pidns: Don't allow new processes in a dead pid namespace.

Set nr_hashed to -1 just before we schedule the work to cleanup proc. Test nr_hashed just before we hash a new pid and if nr_hashed is < 0 fail. This guaranteees that processes never enter a pid namespaces after we have cleaned up the state to support processes in a pid namespace. Currently sending SIGKILL to all of the process in a pid namespace as init exists gives us this guarantee but we need something a little stronger to support unsharing and joining a pid namespace. Acked-by: "Serge E. Hallyn" <serge@hallyn.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>

pidns: Don't allow new processes in a dead pid namespace.
Set nr_hashed to -1 just before we schedule the work to cleanup proc. Test nr_hashed just before we hash a new pid and if nr_hashed is < 0 fail. This guaranteees that processes never enter a pid namespaces after we have cleaned up the state to support processes in a pid namespace. Currently sending SIGKILL to all of the process in a pid namespace as init exists gives us this guarantee but we need something a little stronger to support unsharing and joining a pid namespace. Acked-by: "Serge E. Hallyn" <serge@hallyn.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Eric W. Biederman
1 parent 0a01f2cc39
Showing 1 changed file with 7 additions and 1 deletions Side-by-side Diff
kernel/pid.c
@@ -274,8 +274,10 @@
 	for (i = 0; i <= pid->level; i++) {
 		struct upid *upid = pid->numbers + i;
 		hlist_del_rcu(&upid->pid_chain);
-		if (--upid->ns->nr_hashed == 0)
+		if (--upid->ns->nr_hashed == 0) {
+			upid->ns->nr_hashed = -1;
 			schedule_work(&upid->ns->proc_work);
+		}
 	}
 	spin_unlock_irqrestore(&pidmap_lock, flags);
  
@@ -321,6 +323,8 @@
  
 	upid = pid->numbers + ns->level;
 	spin_lock_irq(&pidmap_lock);
+	if (ns->nr_hashed < 0)
+		goto out_unlock;
 	for ( ; upid >= pid->numbers; --upid) {
 		hlist_add_head_rcu(&upid->pid_chain,
 				&pid_hash[pid_hashfn(upid->nr, upid->ns)]);
@@ -331,6 +335,8 @@
 out:
 	return pid;
  
+out_unlock:
+	spin_unlock(&pidmap_lock);
 out_free:
 	while (++i <= ns->level)
 		free_pidmap(pid->numbers + i);
...	...	@@ -274,8 +274,10 @@
274	274	for (i = 0; i <= pid->level; i++) {
275	275	struct upid *upid = pid->numbers + i;
276	276	hlist_del_rcu(&upid->pid_chain);
277		- if (--upid->ns->nr_hashed == 0)
	277	+ if (--upid->ns->nr_hashed == 0) {
	278	+ upid->ns->nr_hashed = -1;
278	279	schedule_work(&upid->ns->proc_work);
	280	+ }
279	281	}
280	282	spin_unlock_irqrestore(&pidmap_lock, flags);
281	283
...	...	@@ -321,6 +323,8 @@
321	323
322	324	upid = pid->numbers + ns->level;
323	325	spin_lock_irq(&pidmap_lock);
	326	+ if (ns->nr_hashed < 0)
	327	+ goto out_unlock;
324	328	for ( ; upid >= pid->numbers; --upid) {
325	329	hlist_add_head_rcu(&upid->pid_chain,
326	330	&pid_hash[pid_hashfn(upid->nr, upid->ns)]);
...	...	@@ -331,6 +335,8 @@
331	335	out:
332	336	return pid;
333	337
	338	+out_unlock:
	339	+ spin_unlock(&pidmap_lock);
334	340	out_free:
335	341	while (++i <= ns->level)
336	342	free_pidmap(pid->numbers + i);