Unverified Commit 76c12881 authored by Christian Brauner's avatar Christian Brauner
Browse files

nsproxy: support CLONE_NEWTIME with setns() 



So far setns() was missing time namespace support. This was partially due
to it simply not being implemented but also because vdso_join_timens()
could still fail which made switching to multiple namespaces atomically
problematic. This is now fixed so support CLONE_NEWTIME with setns()

Signed-off-by: default avatarChristian Brauner <christian.brauner@ubuntu.com>
Reviewed-by: default avatarAndrei Vagin <avagin@gmail.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: Serge Hallyn <serge@hallyn.com>
Cc: Dmitry Safonov <dima@arista.com>
Link: https://lore.kernel.org/r/20200706154912.3248030-4-christian.brauner@ubuntu.com
parent 5cfea9a1

include/linux/time_namespace.h

+6 −0
Original line number Diff line number Diff line
@@ -33,6 +33,7 @@ extern struct time_namespace init_time_ns; 
#ifdef CONFIG_TIME_NS

extern int vdso_join_timens(struct task_struct *task,

			    struct time_namespace *ns);

extern void timens_commit(struct task_struct *tsk, struct time_namespace *ns);



static inline struct time_namespace *get_time_ns(struct time_namespace *ns)

{
@@ -96,6 +97,11 @@ static inline int vdso_join_timens(struct task_struct *task, 
	return 0;

}



static inline void timens_commit(struct task_struct *tsk,

				 struct time_namespace *ns)

{

}



static inline struct time_namespace *get_time_ns(struct time_namespace *ns)

{

	return NULL;

kernel/nsproxy.c

+19 −2
Original line number Diff line number Diff line
@@ -262,8 +262,8 @@ void exit_task_namespaces(struct task_struct *p) 
static int check_setns_flags(unsigned long flags)

{

	if (!flags || (flags & ~(CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWIPC |

				 CLONE_NEWNET | CLONE_NEWUSER | CLONE_NEWPID |

				 CLONE_NEWCGROUP)))

				 CLONE_NEWNET | CLONE_NEWTIME | CLONE_NEWUSER |

				 CLONE_NEWPID | CLONE_NEWCGROUP)))

		return -EINVAL;



#ifndef CONFIG_USER_NS
@@ -290,6 +290,10 @@ static int check_setns_flags(unsigned long flags) 
	if (flags & CLONE_NEWNET)

		return -EINVAL;

#endif

#ifndef CONFIG_TIME_NS

	if (flags & CLONE_NEWTIME)

		return -EINVAL;

#endif



	return 0;

}
@@ -464,6 +468,14 @@ static int validate_nsset(struct nsset *nsset, struct pid *pid) 
	}

#endif



#ifdef CONFIG_TIME_NS

	if (flags & CLONE_NEWTIME) {

		ret = validate_ns(nsset, &nsp->time_ns->ns);

		if (ret)

			goto out;

	}

#endif



out:

	if (pid_ns)

		put_pid_ns(pid_ns);
@@ -507,6 +519,11 @@ static void commit_nsset(struct nsset *nsset) 
		exit_sem(me);

#endif



#ifdef CONFIG_TIME_NS

	if (flags & CLONE_NEWTIME)

		timens_commit(me, nsset->nsproxy->time_ns);

#endif



	/* transfer ownership */

	switch_task_namespaces(me, nsset->nsproxy);

	nsset->nsproxy = NULL;

kernel/time/namespace.c

+1 −4
Original line number Diff line number Diff line
@@ -280,7 +280,7 @@ static void timens_put(struct ns_common *ns) 
	put_time_ns(to_time_ns(ns));

}



static void timens_commit(struct task_struct *tsk, struct time_namespace *ns)

void timens_commit(struct task_struct *tsk, struct time_namespace *ns)

{

	timens_set_vvar_page(tsk, ns);

	vdso_join_timens(tsk, ns);
@@ -298,9 +298,6 @@ static int timens_install(struct nsset *nsset, struct ns_common *new) 
	    !ns_capable(nsset->cred->user_ns, CAP_SYS_ADMIN))

		return -EPERM;





	timens_commit(current, ns);



	get_time_ns(ns);

	put_time_ns(nsproxy->time_ns);

	nsproxy->time_ns = ns;

CRA Git | Maintained and supported by SUSTech CRA and CCSE