[PATCH] to nsproxy

Add the pid namespace framework to the nsproxy object.  The copy of the pid
namespace only increases the refcount on the global pid namespace,
init_pid_ns, and unshare is not implemented.

There is no configuration option to activate or deactivate this feature
because this not relevant for the moment.

Signed-off-by: Cedric Le Goater <clg@fr.ibm.com>
Cc: Kirill Korotaev <dev@openvz.org>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Herbert Poetzl <herbert@13thfloor.at>
Cc: Sukadev Bhattiprolu <sukadev@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

5 files changed, 64 insertions, 9 deletions

diff --git a/include/linux/init_task.h b/include/linux/init_task.h
index 90c5f9a07730..7272ff9ee77c 100644
--- a/include/linux/init_task.h
+++ b/include/linux/init_task.h
@@ -7,6 +7,7 @@
 #include <linux/utsname.h>
 #include <linux/lockdep.h>
 #include <linux/ipc.h>
+#include <linux/pid_namespace.h>
 
 #define INIT_FDTABLE \
 {                                                       \
@@ -73,6 +74,7 @@
 
 extern struct nsproxy init_nsproxy;
 #define INIT_NSPROXY(nsproxy) {                                         \
+        .pid_ns         = &init_pid_ns,                                 \
         .count          = ATOMIC_INIT(1),                               \
         .nslock         = __SPIN_LOCK_UNLOCKED(nsproxy.nslock),         \
         .id             = 0,                                            \
diff --git a/include/linux/nsproxy.h b/include/linux/nsproxy.h
index 27f37c1ec1d9..fdfb0e44912f 100644
--- a/include/linux/nsproxy.h
+++ b/include/linux/nsproxy.h
@@ -7,6 +7,7 @@
 struct mnt_namespace;
 struct uts_namespace;
 struct ipc_namespace;
+struct pid_namespace;
 
 /*
  * A structure to contain pointers to all per-process
@@ -27,6 +28,7 @@ struct nsproxy {
         struct uts_namespace *uts_ns;
         struct ipc_namespace *ipc_ns;
         struct mnt_namespace *mnt_ns;
+        struct pid_namespace *pid_ns;
 };
 extern struct nsproxy init_nsproxy;
 
diff --git a/include/linux/pid_namespace.h b/include/linux/pid_namespace.h
index 54d79095e295..76e7c6b2cf33 100644
--- a/include/linux/pid_namespace.h
+++ b/include/linux/pid_namespace.h
@@ -5,6 +5,8 @@
 #include <linux/mm.h>
 #include <linux/threads.h>
 #include <linux/pid.h>
+#include <linux/nsproxy.h>
+#include <linux/kref.h>
 
 struct pidmap {
        atomic_t nr_free;
@@ -14,10 +16,24 @@ struct pidmap {
 #define PIDMAP_ENTRIES         ((PID_MAX_LIMIT + 8*PAGE_SIZE - 1)/PAGE_SIZE/8)
 
 struct pid_namespace {
-       struct pidmap pidmap[PIDMAP_ENTRIES];
-       int last_pid;
+        struct kref kref;
+        struct pidmap pidmap[PIDMAP_ENTRIES];
+        int last_pid;
 };
 
 extern struct pid_namespace init_pid_ns;
 
+static inline void get_pid_ns(struct pid_namespace *ns)
+{
+        kref_get(&ns->kref);
+}
+
+extern int copy_pid_ns(int flags, struct task_struct *tsk);
+extern void free_pid_ns(struct kref *kref);
+
+static inline void put_pid_ns(struct pid_namespace *ns)
+{
+        kref_put(&ns->kref, free_pid_ns);
+}
+
 #endif /* _LINUX_PID_NS_H */
diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c
index f223c15c18e9..e2ce748e96af 100644
--- a/kernel/nsproxy.c
+++ b/kernel/nsproxy.c
@@ -19,6 +19,7 @@
 #include <linux/init_task.h>
 #include <linux/mnt_namespace.h>
 #include <linux/utsname.h>
+#include <linux/pid_namespace.h>
 
 struct nsproxy init_nsproxy = INIT_NSPROXY(init_nsproxy);
 
@@ -68,6 +69,8 @@ struct nsproxy *dup_namespaces(struct nsproxy *orig)
                         get_uts_ns(ns->uts_ns);
                 if (ns->ipc_ns)
                         get_ipc_ns(ns->ipc_ns);
+                if (ns->pid_ns)
+                        get_pid_ns(ns->pid_ns);
         }
 
         return ns;
@@ -111,10 +114,17 @@ int copy_namespaces(int flags, struct task_struct *tsk)
         if (err)
                 goto out_ipc;
 
+        err = copy_pid_ns(flags, tsk);
+        if (err)
+                goto out_pid;
+
 out:
         put_nsproxy(old_ns);
         return err;
 
+out_pid:
+        if (new_ns->ipc_ns)
+                put_ipc_ns(new_ns->ipc_ns);
 out_ipc:
         if (new_ns->uts_ns)
                 put_uts_ns(new_ns->uts_ns);
@@ -129,11 +139,13 @@ out_ns:
 
 void free_nsproxy(struct nsproxy *ns)
 {
-                if (ns->mnt_ns)
-                        put_mnt_ns(ns->mnt_ns);
-                if (ns->uts_ns)
-                        put_uts_ns(ns->uts_ns);
-                if (ns->ipc_ns)
-                        put_ipc_ns(ns->ipc_ns);
-                kfree(ns);
+        if (ns->mnt_ns)
+                put_mnt_ns(ns->mnt_ns);
+        if (ns->uts_ns)
+                put_uts_ns(ns->uts_ns);
+        if (ns->ipc_ns)
+                put_ipc_ns(ns->ipc_ns);
+        if (ns->pid_ns)
+                put_pid_ns(ns->pid_ns);
+        kfree(ns);
 }
diff --git a/kernel/pid.c b/kernel/pid.c
index 25807e1b98dd..5319b9f2fc5e 100644
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@ -59,6 +59,9 @@ static inline int mk_pid(struct pid_namespace *pid_ns,
  * the scheme scales to up to 4 million PIDs, runtime.
  */
 struct pid_namespace init_pid_ns = {
+        .kref = {
+                .refcount       = ATOMIC_INIT(2),
+        },
         .pidmap = {
                 [ 0 ... PIDMAP_ENTRIES-1] = { ATOMIC_INIT(BITS_PER_PAGE), NULL }
         },
@@ -356,6 +359,26 @@ struct pid *find_ge_pid(int nr)
 }
 EXPORT_SYMBOL_GPL(find_get_pid);
 
+int copy_pid_ns(int flags, struct task_struct *tsk)
+{
+        struct pid_namespace *old_ns = tsk->nsproxy->pid_ns;
+        int err = 0;
+
+        if (!old_ns)
+                return 0;
+
+        get_pid_ns(old_ns);
+        return err;
+}
+
+void free_pid_ns(struct kref *kref)
+{
+        struct pid_namespace *ns;
+
+        ns = container_of(kref, struct pid_namespace, kref);
+        kfree(ns);
+}
+
 /*
  * The pid hash table is scaled according to the amount of memory in the
  * machine.  From a minimum of 16 slots up to 4096 slots at one gigabyte or