On 06/20, Eric W. Biederman wrote: > > Oleg Nesterov <oleg@xxxxxxxxxx> writes: > > > On 06/18, Oleg Nesterov wrote: > >> > >> I only try to discuss the idea to break the circular reference. > > > > I don't know what I have missed, but this looks really right to me. > > Besides, we have yet another problem: proc_flush_task()->mntput() > > is just wrong. Consider the multithreaded execing init. > > > > I am going to simplify, test, and send the fix which moves mntput() > > into free_pid_ns() paths. > > free_pid_ns is comparatively late, to release the kern_mount. Why? Once again, it is very possible I am wrong. I forgot this code if ever knew. But could you please explain? > > But first of all I think we should cleanup the pid_ns_prepare_proc() > > logic. Imho, this code is really ugly. Please see the patches. > > Since I have a patchset that makes it possible to unshare the pid > namespace about ready to send I figure we should combine the two > efforts. > > This patchset is a prerequisite to my patches for giving namespaces > file descriptors and allowing you to join and existing namespace. I do not understand. Eric, why you can't do these changes on top of the cleanups I sent? OK, personally I certainly dislike 1/6, but perhaps it is needed for 6/6 which I didn't read yet. But, in any case, it is orthogonal to pid_ns_prepare_proc() cleanups? Now. You joined the first 2 patches I sent into 2/6. It is not that I care about the "From:" tag, but why? And (unless I missed something) you added the following changes compared to my patches: - remove the MS_KERNMOUNT check around ei->pid = find_pid(1). OK, I agree it was not strictly needed, but imho makes the code cleaner. Or I missed something and this check was wrong? - introduce the bug in create_pid_namespace(). If pid_ns_prepare_proc() fails, we return the wrong error code and leak parent_pid_ns(). So. Afaics - nack to 2/6 at least. Could you please do this on top of the cleanups I sent? Of course, unless you think they are wrong. And. I do not think these series can fix the discussed problems. ns->dead definitely can't, no? I think we should fix the bugs first. Oleg. _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
