From patchwork Fri Apr 28 11:58:44 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kirill Tkhai X-Patchwork-Id: 9704521 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 00E1E602B7 for ; Fri, 28 Apr 2017 11:59:03 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E4F5A28675 for ; Fri, 28 Apr 2017 11:59:02 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id D958228681; Fri, 28 Apr 2017 11:59:02 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CAD6728675 for ; Fri, 28 Apr 2017 11:59:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1165216AbdD1L66 (ORCPT ); Fri, 28 Apr 2017 07:58:58 -0400 Received: from mail-db5eur01on0110.outbound.protection.outlook.com ([104.47.2.110]:11904 "EHLO EUR01-DB5-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S969161AbdD1L6v (ORCPT ); Fri, 28 Apr 2017 07:58:51 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=virtuozzo.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=FOdnDBO95FC9FkfsIi3RNO3+wpnPspFaekO05zcshPo=; b=Gv5R26/bM48krJ1ZJ1fNal+tiRVQAWrOYXu6o4gmnq2fFUPMjcSUQP2lliNc8IAXy58W3NKDKZv+D8HSH/8BFfNCW9CODbNmKufp6/VUss63pGWvUxr2gNO1naEAW54k8b05dMOty/+o2eQ//mtrGFL0YkUeb0Lrs5jmk5kuygU= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none; redhat.com; dmarc=none action=none header.from=virtuozzo.com; Received: from localhost.localdomain (195.214.232.6) by VI1PR0802MB2286.eurprd08.prod.outlook.com (10.172.13.141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1061.12; Fri, 28 Apr 2017 11:58:46 +0000 Subject: [PATCH v4] pid_ns: Introduce ioctl to set vector of ns_last_pid's on ns hierarhy From: Kirill Tkhai To: , , , , , , , , , , , , , , , , , Date: Fri, 28 Apr 2017 14:58:44 +0300 Message-ID: <149338066474.18594.2768059055849440055.stgit@localhost.localdomain> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Originating-IP: [195.214.232.6] X-ClientProxiedBy: VI1P194CA0002.EURP194.PROD.OUTLOOK.COM (10.175.178.12) To VI1PR0802MB2286.eurprd08.prod.outlook.com (10.172.13.141) X-MS-Office365-Filtering-Correlation-Id: fc58aa50-7ac1-4d87-3320-08d48e2ded69 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(201703131423075)(201703031133081); SRVR:VI1PR0802MB2286; X-Microsoft-Exchange-Diagnostics: 1; VI1PR0802MB2286; 3:p1FOfSS4fmHKzj2HJjgJCZMhK8vzvRSG0/6eA5WabatuHsCzcGOcRRr7h3LWDsf4bAbuRwgcasmG8dIrxuBv52rGMgwUAAGYjqHaJO6ugJS4rmpglNhl3rI1s4yOWB9X4jbzWidNljvDqCCtUYiZH5DENTyNYEtOjEtG19SaqvahMWASdwvmixxEmG5ujbMEoLd4ZvcGloFcnbMfjJO39aYMDMl2ysdc/qzv32t0bbKbr+3UtUYhAT7UDplI3oMLxlNnPvKkFbykGjg9eR74ikR58VNaR02sXB71DOsGLSIMtgqc1+wv7SQp1eS4qjc7TLbKMizmEJ4NtUpDtsR+fg==; 25:vLF5zzzt9roAjHbDe0SPr8fXazdmIYPvGf4mB0zJGFfQwzhAvGww5wRiY7T1tx2f0PXQTyiJxOoghE1fWfIbzLlJIQaTbtKe0RpLC7zVa8qQd71Gt51PT9sx+RwVPMJb4M4NJ7DrLjMBgtlV5tr1wa8V1Zbg88s7Dx05sIr0+NgCnH5goFvf+6quMoI/smpD3qt/thGrcPpEJOTXY7vPnbgY39jQKt5wDvg1nH/rVMOdleAKXicar1Zq28VXtDn7bsuDJSbWmg43SY9DRapZPM7z7JiwVbrTukOQRFv2Fz8cdRNm5D4eYDCKaxqeIv4+xaxFO2h8VQtvdr9JUC+eNcMoF/5jNYPA5Ll731YTiK8LmMSgyW5oc0hqWjQ0oxk2mF0HsCezwwinWOFP5Cn8s/N1cuIdXuj46eRnANYoYUk/jrRDk1vGs0ZK3UmZnzmjhDlr2ILG6e1LxEMiH3+lfg== X-Microsoft-Exchange-Diagnostics: 1; VI1PR0802MB2286; 31:PmnL5uqLeraP+H2aQazvdFp8sWJvZDba1NhSB9RkwqMnhCSxNgTl0H3V/E4kpEy1ZhUelFTg/rLmw0zimLLaHTYDW+XPfSZ+aNWJYUhSKQiy2sBbaEz1Xsh68zWoAtO05dyPvFVX8V15vDoL5yibmdjGltL3XS4t7aPJjio47Ded1ru/qyKrdz1tyNnbY8+ahb27u6MMysNHbK8DHe6RlMWyyaHt97/YUC5uhze4ufY=; 20:N0PrKxJZd36ln6bVJKle6VgxRG8TvytKtlwkFTpIjCOONsLgbLZ5uUpY0c0bF9ZUNs19+MYi1Cjw75uvOshpQwXU2/hJqUC+3LFa48ceBM/JxpTfNruN8wfgal4I+3p4f3DtsqNQVGPbOeOh0pW+ujbBHKI8hjLpspIz+Rbd2mwHv69bnv6sXy7vkWRxX3U6sMa2rrl9i9J6mo7OIPHP9P+EYkHvpGXJU4tj0KpBSTIrFcRBSGAUoIDFlkVeYrLhg/6R58t45RBmBZveIzb1/mgIx3E7+nwuy9Cq3gnY5G0rTGrkq1jHr1+tSNon3mdzoQeRqTq/Ry3kqFxV9ece4AxAs9Eg/VO3Tlvjmtr29P4gFavnu6VijDJKImYCKElhT1bEnd5Qu4sh3ib5LtRs6DcGJyUMGJ0P3d/fVBrbx5w= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(5005006)(8121501046)(93006095)(93001095)(3002001)(10201501046)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123564025)(20161123558100)(20161123555025)(20161123562025)(6072148); SRVR:VI1PR0802MB2286; BCL:0; PCL:0; RULEID:; SRVR:VI1PR0802MB2286; X-Microsoft-Exchange-Diagnostics: 1; VI1PR0802MB2286; 4:67ZcxamvwRWo7jNhnyqsHyN2OttokMocJ+ux8zZql6HUI+2aGMKYkAaWQrYQm4/PnA93+hYD2PcKojoNSoeH0U+wxTc3klRIAE6mKkOpeNF65mdfWQ4W95BTS0ZGdElP7C5huZr64yaxBaRB4KL6NPA1T6oAjk7j4d0YcwP58oaN5tt2NboVwZWxT63/RuUJccTcRJUYLNtHolImz5dynoTEzMKQAlM3rFIOFybhmHWNnBNb8tweNnZpJIiV59/x3Yedw/+n/sCy+HYnhm4T/p5XiRnBN+E5RppfZ7Yvegny98qcpl9m5W4Ku3RNugCIfTBep5HJC7dZPiIyLRXaJJAxxLxw1ZYpL5mC1RD5f/8Qf0Z6fRJrph506Kii8XjN9eDZmhykHRtXIvFXQsSzKxaWM/ZYQwr57tq5ASh1EhInHRXt3X5MzSzEt7UuTUBNhmvIidGV7u2xBrzpvIqKvRR80TkF6nuhQrQkeWw3dtsKJwW1y79kQGK/COJGW3Z8SoyVgjwts6l/oktusYPUEnuPj+RDZtemgZTOdDzreXM4KgYHOhaeX7lV1Evo3S8o9Mpu/Q5E0mIy6fAtK6q2Jvp352LABPzMrdN5zX3nLntHm3vPx3cAHph8wcwdVTxM/iZ8PXoYl7a6m8D0jX+ssUPykejA55tEAHFN/yqcTi8Fh+Crgz367FQUoIh0ANTYjKfp64z5psWpgfaNheG0XLacO7A/PaCKgwLCFD8+0ttXAz/GjSUkS2DcMkJkSyThVHmzfmVYz0wKudcQj/ObxtAtMAnfefes9o5yGZrvHLE= X-Forefront-PRVS: 029174C036 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(4630300001)(6009001)(39410400002)(39400400002)(39450400003)(39840400002)(575784001)(2906002)(86362001)(230700001)(47776003)(103116003)(50986999)(33646002)(305945005)(6116002)(66066001)(61506002)(4001350100001)(54356999)(25786009)(42186005)(7736002)(50466002)(189998001)(3846002)(83506001)(6506006)(5660300001)(8676002)(81166006)(23676002)(38730400002)(9686003)(7416002)(53936002)(55016002)(921003)(1121003); DIR:OUT; SFP:1102; SCL:1; SRVR:VI1PR0802MB2286; H:localhost.localdomain; FPR:; SPF:None; MLV:sfv; LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtWSTFQUjA4MDJNQjIyODY7MjM6bVRFMlFUbnhsUWxVRXgzM2xOQ2M0Mmd1?= =?utf-8?B?bDVYWVpnNXl4dnFQbXVjajB6SlVTMkQ1VXVKZUhHV3ZLRFVTeFFpQ2FFUWlO?= =?utf-8?B?UW1PVDBWdUs2RXZvSHhJbFUvV3I2Q0hKaVdtOEZmL0xtOTVPNXVWNzJVbnZR?= =?utf-8?B?VDlhU3pKZTJBZmNJSkhyMnV1RnkzQjFFRVBPK0p4UkJHODNrVys5RndHbGdn?= =?utf-8?B?NFgzc0c0aGErZkRneVh6R0xScTNseGF0aG1NcFZwblNlOWhhY2d3QWErWWdy?= =?utf-8?B?MENGaGtpR3RDQWdvcUM3L2I2YW1zNDd4Z3hKMlI3RmlScW1WMlhPeGxud0o5?= =?utf-8?B?c1V1MmlWNUlWaUVlRnhTb0xqaDF4RnFESldEM25yQVRCWUo3S0Uwa21RM29r?= =?utf-8?B?aHQxZDgvQ1ZJSTZyMnViMUdWSVErM3IzalFzV2ROK3Q3Y1dlcjZrQ3FCRFpZ?= =?utf-8?B?K3RDc0xLQ0ROb3V1WEd1SytQdVlPbVh4VHRRbVBiTFB1a3hkdkdtVG5wTHEz?= =?utf-8?B?dE9IZnBQQzl5aEFuRnY3NmxYNit3eDU3QzIwOVZKeHBNT29TNTZoelBxajBX?= =?utf-8?B?Vk1PZTNtbkJqbDlmdk5EaVMySkNBRXV3U0x3Z1Z3WUsrOFpvZDk3clBnNzVD?= =?utf-8?B?SHplOWNpMzUvWUZ6ZFNGK1lxTjV2V2RBNDFxMXh5cHBHSjBBRTFyd3ZNQWpz?= =?utf-8?B?dWIwUTRUNGNkQktyVjc2Z0ZHcENkTnhXbTF6T3NFdW4rS0Z0ZDVrMXlJMjg3?= =?utf-8?B?b3NRUlpJVjVyd3JXUXF6Qyt6YVFSUmd3QlloN2FjQ2dLT0Zhc2x1MkV4UzRt?= =?utf-8?B?dmx0RGcza0xMV0JuY3BYalF0K0RLejB6YnJlalNiOXlhY0VFWFU2RmlFRGlQ?= =?utf-8?B?NjZCTWROdG10aDNxeFRINWh5VFBzVHlaVlc1UkNaREMrZ0NXeUExYzY2TFpI?= =?utf-8?B?NEc3YjdDY1VUQmhDR0x0VEc5L1pDblZBRW5NTVFCcTY1bmlZNmFGVEU1eHV5?= =?utf-8?B?MGlSckMrZmRuUnlONXdjRWx0eVg2TEpCOUJxajZlY3RsRUV5cjQ2T2s4dVFx?= =?utf-8?B?bEw5TWI1UTRLODRIYXlXU3FaeW90ZEg5RHZnM1ZkTVJZa0ZIdVJqUGRkZElp?= =?utf-8?B?V3pydmhXQkloZGJQWkkwTXRkTUZRTk5MeXVpKy9BQWk5N2dPOFIvUUtQOEJL?= =?utf-8?B?RzJkY3lGVW9RWTVRZ2NuWVlrSER6Z2l3Y3lDMDVWMWorcHdTRzdxV1BFTzFY?= =?utf-8?B?YXNzRDlmWTJ4VnhVRm0vc0hlUk5uakhNU0U3VkxCa1V5NVVpcmkwWjQ2ZDdO?= =?utf-8?Q?CzdbehyfYd6uIBA+lUmD0H/zRpigSsMmJA=3D?= X-Microsoft-Exchange-Diagnostics: 1; VI1PR0802MB2286; 6:iEq7IywmhnVd36XXQX6uPP5GxUqaLp2dNACm/jtrhzZO3sXrHIwxVRVp/KCxV39qyxHTa92iaWsEshYjtQufjw59y1eYGWf5qRxJMAdxDGrWjqudZCx5zlVrbwHDjfIu4utJH1z5WienYfiax+8wENwXZQdT2XyoYfC5hEufdlZHkRSvSAzQLVYUD+m1lP3mlrhuEoju8Ybr1gZm+/y6rGJTjUvIsyVKuFI/73Tep/pw/TabH516jLAqO/W926Xq4/eXUYAX90Lpb3cmz0VvGZq6By2i1RFp6JQLlHFTN3SYYl0yf2ns++Qn3cJQc8Frotmy3Qmz8LPIpFApN5ufs59ZU8Majdjk3S7l8rp1HsFdVrmFAMLRtOz2S1PyzYhYmqTrAjmy0mayAXYwtCgQ97AjeiPG42Lff/QLn1ekoYDcGW+X1u8PhVd0esryFGU1so23efG2F2jo84EbAz1HC/KwZx8b+prVXntYkGDwoWRshhjlXaCZjo8x1bgfMlEpfdsxBpCNN/l4kBrULmPdfw==; 5:M+FHpiwjqzsellMwqEUoj44J1wVJLXSrM59mMkIY2qf63sAs7Ah0FHZIxauscaadA9OataxIAAgxiNrL9yQosImZBX2IOQsZN7fMC20Sp3AoCFLxZoHIPwwTOb/5SqDrz/xiFdPfXElBP43vd5GEEg==; 24:+wHWOAUMg0/l3r83EnnJU2HCUCcfU524+SP3pFSHnZVttMciDjE9To5GJIvCduxNtmNU5KMDPC8I0fH73RPUISCz1HrCb+6S+BlBroAzO00= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; VI1PR0802MB2286; 7:YfImWNp7XShRxOHB+8rKUk0D3ewcI+mQ3vjinovkSDTBwGFgA+cEsZx1D3502ysacw32KqddAR8lcSde11TNQGt/M58m6dY62e8GCZ+fLgsCnqHV8c0KGFEYRi12TvE8nk5vmGqN+9JMGTdDIW5g023vrAut2+lQVPdAJHgwaXzN1v/K4sqOKFF/uKxSsh4+y9JbqBgMvujCRJhffrrtU20PKENWDrtF8YpIrqLd0IaaLB3g1jZq/TP7oCtfnMP9zbVqUoxqrSqT7FvWcFf5zj3pnGIzfPQaXHRnuuwLua5dhQfFbRJjhTFHfrhvjXskGwr11NJxeqBSd2AzGEEDyQ== X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Apr 2017 11:58:46.1759 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0802MB2286 Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP On implementing of nested pid namespaces support in CRIU (checkpoint-restore in userspace tool) we run into the situation, that it's impossible to create a task with specific NSpid effectively. After commit 49f4d8b93ccf "pidns: Capture the user namespace and filter ns_last_pid" it is impossible to set ns_last_pid on any pid namespace, except task's active pid_ns (before the commit it was possible to write to pid_ns_for_children). Thus, if a restored task in a container has more than one pid_ns levels, the restorer code must have a task helper for every pid namespace of the task's pid_ns hierarhy. This is a big problem, because of communication with a helper for every pid_ns in the hierarchy is not cheap. It's not performance-good as it implies many helpers wakeups to create a single task (independently, how you communicate with the helpers). This patch tries to decide the problem. It introduces a new pid_ns ioctl(NS_SET_LAST_PID_VEC), which allows to write a vector of last pids on pid_ns hierarchy. The vector is passed as array of pids in struct ns_ioc_pid_vec, written in reverse order. The first number corresponds to the opened namespace ns_last_pid, the second is to its parent, etc. So, if you have the pid namespaces hierarchy like: pid_ns1 (grand father) | v pid_ns2 (father) | v pid_ns3 (child) and the pid_ns3 is open, then the corresponding vector will be {last_ns_pid3, last_ns_pid2, last_ns_pid1}. This vector may be short and it may contain less levels. For example, {last_ns_pid3, last_ns_pid2} or even {last_ns_pid3}, in dependence of which levels you want to populate. v4: Declare struct ns_ioc_pid_vec directly instead of include uapi file. Make the interface independent of CONFIG_CHECKPOINT_RESTORE. Include linux/types.h in nsfs.h for pid_t. Get all vectors at once. Make checks atomical. v3: Use __u32 in uapi instead of unsigned int. v2: Kill pid_ns->child_reaper check as it's impossible to have such a pid namespace file open. Use generic namespaces ioctl() number. Pass pids as array, not as a string. Signed-off-by: Kirill Tkhai --- fs/nsfs.c | 5 +++++ include/linux/pid_namespace.h | 9 ++++++++- include/uapi/linux/nsfs.h | 8 ++++++++ kernel/pid_namespace.c | 36 ++++++++++++++++++++++++++++++++++++ 4 files changed, 57 insertions(+), 1 deletion(-) diff --git a/fs/nsfs.c b/fs/nsfs.c index 323f492e0822..f669a1552003 100644 --- a/fs/nsfs.c +++ b/fs/nsfs.c @@ -6,6 +6,7 @@ #include #include #include +#include #include #include @@ -186,6 +187,10 @@ static long ns_ioctl(struct file *filp, unsigned int ioctl, argp = (uid_t __user *) arg; uid = from_kuid_munged(current_user_ns(), user_ns->owner); return put_user(uid, argp); + case NS_SET_LAST_PID_VEC: + if (ns->ops->type != CLONE_NEWPID) + return -EINVAL; + return pidns_set_last_pid_vec(ns, (void *)arg); default: return -ENOTTY; } diff --git a/include/linux/pid_namespace.h b/include/linux/pid_namespace.h index c2a989dee876..661fad08bf8c 100644 --- a/include/linux/pid_namespace.h +++ b/include/linux/pid_namespace.h @@ -54,6 +54,7 @@ struct pid_namespace { struct ns_common ns; }; +struct ns_ioc_pid_vec; extern struct pid_namespace init_pid_ns; #define PIDNS_HASH_ADDING (1U << 31) @@ -71,7 +72,8 @@ extern struct pid_namespace *copy_pid_ns(unsigned long flags, extern void zap_pid_ns_processes(struct pid_namespace *pid_ns); extern int reboot_pid_ns(struct pid_namespace *pid_ns, int cmd); extern void put_pid_ns(struct pid_namespace *ns); - +extern long pidns_set_last_pid_vec(struct ns_common *ns, + struct ns_ioc_pid_vec __user *vec); #else /* !CONFIG_PID_NS */ #include @@ -101,6 +103,11 @@ static inline int reboot_pid_ns(struct pid_namespace *pid_ns, int cmd) { return 0; } +static inline long pidns_set_last_pid_vec(struct ns_common *ns, + struct ns_ioc_pid_vec __user *vec) +{ + return -ENOTTY; +} #endif /* CONFIG_PID_NS */ extern struct pid_namespace *task_active_pid_ns(struct task_struct *tsk); diff --git a/include/uapi/linux/nsfs.h b/include/uapi/linux/nsfs.h index 1a3ca79f466b..9d320276eafe 100644 --- a/include/uapi/linux/nsfs.h +++ b/include/uapi/linux/nsfs.h @@ -2,6 +2,7 @@ #define __LINUX_NSFS_H #include +#include #define NSIO 0xb7 @@ -14,5 +15,12 @@ #define NS_GET_NSTYPE _IO(NSIO, 0x3) /* Get owner UID (in the caller's user namespace) for a user namespace */ #define NS_GET_OWNER_UID _IO(NSIO, 0x4) +/* Set a vector of ns_last_pid for a pid namespace stack */ +#define NS_SET_LAST_PID_VEC _IO(NSIO, 0x5) + +struct ns_ioc_pid_vec { + __u32 nr; + pid_t pid[0]; +}; #endif /* __LINUX_NSFS_H */ diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c index de461aa0bf9a..f2aaed6ce0ac 100644 --- a/kernel/pid_namespace.c +++ b/kernel/pid_namespace.c @@ -21,6 +21,7 @@ #include #include #include +#include struct pid_cache { int nr_ids; @@ -428,6 +429,41 @@ static struct ns_common *pidns_get_parent(struct ns_common *ns) return &get_pid_ns(pid_ns)->ns; } +long pidns_set_last_pid_vec(struct ns_common *ns, + struct ns_ioc_pid_vec __user *vec) +{ + struct pid_namespace *pid_ns = to_pid_ns(ns), *top; + pid_t pid[MAX_PID_NS_LEVEL]; + u32 i, nr; + + BUILD_BUG_ON(sizeof(pid_t) * MAX_PID_NS_LEVEL > 128); + if (get_user(nr, &vec->nr)) + return -EFAULT; + if (nr > MAX_PID_NS_LEVEL || nr < 1) + return -EINVAL; + if (copy_from_user(pid, &vec->pid[0], nr * sizeof(pid_t)) != 0) + return -EFAULT; + + top = pid_ns; + for (i = 0; i < nr-1; i++) { + top = top->parent; + if (!top || pid[i] < 0 || pid[i] > pid_max) + return -EINVAL; + } + if (!ns_capable(top->user_ns, CAP_SYS_ADMIN)) + return -EPERM; + if (pid[nr-1] < 0 || pid[nr-1] > pid_max) + return -EINVAL; + + for (i = 0; i < nr; i++) { + /* Write directly: see the comment in pid_ns_ctl_handler() */ + pid_ns->last_pid = pid[i]; + pid_ns = pid_ns->parent; + } + + return 0; +} + static struct user_namespace *pidns_owner(struct ns_common *ns) { return to_pid_ns(ns)->user_ns;