The kernel uses open code to check if a process is in root PID namespace or not in several places.
Suggested by Suzuki, this patch set is to create a helper function task_is_in_init_pid_ns() to replace open code.
This patch set has been applied on the mainline kernel and built for Arm64 kernel with enabling all relevant modules.
Changes from v1: * Renamed helper function from task_is_in_root_ns() to task_is_in_init_pid_ns(). (Leon Romanovsky) * Improved patches' commit logs for more neat.
Leo Yan (7): pid: Introduce helper task_is_in_init_pid_ns() coresight: etm3x: Use task_is_in_init_pid_ns() coresight: etm4x: Use task_is_in_init_pid_ns() connector/cn_proc: Use task_is_in_init_pid_ns() coda: Use task_is_in_init_pid_ns() audit: Use task_is_in_init_pid_ns() taskstats: Use task_is_in_init_pid_ns()
drivers/connector/cn_proc.c | 2 +- drivers/hwtracing/coresight/coresight-etm3x-sysfs.c | 8 ++++---- drivers/hwtracing/coresight/coresight-etm4x-sysfs.c | 8 ++++---- fs/coda/inode.c | 2 +- fs/coda/psdev.c | 2 +- include/linux/pid_namespace.h | 5 +++++ kernel/audit.c | 2 +- kernel/taskstats.c | 2 +- 8 files changed, 18 insertions(+), 13 deletions(-)
Currently the kernel uses open code in multiple places to check if a task is in the root PID namespace with the kind of format:
if (task_active_pid_ns(current) == &init_pid_ns) do_something();
This patch creates a new helper function, task_is_in_init_pid_ns(), it returns true if a passed task is in the root PID namespace, otherwise returns false. So it will be used to replace open codes.
Suggested-by: Suzuki K Poulose suzuki.poulose@arm.com Signed-off-by: Leo Yan leo.yan@linaro.org --- include/linux/pid_namespace.h | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/include/linux/pid_namespace.h b/include/linux/pid_namespace.h index 7c7e627503d2..07481bb87d4e 100644 --- a/include/linux/pid_namespace.h +++ b/include/linux/pid_namespace.h @@ -86,4 +86,9 @@ extern struct pid_namespace *task_active_pid_ns(struct task_struct *tsk); void pidhash_init(void); void pid_idr_init(void);
+static inline bool task_is_in_init_pid_ns(struct task_struct *tsk) +{ + return task_active_pid_ns(tsk) == &init_pid_ns; +} + #endif /* _LINUX_PID_NS_H */
On 08/12/2021 08:33, Leo Yan wrote:
Currently the kernel uses open code in multiple places to check if a task is in the root PID namespace with the kind of format:
if (task_active_pid_ns(current) == &init_pid_ns) do_something();
This patch creates a new helper function, task_is_in_init_pid_ns(), it returns true if a passed task is in the root PID namespace, otherwise returns false. So it will be used to replace open codes.
Suggested-by: Suzuki K Poulose suzuki.poulose@arm.com Signed-off-by: Leo Yan leo.yan@linaro.org
include/linux/pid_namespace.h | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/include/linux/pid_namespace.h b/include/linux/pid_namespace.h index 7c7e627503d2..07481bb87d4e 100644 --- a/include/linux/pid_namespace.h +++ b/include/linux/pid_namespace.h @@ -86,4 +86,9 @@ extern struct pid_namespace *task_active_pid_ns(struct task_struct *tsk); void pidhash_init(void); void pid_idr_init(void); +static inline bool task_is_in_init_pid_ns(struct task_struct *tsk) +{
- return task_active_pid_ns(tsk) == &init_pid_ns;
+}
Looks good to me,
Acked-by: Suzuki K Poulose suzuki.poulose@arm.com
This patch replaces open code with task_is_in_init_pid_ns() to check if a task is in root PID namespace.
Signed-off-by: Leo Yan leo.yan@linaro.org --- drivers/hwtracing/coresight/coresight-etm3x-sysfs.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/hwtracing/coresight/coresight-etm3x-sysfs.c b/drivers/hwtracing/coresight/coresight-etm3x-sysfs.c index e8c7649f123e..ff76cb56b727 100644 --- a/drivers/hwtracing/coresight/coresight-etm3x-sysfs.c +++ b/drivers/hwtracing/coresight/coresight-etm3x-sysfs.c @@ -1030,7 +1030,7 @@ static ssize_t ctxid_pid_show(struct device *dev, * Don't use contextID tracing if coming from a PID namespace. See * comment in ctxid_pid_store(). */ - if (task_active_pid_ns(current) != &init_pid_ns) + if (!task_is_in_init_pid_ns(current)) return -EINVAL;
spin_lock(&drvdata->spinlock); @@ -1058,7 +1058,7 @@ static ssize_t ctxid_pid_store(struct device *dev, * As such refuse to use the feature if @current is not in the initial * PID namespace. */ - if (task_active_pid_ns(current) != &init_pid_ns) + if (!task_is_in_init_pid_ns(current)) return -EINVAL;
ret = kstrtoul(buf, 16, &pid); @@ -1084,7 +1084,7 @@ static ssize_t ctxid_mask_show(struct device *dev, * Don't use contextID tracing if coming from a PID namespace. See * comment in ctxid_pid_store(). */ - if (task_active_pid_ns(current) != &init_pid_ns) + if (!task_is_in_init_pid_ns(current)) return -EINVAL;
val = config->ctxid_mask; @@ -1104,7 +1104,7 @@ static ssize_t ctxid_mask_store(struct device *dev, * Don't use contextID tracing if coming from a PID namespace. See * comment in ctxid_pid_store(). */ - if (task_active_pid_ns(current) != &init_pid_ns) + if (!task_is_in_init_pid_ns(current)) return -EINVAL;
ret = kstrtoul(buf, 16, &val);
On 08/12/2021 08:33, Leo Yan wrote:
This patch replaces open code with task_is_in_init_pid_ns() to check if a task is in root PID namespace.
Signed-off-by: Leo Yan leo.yan@linaro.org
Reviewed-by: Suzuki K Poulose suzuki.poulose@arm.com
This patch replaces open code with task_is_in_init_pid_ns() to check if a task is in root PID namespace.
Signed-off-by: Leo Yan leo.yan@linaro.org --- drivers/hwtracing/coresight/coresight-etm4x-sysfs.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/hwtracing/coresight/coresight-etm4x-sysfs.c b/drivers/hwtracing/coresight/coresight-etm4x-sysfs.c index a0640fa5c55b..10ef2a29006e 100644 --- a/drivers/hwtracing/coresight/coresight-etm4x-sysfs.c +++ b/drivers/hwtracing/coresight/coresight-etm4x-sysfs.c @@ -1890,7 +1890,7 @@ static ssize_t ctxid_pid_show(struct device *dev, * Don't use contextID tracing if coming from a PID namespace. See * comment in ctxid_pid_store(). */ - if (task_active_pid_ns(current) != &init_pid_ns) + if (!task_is_in_init_pid_ns(current)) return -EINVAL;
spin_lock(&drvdata->spinlock); @@ -1918,7 +1918,7 @@ static ssize_t ctxid_pid_store(struct device *dev, * As such refuse to use the feature if @current is not in the initial * PID namespace. */ - if (task_active_pid_ns(current) != &init_pid_ns) + if (!task_is_in_init_pid_ns(current)) return -EINVAL;
/* @@ -1951,7 +1951,7 @@ static ssize_t ctxid_masks_show(struct device *dev, * Don't use contextID tracing if coming from a PID namespace. See * comment in ctxid_pid_store(). */ - if (task_active_pid_ns(current) != &init_pid_ns) + if (!task_is_in_init_pid_ns(current)) return -EINVAL;
spin_lock(&drvdata->spinlock); @@ -1975,7 +1975,7 @@ static ssize_t ctxid_masks_store(struct device *dev, * Don't use contextID tracing if coming from a PID namespace. See * comment in ctxid_pid_store(). */ - if (task_active_pid_ns(current) != &init_pid_ns) + if (!task_is_in_init_pid_ns(current)) return -EINVAL;
/*
On 08/12/2021 08:33, Leo Yan wrote:
This patch replaces open code with task_is_in_init_pid_ns() to check if a task is in root PID namespace.
Signed-off-by: Leo Yan leo.yan@linaro.org
Reviewed-by: Suzuki K Poulose suzuki.poulose@arm.com
This patch replaces open code with task_is_in_init_pid_ns() to check if a task is in root PID namespace.
Signed-off-by: Leo Yan leo.yan@linaro.org --- drivers/connector/cn_proc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/connector/cn_proc.c b/drivers/connector/cn_proc.c index 646ad385e490..ccac1c453080 100644 --- a/drivers/connector/cn_proc.c +++ b/drivers/connector/cn_proc.c @@ -358,7 +358,7 @@ static void cn_proc_mcast_ctl(struct cn_msg *msg, * other namespaces. */ if ((current_user_ns() != &init_user_ns) || - (task_active_pid_ns(current) != &init_pid_ns)) + !task_is_in_init_pid_ns(current)) return;
/* Can only change if privileged. */
Replace open code with task_is_in_init_pid_ns() for checking root PID namespace.
Signed-off-by: Leo Yan leo.yan@linaro.org --- fs/coda/inode.c | 2 +- fs/coda/psdev.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/coda/inode.c b/fs/coda/inode.c index d9f1bd7153df..931f4560fdd0 100644 --- a/fs/coda/inode.c +++ b/fs/coda/inode.c @@ -152,7 +152,7 @@ static int coda_fill_super(struct super_block *sb, void *data, int silent) int error; int idx;
- if (task_active_pid_ns(current) != &init_pid_ns) + if (!task_is_in_init_pid_ns(current)) return -EINVAL;
idx = get_device_index((struct coda_mount_data *) data); diff --git a/fs/coda/psdev.c b/fs/coda/psdev.c index b39580ad4ce5..73457661fbe8 100644 --- a/fs/coda/psdev.c +++ b/fs/coda/psdev.c @@ -270,7 +270,7 @@ static int coda_psdev_open(struct inode * inode, struct file * file) struct venus_comm *vcp; int idx, err;
- if (task_active_pid_ns(current) != &init_pid_ns) + if (!task_is_in_init_pid_ns(current)) return -EINVAL;
if (current_user_ns() != &init_user_ns)
Replace open code with task_is_in_init_pid_ns() for checking root PID namespace.
Signed-off-by: Leo Yan leo.yan@linaro.org --- kernel/audit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/audit.c b/kernel/audit.c index 121d37e700a6..56ea91014180 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1034,7 +1034,7 @@ static int audit_netlink_ok(struct sk_buff *skb, u16 msg_type) case AUDIT_MAKE_EQUIV: /* Only support auditd and auditctl in initial pid namespace * for now. */ - if (task_active_pid_ns(current) != &init_pid_ns) + if (!task_is_in_init_pid_ns(current)) return -EPERM;
if (!netlink_capable(skb, CAP_AUDIT_CONTROL))
Replace open code with task_is_in_init_pid_ns() for checking root PID namespace.
Signed-off-by: Leo Yan leo.yan@linaro.org --- kernel/taskstats.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/taskstats.c b/kernel/taskstats.c index 2b4898b4752e..f570d8e1f001 100644 --- a/kernel/taskstats.c +++ b/kernel/taskstats.c @@ -284,7 +284,7 @@ static int add_del_listener(pid_t pid, const struct cpumask *mask, int isadd) if (current_user_ns() != &init_user_ns) return -EINVAL;
- if (task_active_pid_ns(current) != &init_pid_ns) + if (!task_is_in_init_pid_ns(current)) return -EINVAL;
if (isadd == REGISTER) {
Hi David,
On Wed, Dec 08, 2021 at 04:33:13PM +0800, Leo Yan wrote:
The kernel uses open code to check if a process is in root PID namespace or not in several places.
Suggested by Suzuki, this patch set is to create a helper function task_is_in_init_pid_ns() to replace open code.
This patch set has been applied on the mainline kernel and built for Arm64 kernel with enabling all relevant modules.
I'd like sync for how to merging this patch set. Except patch 05/07, all of other patches in this patch set have been received the reviewed or acked tags. So could you pick up this patch set?
Furthermore, we have another patch set "coresight: etm: Correct PID tracing for non-root namespace" [1], which is dependent on the current patch set and it has been Acked by Suzuki.
I'd like to get opinions from David and CoreSight maintainers Mathieu and Suzuki, should we merge the patch set [1] via David's tree as well to avoid dependency issue, or prefer to merge it via CoreSight tree? If David prefers the prior option, I can resend the patch set [1] with looping David.
Thanks, Leo
[1] https://lore.kernel.org/lkml/20211213121323.1887180-1-leo.yan@linaro.org/
On Wed, Jan 12, 2022 at 02:40:47PM +0800, Leo Yan wrote:
Hi David,
On Wed, Dec 08, 2021 at 04:33:13PM +0800, Leo Yan wrote:
The kernel uses open code to check if a process is in root PID namespace or not in several places.
Suggested by Suzuki, this patch set is to create a helper function task_is_in_init_pid_ns() to replace open code.
This patch set has been applied on the mainline kernel and built for Arm64 kernel with enabling all relevant modules.
I'd like sync for how to merging this patch set. Except patch 05/07, all of other patches in this patch set have been received the reviewed or acked tags. So could you pick up this patch set?
Furthermore, we have another patch set "coresight: etm: Correct PID tracing for non-root namespace" [1], which is dependent on the current patch set and it has been Acked by Suzuki.
I'd like to get opinions from David and CoreSight maintainers Mathieu and Suzuki, should we merge the patch set [1] via David's tree as well to avoid dependency issue, or prefer to merge it via CoreSight tree? If David prefers the prior option, I can resend the patch set [1] with looping David.
Gentle ping, Dave.
I verified the current patch set and CoreSight patch set, both can apply clearly on the latest mainline kernel (with last commit dd81e1c7d5fb "Merge tag 'powerpc-5.17-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux").
Thanks, Leo
[1] https://lore.kernel.org/lkml/20211213121323.1887180-1-leo.yan@linaro.org/
-
Leo Yan -
Suzuki K Poulose