Oct 06, 2016 at 02:33:53PM -0500, Eric W. Biederman wrote: > Andrei Vagin <ava...@virtuozzo.com> writes: > > > Hello Eric, > > > > What do you think about this series? It should be useful to know current > > usage for user counters. > > I

Re: [RFC][PATCH v2] mount: In propagate_umount handle overlapping mount propagation trees

2016-10-25 Thread Andrei Vagin
| 0.022s | > 0.008s > 4096 | 0.604s | 0.025s | 0.020s | 0.029s | 0.008s | 0.026s | > 0.004s > 8912 | 4.471s | 0.053s | 0.020s | 0.051s | 0.024s | 0.047s | > 0.016s > 16384 | 34.826s | 0.088s | 0.060s | 0.081s | 0.048s | 0.082s | &

Re: [RFC][PATCH v2] mount: In propagate_umount handle overlapping mount propagation trees

2016-10-25 Thread Andrei Vagin
On Tue, Oct 25, 2016 at 04:45:44PM -0500, Eric W. Biederman wrote: > Andrei Vagin <ava...@virtuozzo.com> writes: > > > On Sat, Oct 22, 2016 at 02:42:03PM -0500, Eric W. Biederman wrote: > >> > >> Andrei, > >> > >> This fixes the issue

[PATCH] proc: optimize render_sigset_t()

2016-11-08 Thread Andrei Vagin
briyan <adobri...@gmail.com> Signed-off-by: Andrei Vagin <ava...@openvz.org> --- fs/proc/array.c | 11 --- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/fs/proc/array.c b/fs/proc/array.c index 81818ad..0190c3e 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c

Re: [PATCH] fs/proc/array.c: slightly improve render_sigset_t

2016-11-09 Thread Andrei Vagin
cording to > this microbenchmark: > > char buf[4096]; > int i, fd; > for (i = 0; i < 1; ++i) { > fd = open("/proc/self/status", O_RDONLY); > read(fd, buf, sizeof(buf)); > close(fd);

Re: [RFC][PATCH v2] mount: In mark_umount_candidates and __propogate_umount visit each mount once

2016-10-18 Thread Andrei Vagin
0.192s | 0.144s | 0.167s | > 0.156s > 65536 | | 0.833s | 0.716s | 0.485s | 0.276s | 0.468s | > 0.316s > 131072 | | 4.628s | 4.108s | 0.758s | 0.632s | 0.736s | > 0.612s > > Andrei Vagin reports fixing this performance probl

[PATCH net-next] net: add an ioctl to get a socket network namespace

2016-10-24 Thread Andrei Vagin
Cc: Eric W. Biederman <ebied...@xmission.com> Signed-off-by: Andrei Vagin <ava...@openvz.org> --- fs/nsfs.c| 2 +- include/linux/proc_fs.h | 4 include/uapi/linux/sockios.h | 1 + net/socket.c | 13 + 4 files changed, 19 insert

[PATCH v2] net: skip genenerating uevents for network namespaces that are exiting

2016-10-24 Thread Andrei Vagin
Wang <xiyou.wangc...@gmail.com> Cc: "David S. Miller" <da...@davemloft.net> Cc: Eric W. Biederman <ebied...@xmission.com> Signed-off-by: Andrei Vagin <ava...@openvz.org> --- net/core/net-sysfs.c | 14 +++--- 1 file changed, 11 insertions(+), 3 delet

[PATCH] net: skip genenerating uevents for network namespaces that are exiting

2016-10-20 Thread Andrei Vagin
namespaces, because they are destroyed under net_mutex and many namespaces can be destroyed for one iteration. Cc: "David S. Miller" <da...@davemloft.net> Cc: Eric W. Biederman <ebied...@xmission.com> Signed-off-by: Andrei Vagin <ava...@openvz.org> --- net/core/net-sy

[PATCH net-next] net: allow to kill a task which waits net_mutex in copy_new_ns

2016-10-20 Thread Andrei Vagin
aiting net_mutex. Cc: "David S. Miller" <da...@davemloft.net> Cc: Eric W. Biederman <ebied...@xmission.com> Signed-off-by: Andrei Vagin <ava...@openvz.org> --- net/core/net_namespace.c | 9 - 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/n

[PATCH net-next] tcp: allow to enable the repair mode for non-listening sockets

2016-11-14 Thread Andrei Vagin
to enable repair mode for these sockets. The repair mode reveals nothing more for sockets in other states. Signed-off-by: Andrei Vagin <ava...@openvz.org> --- net/ipv4/tcp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index 3251fe7..a

Re: [REVIEW][PATCH] mount: In propagate_umount handle overlapping mount propagation trees

2016-10-21 Thread Andrei Vagin
6384 | 34.826s | 0.088s | 0.060s | 0.081s | 0.048s | 0.082s | > 0.052s > 32768 | | 0.216s | 0.172s | 0.160s | 0.124s | 0.160s | > 0.096s > 65536 | | 0.819s | 0.726s | 0.330s | 0.260s | 0.338s | > 0.256s > 131072 | | 4.502s | 4.168s

Re: [RFC][PATCH v2] mount: In propagate_umount handle overlapping mount propagation trees

2016-11-01 Thread Andrei Vagin
On Tue, Oct 25, 2016 at 04:45:44PM -0500, Eric W. Biederman wrote: > Andrei Vagin <ava...@virtuozzo.com> writes: > > > > From 8e0f45c0272aa1f789d1657a0acc98c58919dcc3 Mon Sep 17 00:00:00 2001 > > From: Andrei Vagin <ava...@openvz.org> > > Date: Tue, 25 Oct

Re: [RFC][PATCH] mount: In mark_umount_candidates and __propogate_umount visit each mount once

2016-10-13 Thread Andrei Vagin
6 | 0.604 | 0.040 > 8912 | 4.471 | 0.043 > 16384 | 34.826 | 0.082 > 32768 || 0.151 > 65536 || 0.289 > 131072 || 0.659 > > Andrei Vagin fixing this performance problem is part of the > work to fix CVE-2016-6213. > > Cc: sta...@vger.kernel.org

Re: [PATCH v2] mount: dont execute propagate_umount() many times for same mounts

2016-10-10 Thread Andrei Vagin
On Thu, Oct 06, 2016 at 11:45:48PM -0500, Eric W. Biederman wrote: > Andrei Vagin <ava...@virtuozzo.com> writes: > > > On Thu, Oct 06, 2016 at 02:46:30PM -0500, Eric W. Biederman wrote: > >> Andrei Vagin <ava...@openvz.org> writes: > >> > >> >

[PATCH] [v3] mount: dont execute propagate_umount() many times for same mounts

2016-10-10 Thread Andrei Vagin
() separately, because they enumerate mounts in oposite directions. Cc: Eric W Biederman <ebied...@xmission.com> Signed-off-by: Andrei Vagin <ava...@openvz.org> --- fs/mount.h | 2 ++ fs/namespace.c | 19 --- fs/pnod

Re: Documenting the ioctl interfaces to discover relationships between namespaces

2016-12-15 Thread Andrei Vagin
ork:). I have read this documentation and it looks good for me. I have nothing to add to Eric's comments. Thanks, Andrei > > On 6 September 2016 at 09:47, Andrei Vagin <ava...@openvz.org> wrote: > > From: Andrey Vagin <ava...@openvz.org> > > > > Each namespace

[PATCH] pid: fix lockdep deadlock warning due to ucount_lock

2017-01-04 Thread Andrei Vagin
lock(&(>siglock)->rlock); lock(&(>ctrl_lock)->rlock); lock(&(>siglock)->rlock); *** DEADLOCK *** This patch removes a dependency between rlock and ucount_lock. Cc: "Eric W. Biederman" <ebied...@xmission.com> Signed-off-b

Re: [PATCH 2/2] nsfs: Add an ioctl() to return creator UID of a userns

2016-12-20 Thread Andrei Vagin
On Mon, Dec 19, 2016 at 03:38:35PM +0100, Michael Kerrisk (man-pages) wrote: > # Some open questions about this patch below. > # > One of the rules regarding capabilities is: > > A process that resides in the parent of the user namespace and > whose effective user ID matches the owner of

Re: [PATCH v2 2/2] nsfs: Add an ioctl() to return owner UID of a userns

2016-12-24 Thread Andrei Vagin
ic Biederman. > * Make ioctl() return UID via buffer pointed to by argp. (Returning > the UID via the result value could lead to problems since a large > unsigned int UID might be misinterpreted as an error.) Thanks to > Andrei Vagin for pointing this out. > --- >

Re: linux-next: something wrong with 5-level paging

2017-03-24 Thread Andrei Vagin
On Fri, Mar 24, 2017 at 5:06 AM, Kirill A. Shutemov <kir...@shutemov.name> wrote: > On Tue, Mar 21, 2017 at 03:03:20PM -0700, Andrei Vagin wrote: >> Hi, >> >> I reproduced it locally. This kernel doesn't boot via kexec, but it >> can boot if we set it via the

Re: [PATCH RESEND 2/2] pidns: Expose task pid_ns_for_children to userspace

2017-03-30 Thread Andrei Vagin
On Thu, Mar 30, 2017 at 03:05:20PM -0700, Andrew Morton wrote: > On Thu, 30 Mar 2017 13:27:59 +0300 Kirill Tkhai wrote: > > > pid_ns_for_children set by a task is known only to the task itself, > > and it's impossible to identify it from outside. > > > > It's a big problem

Re: linux-next: x86: Unalbe to run x32 processes on the x86_64 kernel

2017-03-20 Thread Andrei Vagin
: [45fc8757d1d2128e342b4e7ef39adedf7752faac] x86: Make the GDT remapping read-only on 64-bit git bisect bad 45fc8757d1d2128e342b4e7ef39adedf7752faac # first bad commit: [45fc8757d1d2128e342b4e7ef39adedf7752faac] x86: Make the GDT remapping read-only on 64-bit On Mon, Mar 20, 2017 at 4:57 PM, Andrei

linux-next: x86: Unalbe to run x32 processes on the x86_64 kernel

2017-03-20 Thread Andrei Vagin
Hello, We run CRIU tests on linux-next. And today we found that when we start x32 processes, a kernel bug is triggered: [root@fc24 ~]# uname -a Linux fc24 4.11.0-rc2-next-20170320 #159 SMP Mon Mar 20 16:53:58 PDT 2017 x86_64 x86_64 x86_64 GNU/Linux [root@fc24 ~]# cat t.c int main() { return 0; }

linux-next: tty: BUG: spinlock bad magic on CPU#0, init/1

2017-03-15 Thread Andrei Vagin
Hello, We run CRIU tests for linux-next and here is a new bug in the kernel log [2.431229] Freeing unused kernel memory: 1356K [2.436371] Freeing unused kernel memory: 168K [2.522236] BUG: spinlock bad magic on CPU#0, init/1 [2.527487] lock: 0x94915477fd88, .magic: ,

linux-next: something wrong with 5-level paging

2017-03-21 Thread Andrei Vagin
Hi Kirill, We use travis-ci to test linux-next. We don't have access to virtual machines or serial console logs there. And we found that linux-next-20170320 doesn't boot. It's all information what we have now. Here are out logs: https://travis-ci.org/avagin/criu/jobs/213276252

Re: linux-next: something wrong with 5-level paging

2017-03-21 Thread Andrei Vagin
2290c1 ]--- On Tue, Mar 21, 2017 at 1:48 PM, Andrei Vagin <ava...@gmail.com> wrote: > Hi Kirill, > > We use travis-ci to test linux-next. We don't have access to virtual > machines or serial console logs there. And we found that > linux-next-20170320 doesn't boot. It's all information w

Re: [patch 1/3] procfs: fdinfo -- Extend information about epoll target files

2017-03-16 Thread Andrei Vagin
On Fri, Mar 10, 2017 at 11:16:56AM +0300, Cyrill Gorcunov wrote: > Since it is possbile to have same number in tfd field (say > file added, closed, then nother file dup'ed to same number > and added back) it is imposible to distinguish such target > files solely by their numbers. > > Strictly

Re: linux-next: tty: BUG: spinlock bad magic on CPU#0, init/1

2017-04-01 Thread Andrei Vagin
On Fri, Mar 31, 2017 at 03:19:48PM +0200, Greg Kroah-Hartman wrote: > On Wed, Mar 15, 2017 at 10:57:14PM -0700, Andrei Vagin wrote: > > Hello, > > > > We run CRIU tests for linux-next and here is a new bug in the kernel log > > > > [2.431229] Fr

Re: cgroup: avoid attaching a cgroup root to two different superblocks

2017-04-14 Thread Andrei Vagin
On Fri, Apr 14, 2017 at 04:27:37PM -0700, Andrei Vagin wrote: > Hello, > > One of our CRIU tests hangs with this patch. > > Steps to reproduce: > curl -o cgroupns.c > https://gist.githubusercontent.com/avagin/f87c8a8bd2a0de9afcc74976327786bc/raw/5843701ef3679f50dd2

Re: cgroup: avoid attaching a cgroup root to two different superblocks

2017-04-14 Thread Andrei Vagin
Hello, One of our CRIU tests hangs with this patch. Steps to reproduce: curl -o cgroupns.c https://gist.githubusercontent.com/avagin/f87c8a8bd2a0de9afcc74976327786bc/raw/5843701ef3679f50dd2427cf57a80871082eb28c/gistfile1.txt gcc cgroupns.c -o cgroupns ./cgroupns ./cgroupns [root@fc24 ~]#

Re: irq/affinity: Fix extra vecs calculation

2017-04-19 Thread Andrei Vagin
Hi, Something is wrong with this patch. We run CRIU tests for upstream kernels. And we found that a kernel with this patch can't be booted. https://travis-ci.org/avagin/linux/builds/223557750 We don't have access to console logs and I can't reproduce this issue on my nodes. I tired to revert

Re: irq/affinity: Fix extra vecs calculation

2017-04-19 Thread Andrei Vagin
On Wed, Apr 19, 2017 at 01:03:59PM -0400, Keith Busch wrote: > On Wed, Apr 19, 2017 at 09:20:27AM -0700, Andrei Vagin wrote: > > Hi, > > > > Something is wrong with this patch. We run CRIU tests for upstream kernels. > > And we found that a kernel with this patch can'

Re: irq/affinity: Fix extra vecs calculation

2017-04-19 Thread Andrei Vagin
On Wed, Apr 19, 2017 at 01:03:59PM -0400, Keith Busch wrote: > On Wed, Apr 19, 2017 at 09:20:27AM -0700, Andrei Vagin wrote: > > Hi, > > > > Something is wrong with this patch. We run CRIU tests for upstream kernels. > > And we found that a kernel with this patch can'

Re: cgroup: avoid attaching a cgroup root to two different superblocks

2017-04-17 Thread Andrei Vagin
On Mon, Apr 17, 2017 at 06:41:38PM +0800, Zefan Li wrote: > On 2017/4/15 7:32, Andrei Vagin wrote: > > On Fri, Apr 14, 2017 at 04:27:37PM -0700, Andrei Vagin wrote: > >> Hello, > >> > >> One of our CRIU tests hangs with this patch. > >> > >> S

Re: irq/affinity: Fix extra vecs calculation

2017-04-19 Thread Andrei Vagin
On Wed, Apr 19, 2017 at 05:53:09PM -0400, Keith Busch wrote: > On Wed, Apr 19, 2017 at 12:53:44PM -0700, Andrei Vagin wrote: > > On Wed, Apr 19, 2017 at 01:03:59PM -0400, Keith Busch wrote: > > > If it's a divide by 0 as your last link indicates, that must mean there > &

Re: [tip:irq/urgent] genirq/affinity: Fix calculating vectors to assign

2017-04-21 Thread Andrei Vagin
; > Fixes: 3412386b531 ("irq/affinity: Fix extra vecs calculation") > Reported-by: Andrei Vagin <ava...@virtuozzo.com> > Signed-off-by: Keith Busch <keith.bu...@intel.com> > Link: > http://lkml.kernel.org/r/1492645870-13019-1-git-send-email-keith.bu...@intel.com > Sig

linux-next: WARNING: CPU: 1 PID: 24110 at fs/dcache.c:1445 umount_check+0x81/0x90

2017-03-10 Thread Andrei Vagin
Hello, We run CRIU tests on linux-next periodically and here is a new bug: [ 430.017231] BUG: Dentry 8e4ab9a7b6c0{i=41b2e,n=default} still in use (1) [unmount of proc proc] [ 430.027843] [ cut here ] [ 430.027854] WARNING: CPU: 1 PID: 24110 at fs/dcache.c:1445

Re: linux-next: WARNING: CPU: 1 PID: 24110 at fs/dcache.c:1445 umount_check+0x81/0x90

2017-03-10 Thread Andrei Vagin
trace a371a2301e08cbc1 ]--- zdtm_ct is a small program to create a container: https://github.com/xemul/criu/blob/master/test/zdtm_ct.c On Fri, Mar 10, 2017 at 11:28 AM, Andrei Vagin <ava...@gmail.com> wrote: > Hello, > > We run CRIU tests on linux-next periodically and he

Re: [patch 2/3] kcmp: Add KCMP_EPOLL_TFD mode to compare epoll target files

2017-03-13 Thread Andrei Vagin
ke (by avagin@) > - Use u32 for kcmp_epoll_slot::toff instead of u64, which makes the less >memory pressue > Here is one question inline. Acked-by: Andrei Vagin <ava...@virtuozzo.com> > Signed-off-by: Cyrill Gorcunov <gorcu...@openvz.org> > CC: Al Viro

[PATCH] [RFC] vm: add a syscall to map a process memory into a pipe

2017-08-10 Thread Andrei Vagin
rtuozzo.com> Cc: Michael Kerrisk <mtk.manpa...@gmail.com> Cc: Thomas Gleixner <t...@linutronix.de> Cc: Andrew Morton <a...@linux-foundation.org> Signed-off-by: Andrei Vagin <ava...@openvz.org> --- fs/splice.c | 219 +

Re: [PATCH] [RFC] vm: add a syscall to map a process memory into a pipe

2017-08-12 Thread Andrei Vagin
On Thu, Aug 10, 2017 at 09:42:44PM +0200, Jann Horn wrote: > On Thu, Aug 10, 2017 at 8:46 PM, Andrei Vagin <ava...@openvz.org> wrote: > > It is a hybrid of process_vm_readv() and vmsplice(). > > > > vmsplice can map memory from a current address space into a pipe. &g

Re: [CRIU] BUG: Dentry ffff9f795a08fe60{i=af565f, n=lo} still in use (1) [unmount of proc proc]

2017-07-07 Thread Andrei Vagin
On Thu, Jul 06, 2017 at 08:41:00AM -0500, Eric W. Biederman wrote: > Andrei Vagin <ava...@gmail.com> writes: > > > I did a few experiments and found that the bug is reproduced for 6-12 > > hours on the our test server. Then I reverted two patches and the server > >

lockdep reports possible recursive locking for sb_writers from do_iter_write and do_sendfile

2017-07-07 Thread Andrei Vagin
Hello, We run CRIU tests for Linus' tree and today we found this warning: [ 27.131931] [ 27.132008] WARNING: possible recursive locking detected [ 27.132085] 4.12.0+ #1 Not tainted [ 27.132158] [

Re: [PATCH 8/8] signal: Remove kernel interal si_code magic

2017-07-12 Thread Andrei Vagin
On Fri, Jun 30, 2017 at 07:39:06AM -0500, Eric W. Biederman wrote: > struct siginfo is a union and the kernel since 2.4 has been hiding a union > tag in the high 16bits of si_code using the values: > __SI_KILL > __SI_TIMER > __SI_POLL > __SI_FAULT > __SI_CHLD > __SI_RT > __SI_MESGQ > __SI_SYS > >

Re: BUG: Dentry ffff9f795a08fe60{i=af565f,n=lo} still in use (1) [unmount of proc proc]

2017-06-29 Thread Andrei Vagin
On Thu, Jun 29, 2017 at 12:06 PM, Eric W. Biederman <ebied...@xmission.com> wrote: > Andrei Vagin <ava...@gmail.com> writes: > >> Hello, >> >> We run CRIU tests on linus' tree and today we found this issue. >> >> CRIU tests are the set of small prog

Re: [CRIU] BUG: Dentry ffff9f795a08fe60{i=af565f, n=lo} still in use (1) [unmount of proc proc]

2017-06-30 Thread Andrei Vagin
On Thu, Jun 29, 2017 at 08:42:23PM -0500, Eric W. Biederman wrote: > Andrei Vagin <ava...@gmail.com> writes: > > > On Thu, Jun 29, 2017 at 12:06 PM, Eric W. Biederman > > <ebied...@xmission.com> wrote: > >> Andrei Vagin <ava...@gmail.com> writes: &g

Re: [CRIU] BUG: Dentry ffff9f795a08fe60{i=af565f, n=lo} still in use (1) [unmount of proc proc]

2017-07-03 Thread Andrei Vagin
On Fri, Jun 30, 2017 at 12:11:07PM -0700, Andrei Vagin wrote: > On Thu, Jun 29, 2017 at 08:42:23PM -0500, Eric W. Biederman wrote: > > Andrei Vagin <ava...@gmail.com> writes: > > > > > On Thu, Jun 29, 2017 at 12:06 PM, Eric W. Biederman > > > <ebied..

Re: linux-next: BUG: Bad page state in process ip6tables-save pfn:1499f4

2017-06-27 Thread Andrei Vagin
On Tue, Jun 27, 2017 at 9:53 AM, Punit Agrawal <punit.agra...@arm.com> wrote: > "Kirill A. Shutemov" <kirill.shute...@linux.intel.com> writes: > >> On Tue, Jun 27, 2017 at 09:18:15AM +0200, Vlastimil Babka wrote: >>> On 06/24/2017 05:08 PM, Andrei Vagin

Re: [PATCH] ptrace: Add compat PTRACE_{G,S}ETSIGMASK handlers

2017-07-05 Thread Andrei Vagin
> > If ptrace_request()s code is used userspace will read the most > significant u32 where it expected the least significant. > > Instead of duplicating ptrace_request()s code as a special case in > the arch code, handle it here. > Acked-by: Andrei Vagin <ava...@openvz.o

Re: [PATCH] selftests/nsfs: create kconfig fragments

2017-07-05 Thread Andrei Vagin
e_config.sh. > Acked-by: Andrei Vagin <ava...@virtuozzo.com> Thank you. > Signed-off-by: Naresh Kamboju <naresh.kamb...@linaro.org> > --- > tools/testing/selftests/nsfs/config | 3 +++ > 1 file changed, 3 insertions(+) > create mode 100644 tools/testing/selftests/ns

[PATCH] mnt: allow to add a mount into an existing group

2017-04-27 Thread Andrei Vagin
s to restore a mount namespace in a direct manner, without any super complex logic. Cc: Eric W. Biederman <ebied...@xmission.com> Cc: Alexander Viro <v...@zeniv.linux.org.uk> Signed-off-by: Andrei Vagin <ava...@openvz.org> --- fs/namespace.c | 66 ++

Re: [patch v4 resend 2/2] kcmp: Add KCMP_EPOLL_TFD mode to compare epoll target files

2017-05-12 Thread Andrei Vagin
On Sat, May 13, 2017 at 01:53:40AM +0300, Cyrill Gorcunov wrote: > On Sat, May 13, 2017 at 12:41:30AM +0200, Jann Horn wrote: > > [resending as plaintext] > > > > I realize that the existing kcmp code has the same issue, but: > > > > Why are you not taking a reference to filp or filp_tgt? This

[PATCH RFC] mnt: umount mounts one by one in umount_tree()

2017-05-12 Thread Andrei Vagin
eturn mount(argv[2], argv[3], NULL, MS_BIND, NULL); } $ cat umount.c #include int main(int argc, char **argv) { return umount2(argv[2], MNT_DETACH); } Here is a previous attempt to optimize this code: https://lkml.org/lkml/2016/10/10/495 Signed-off-by: Andrei V

Re: [PATCH] fs: add an ioctl to get an owning userns for a superblock

2017-05-10 Thread Andrei Vagin
On Tue, May 09, 2017 at 07:34:00PM -0500, Eric W. Biederman wrote: > Andrei Vagin <ava...@openvz.org> writes: > > > The introduced ioctl returns a file descriptor that refers to a owning > > user namespace for a superblock which is associated with a target file >

Re: [PATCH] mnt: allow to add a mount into an existing group

2017-05-10 Thread Andrei Vagin
On Tue, May 09, 2017 at 07:42:00PM -0500, Eric W. Biederman wrote: > Andrey Vagin <ava...@openvz.org> writes: > > > On Tue, Jan 24, 2017 at 02:03:23PM +1300, Eric W. Biederman wrote: > >> Andrei Vagin <ava...@openvz.org> writes: > >> > >> >

Re: [patch v4 resend 1/2] procfs: fdinfo -- Extend information about epoll target files

2017-05-09 Thread Andrei Vagin
re > this target lays. This three fields can be used as a primary > key for sorting, and together with kcmp help CRIU can find > out an exact file target (from the whole set of processes > being checkpointed). > > Signed-off-by: Cyrill Gorcunov <gorcu...@openvz.org> Acked-

[PATCH] test: check a case when a mount is propagated between exiting mounts

2017-05-15 Thread Andrei Vagin
;sh...@kernel.org> Signed-off-by: Andrei Vagin <ava...@openvz.org> --- tools/testing/selftests/mount/Makefile | 19 +++-- tools/testing/selftests/mount/test-reparent-mounts | 92 ++ 2 files changed, 105 insertions(+), 6 deletions(-) create mode 100755 t

[PATCH] fs: add an ioctl to get an owning userns for a superblock

2017-05-09 Thread Andrei Vagin
to understand a running system. Cc: Alexander Viro <v...@zeniv.linux.org.uk> Cc: Eric W. Biederman <ebied...@xmission.com> Signed-off-by: Andrei Vagin <ava...@openvz.org> --- fs/ioctl.c | 23 +++ include/uapi/linux/fs.h | 2 ++ 2 files changed, 25 i

  1   2   3   >