mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2025-01-06 05:02:31 +00:00
7863dcc72d
The pid_max sysctl is a global value. For a long time the default value has been 65535 and during the pidfd dicussions Linus proposed to bump pid_max by default (cf. [1]). Based on this discussion systemd started bumping pid_max to 2^22. So all new systems now run with a very high pid_max limit with some distros having also backported that change. The decision to bump pid_max is obviously correct. It just doesn't make a lot of sense nowadays to enforce such a low pid number. There's sufficient tooling to make selecting specific processes without typing really large pid numbers available. In any case, there are workloads that have expections about how large pid numbers they accept. Either for historical reasons or architectural reasons. One concreate example is the 32-bit version of Android's bionic libc which requires pid numbers less than 65536. There are workloads where it is run in a 32-bit container on a 64-bit kernel. If the host has a pid_max value greater than 65535 the libc will abort thread creation because of size assumptions of pthread_mutex_t. That's a fairly specific use-case however, in general specific workloads that are moved into containers running on a host with a new kernel and a new systemd can run into issues with large pid_max values. Obviously making assumptions about the size of the allocated pid is suboptimal but we have userspace that does it. Of course, giving containers the ability to restrict the number of processes in their respective pid namespace indepent of the global limit through pid_max is something desirable in itself and comes in handy in general. Independent of motivating use-cases the existence of pid namespaces makes this also a good semantical extension and there have been prior proposals pushing in a similar direction. The trick here is to minimize the risk of regressions which I think is doable. The fact that pid namespaces are hierarchical will help us here. What we mostly care about is that when the host sets a low pid_max limit, say (crazy number) 100 that no descendant pid namespace can allocate a higher pid number in its namespace. Since pid allocation is hierarchial this can be ensured by checking each pid allocation against the pid namespace's pid_max limit. This means if the allocation in the descendant pid namespace succeeds, the ancestor pid namespace can reject it. If the ancestor pid namespace has a higher limit than the descendant pid namespace the descendant pid namespace will reject the pid allocation. The ancestor pid namespace will obviously not care about this. All in all this means pid_max continues to enforce a system wide limit on the number of processes but allows pid namespaces sufficient leeway in handling workloads with assumptions about pid values and allows containers to restrict the number of processes in a pid namespace through the pid_max interface. [1]: https://lore.kernel.org/linux-api/CAHk-=wiZ40LVjnXSi9iHLE_-ZBsWFGCgdmNiYZUXn1-V5YBg2g@mail.gmail.com - rebased from 5.14-rc1 - a few fixes (missing ns_free_inum on error path, missing initialization, etc) - permission check changes in pid_table_root_permissions - unsigned int pid_max -> int pid_max (keep pid_max type as it was) - add READ_ONCE in alloc_pid() as suggested by Christian - rebased from 6.7 and take into account: * sysctl: treewide: drop unused argument ctl_table_root::set_ownership(table) * sysctl: treewide: constify ctl_table_header::ctl_table_arg * pidfd: add pidfs * tracing: Move saved_cmdline code into trace_sched_switch.c Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com> Link: https://lore.kernel.org/r/20241122132459.135120-2-aleksandr.mikhalitsyn@canonical.com Signed-off-by: Christian Brauner <brauner@kernel.org>
497 lines
12 KiB
C
497 lines
12 KiB
C
// SPDX-License-Identifier: GPL-2.0
|
|
/*
|
|
* Copyright (C) 2021 VMware Inc, Steven Rostedt <rostedt@goodmis.org>
|
|
*/
|
|
#include <linux/spinlock.h>
|
|
#include <linux/irq_work.h>
|
|
#include <linux/slab.h>
|
|
#include "trace.h"
|
|
|
|
/* See pid_list.h for details */
|
|
|
|
static inline union lower_chunk *get_lower_chunk(struct trace_pid_list *pid_list)
|
|
{
|
|
union lower_chunk *chunk;
|
|
|
|
lockdep_assert_held(&pid_list->lock);
|
|
|
|
if (!pid_list->lower_list)
|
|
return NULL;
|
|
|
|
chunk = pid_list->lower_list;
|
|
pid_list->lower_list = chunk->next;
|
|
pid_list->free_lower_chunks--;
|
|
WARN_ON_ONCE(pid_list->free_lower_chunks < 0);
|
|
chunk->next = NULL;
|
|
/*
|
|
* If a refill needs to happen, it can not happen here
|
|
* as the scheduler run queue locks are held.
|
|
*/
|
|
if (pid_list->free_lower_chunks <= CHUNK_REALLOC)
|
|
irq_work_queue(&pid_list->refill_irqwork);
|
|
|
|
return chunk;
|
|
}
|
|
|
|
static inline union upper_chunk *get_upper_chunk(struct trace_pid_list *pid_list)
|
|
{
|
|
union upper_chunk *chunk;
|
|
|
|
lockdep_assert_held(&pid_list->lock);
|
|
|
|
if (!pid_list->upper_list)
|
|
return NULL;
|
|
|
|
chunk = pid_list->upper_list;
|
|
pid_list->upper_list = chunk->next;
|
|
pid_list->free_upper_chunks--;
|
|
WARN_ON_ONCE(pid_list->free_upper_chunks < 0);
|
|
chunk->next = NULL;
|
|
/*
|
|
* If a refill needs to happen, it can not happen here
|
|
* as the scheduler run queue locks are held.
|
|
*/
|
|
if (pid_list->free_upper_chunks <= CHUNK_REALLOC)
|
|
irq_work_queue(&pid_list->refill_irqwork);
|
|
|
|
return chunk;
|
|
}
|
|
|
|
static inline void put_lower_chunk(struct trace_pid_list *pid_list,
|
|
union lower_chunk *chunk)
|
|
{
|
|
lockdep_assert_held(&pid_list->lock);
|
|
|
|
chunk->next = pid_list->lower_list;
|
|
pid_list->lower_list = chunk;
|
|
pid_list->free_lower_chunks++;
|
|
}
|
|
|
|
static inline void put_upper_chunk(struct trace_pid_list *pid_list,
|
|
union upper_chunk *chunk)
|
|
{
|
|
lockdep_assert_held(&pid_list->lock);
|
|
|
|
chunk->next = pid_list->upper_list;
|
|
pid_list->upper_list = chunk;
|
|
pid_list->free_upper_chunks++;
|
|
}
|
|
|
|
static inline bool upper_empty(union upper_chunk *chunk)
|
|
{
|
|
/*
|
|
* If chunk->data has no lower chunks, it will be the same
|
|
* as a zeroed bitmask. Use find_first_bit() to test it
|
|
* and if it doesn't find any bits set, then the array
|
|
* is empty.
|
|
*/
|
|
int bit = find_first_bit((unsigned long *)chunk->data,
|
|
sizeof(chunk->data) * 8);
|
|
return bit >= sizeof(chunk->data) * 8;
|
|
}
|
|
|
|
static inline int pid_split(unsigned int pid, unsigned int *upper1,
|
|
unsigned int *upper2, unsigned int *lower)
|
|
{
|
|
/* MAX_PID should cover all pids */
|
|
BUILD_BUG_ON(MAX_PID < PID_MAX_LIMIT);
|
|
|
|
/* In case a bad pid is passed in, then fail */
|
|
if (unlikely(pid >= MAX_PID))
|
|
return -1;
|
|
|
|
*upper1 = (pid >> UPPER1_SHIFT) & UPPER_MASK;
|
|
*upper2 = (pid >> UPPER2_SHIFT) & UPPER_MASK;
|
|
*lower = pid & LOWER_MASK;
|
|
|
|
return 0;
|
|
}
|
|
|
|
static inline unsigned int pid_join(unsigned int upper1,
|
|
unsigned int upper2, unsigned int lower)
|
|
{
|
|
return ((upper1 & UPPER_MASK) << UPPER1_SHIFT) |
|
|
((upper2 & UPPER_MASK) << UPPER2_SHIFT) |
|
|
(lower & LOWER_MASK);
|
|
}
|
|
|
|
/**
|
|
* trace_pid_list_is_set - test if the pid is set in the list
|
|
* @pid_list: The pid list to test
|
|
* @pid: The pid to see if set in the list.
|
|
*
|
|
* Tests if @pid is set in the @pid_list. This is usually called
|
|
* from the scheduler when a task is scheduled. Its pid is checked
|
|
* if it should be traced or not.
|
|
*
|
|
* Return true if the pid is in the list, false otherwise.
|
|
*/
|
|
bool trace_pid_list_is_set(struct trace_pid_list *pid_list, unsigned int pid)
|
|
{
|
|
union upper_chunk *upper_chunk;
|
|
union lower_chunk *lower_chunk;
|
|
unsigned long flags;
|
|
unsigned int upper1;
|
|
unsigned int upper2;
|
|
unsigned int lower;
|
|
bool ret = false;
|
|
|
|
if (!pid_list)
|
|
return false;
|
|
|
|
if (pid_split(pid, &upper1, &upper2, &lower) < 0)
|
|
return false;
|
|
|
|
raw_spin_lock_irqsave(&pid_list->lock, flags);
|
|
upper_chunk = pid_list->upper[upper1];
|
|
if (upper_chunk) {
|
|
lower_chunk = upper_chunk->data[upper2];
|
|
if (lower_chunk)
|
|
ret = test_bit(lower, lower_chunk->data);
|
|
}
|
|
raw_spin_unlock_irqrestore(&pid_list->lock, flags);
|
|
|
|
return ret;
|
|
}
|
|
|
|
/**
|
|
* trace_pid_list_set - add a pid to the list
|
|
* @pid_list: The pid list to add the @pid to.
|
|
* @pid: The pid to add.
|
|
*
|
|
* Adds @pid to @pid_list. This is usually done explicitly by a user
|
|
* adding a task to be traced, or indirectly by the fork function
|
|
* when children should be traced and a task's pid is in the list.
|
|
*
|
|
* Return 0 on success, negative otherwise.
|
|
*/
|
|
int trace_pid_list_set(struct trace_pid_list *pid_list, unsigned int pid)
|
|
{
|
|
union upper_chunk *upper_chunk;
|
|
union lower_chunk *lower_chunk;
|
|
unsigned long flags;
|
|
unsigned int upper1;
|
|
unsigned int upper2;
|
|
unsigned int lower;
|
|
int ret;
|
|
|
|
if (!pid_list)
|
|
return -ENODEV;
|
|
|
|
if (pid_split(pid, &upper1, &upper2, &lower) < 0)
|
|
return -EINVAL;
|
|
|
|
raw_spin_lock_irqsave(&pid_list->lock, flags);
|
|
upper_chunk = pid_list->upper[upper1];
|
|
if (!upper_chunk) {
|
|
upper_chunk = get_upper_chunk(pid_list);
|
|
if (!upper_chunk) {
|
|
ret = -ENOMEM;
|
|
goto out;
|
|
}
|
|
pid_list->upper[upper1] = upper_chunk;
|
|
}
|
|
lower_chunk = upper_chunk->data[upper2];
|
|
if (!lower_chunk) {
|
|
lower_chunk = get_lower_chunk(pid_list);
|
|
if (!lower_chunk) {
|
|
ret = -ENOMEM;
|
|
goto out;
|
|
}
|
|
upper_chunk->data[upper2] = lower_chunk;
|
|
}
|
|
set_bit(lower, lower_chunk->data);
|
|
ret = 0;
|
|
out:
|
|
raw_spin_unlock_irqrestore(&pid_list->lock, flags);
|
|
return ret;
|
|
}
|
|
|
|
/**
|
|
* trace_pid_list_clear - remove a pid from the list
|
|
* @pid_list: The pid list to remove the @pid from.
|
|
* @pid: The pid to remove.
|
|
*
|
|
* Removes @pid from @pid_list. This is usually done explicitly by a user
|
|
* removing tasks from tracing, or indirectly by the exit function
|
|
* when a task that is set to be traced exits.
|
|
*
|
|
* Return 0 on success, negative otherwise.
|
|
*/
|
|
int trace_pid_list_clear(struct trace_pid_list *pid_list, unsigned int pid)
|
|
{
|
|
union upper_chunk *upper_chunk;
|
|
union lower_chunk *lower_chunk;
|
|
unsigned long flags;
|
|
unsigned int upper1;
|
|
unsigned int upper2;
|
|
unsigned int lower;
|
|
|
|
if (!pid_list)
|
|
return -ENODEV;
|
|
|
|
if (pid_split(pid, &upper1, &upper2, &lower) < 0)
|
|
return -EINVAL;
|
|
|
|
raw_spin_lock_irqsave(&pid_list->lock, flags);
|
|
upper_chunk = pid_list->upper[upper1];
|
|
if (!upper_chunk)
|
|
goto out;
|
|
|
|
lower_chunk = upper_chunk->data[upper2];
|
|
if (!lower_chunk)
|
|
goto out;
|
|
|
|
clear_bit(lower, lower_chunk->data);
|
|
|
|
/* if there's no more bits set, add it to the free list */
|
|
if (find_first_bit(lower_chunk->data, LOWER_MAX) >= LOWER_MAX) {
|
|
put_lower_chunk(pid_list, lower_chunk);
|
|
upper_chunk->data[upper2] = NULL;
|
|
if (upper_empty(upper_chunk)) {
|
|
put_upper_chunk(pid_list, upper_chunk);
|
|
pid_list->upper[upper1] = NULL;
|
|
}
|
|
}
|
|
out:
|
|
raw_spin_unlock_irqrestore(&pid_list->lock, flags);
|
|
return 0;
|
|
}
|
|
|
|
/**
|
|
* trace_pid_list_next - return the next pid in the list
|
|
* @pid_list: The pid list to examine.
|
|
* @pid: The pid to start from
|
|
* @next: The pointer to place the pid that is set starting from @pid.
|
|
*
|
|
* Looks for the next consecutive pid that is in @pid_list starting
|
|
* at the pid specified by @pid. If one is set (including @pid), then
|
|
* that pid is placed into @next.
|
|
*
|
|
* Return 0 when a pid is found, -1 if there are no more pids included.
|
|
*/
|
|
int trace_pid_list_next(struct trace_pid_list *pid_list, unsigned int pid,
|
|
unsigned int *next)
|
|
{
|
|
union upper_chunk *upper_chunk;
|
|
union lower_chunk *lower_chunk;
|
|
unsigned long flags;
|
|
unsigned int upper1;
|
|
unsigned int upper2;
|
|
unsigned int lower;
|
|
|
|
if (!pid_list)
|
|
return -ENODEV;
|
|
|
|
if (pid_split(pid, &upper1, &upper2, &lower) < 0)
|
|
return -EINVAL;
|
|
|
|
raw_spin_lock_irqsave(&pid_list->lock, flags);
|
|
for (; upper1 <= UPPER_MASK; upper1++, upper2 = 0) {
|
|
upper_chunk = pid_list->upper[upper1];
|
|
|
|
if (!upper_chunk)
|
|
continue;
|
|
|
|
for (; upper2 <= UPPER_MASK; upper2++, lower = 0) {
|
|
lower_chunk = upper_chunk->data[upper2];
|
|
if (!lower_chunk)
|
|
continue;
|
|
|
|
lower = find_next_bit(lower_chunk->data, LOWER_MAX,
|
|
lower);
|
|
if (lower < LOWER_MAX)
|
|
goto found;
|
|
}
|
|
}
|
|
|
|
found:
|
|
raw_spin_unlock_irqrestore(&pid_list->lock, flags);
|
|
if (upper1 > UPPER_MASK)
|
|
return -1;
|
|
|
|
*next = pid_join(upper1, upper2, lower);
|
|
return 0;
|
|
}
|
|
|
|
/**
|
|
* trace_pid_list_first - return the first pid in the list
|
|
* @pid_list: The pid list to examine.
|
|
* @pid: The pointer to place the pid first found pid that is set.
|
|
*
|
|
* Looks for the first pid that is set in @pid_list, and places it
|
|
* into @pid if found.
|
|
*
|
|
* Return 0 when a pid is found, -1 if there are no pids set.
|
|
*/
|
|
int trace_pid_list_first(struct trace_pid_list *pid_list, unsigned int *pid)
|
|
{
|
|
return trace_pid_list_next(pid_list, 0, pid);
|
|
}
|
|
|
|
static void pid_list_refill_irq(struct irq_work *iwork)
|
|
{
|
|
struct trace_pid_list *pid_list = container_of(iwork, struct trace_pid_list,
|
|
refill_irqwork);
|
|
union upper_chunk *upper = NULL;
|
|
union lower_chunk *lower = NULL;
|
|
union upper_chunk **upper_next = &upper;
|
|
union lower_chunk **lower_next = &lower;
|
|
int upper_count;
|
|
int lower_count;
|
|
int ucnt = 0;
|
|
int lcnt = 0;
|
|
|
|
again:
|
|
raw_spin_lock(&pid_list->lock);
|
|
upper_count = CHUNK_ALLOC - pid_list->free_upper_chunks;
|
|
lower_count = CHUNK_ALLOC - pid_list->free_lower_chunks;
|
|
raw_spin_unlock(&pid_list->lock);
|
|
|
|
if (upper_count <= 0 && lower_count <= 0)
|
|
return;
|
|
|
|
while (upper_count-- > 0) {
|
|
union upper_chunk *chunk;
|
|
|
|
chunk = kzalloc(sizeof(*chunk), GFP_NOWAIT);
|
|
if (!chunk)
|
|
break;
|
|
*upper_next = chunk;
|
|
upper_next = &chunk->next;
|
|
ucnt++;
|
|
}
|
|
|
|
while (lower_count-- > 0) {
|
|
union lower_chunk *chunk;
|
|
|
|
chunk = kzalloc(sizeof(*chunk), GFP_NOWAIT);
|
|
if (!chunk)
|
|
break;
|
|
*lower_next = chunk;
|
|
lower_next = &chunk->next;
|
|
lcnt++;
|
|
}
|
|
|
|
raw_spin_lock(&pid_list->lock);
|
|
if (upper) {
|
|
*upper_next = pid_list->upper_list;
|
|
pid_list->upper_list = upper;
|
|
pid_list->free_upper_chunks += ucnt;
|
|
}
|
|
if (lower) {
|
|
*lower_next = pid_list->lower_list;
|
|
pid_list->lower_list = lower;
|
|
pid_list->free_lower_chunks += lcnt;
|
|
}
|
|
raw_spin_unlock(&pid_list->lock);
|
|
|
|
/*
|
|
* On success of allocating all the chunks, both counters
|
|
* will be less than zero. If they are not, then an allocation
|
|
* failed, and we should not try again.
|
|
*/
|
|
if (upper_count >= 0 || lower_count >= 0)
|
|
return;
|
|
/*
|
|
* When the locks were released, free chunks could have
|
|
* been used and allocation needs to be done again. Might as
|
|
* well allocate it now.
|
|
*/
|
|
goto again;
|
|
}
|
|
|
|
/**
|
|
* trace_pid_list_alloc - create a new pid_list
|
|
*
|
|
* Allocates a new pid_list to store pids into.
|
|
*
|
|
* Returns the pid_list on success, NULL otherwise.
|
|
*/
|
|
struct trace_pid_list *trace_pid_list_alloc(void)
|
|
{
|
|
struct trace_pid_list *pid_list;
|
|
int i;
|
|
|
|
/* According to linux/thread.h, pids can be no bigger that 30 bits */
|
|
WARN_ON_ONCE(init_pid_ns.pid_max > (1 << 30));
|
|
|
|
pid_list = kzalloc(sizeof(*pid_list), GFP_KERNEL);
|
|
if (!pid_list)
|
|
return NULL;
|
|
|
|
init_irq_work(&pid_list->refill_irqwork, pid_list_refill_irq);
|
|
|
|
raw_spin_lock_init(&pid_list->lock);
|
|
|
|
for (i = 0; i < CHUNK_ALLOC; i++) {
|
|
union upper_chunk *chunk;
|
|
|
|
chunk = kzalloc(sizeof(*chunk), GFP_KERNEL);
|
|
if (!chunk)
|
|
break;
|
|
chunk->next = pid_list->upper_list;
|
|
pid_list->upper_list = chunk;
|
|
pid_list->free_upper_chunks++;
|
|
}
|
|
|
|
for (i = 0; i < CHUNK_ALLOC; i++) {
|
|
union lower_chunk *chunk;
|
|
|
|
chunk = kzalloc(sizeof(*chunk), GFP_KERNEL);
|
|
if (!chunk)
|
|
break;
|
|
chunk->next = pid_list->lower_list;
|
|
pid_list->lower_list = chunk;
|
|
pid_list->free_lower_chunks++;
|
|
}
|
|
|
|
return pid_list;
|
|
}
|
|
|
|
/**
|
|
* trace_pid_list_free - Frees an allocated pid_list.
|
|
* @pid_list: The pid list to free.
|
|
*
|
|
* Frees the memory for a pid_list that was allocated.
|
|
*/
|
|
void trace_pid_list_free(struct trace_pid_list *pid_list)
|
|
{
|
|
union upper_chunk *upper;
|
|
union lower_chunk *lower;
|
|
int i, j;
|
|
|
|
if (!pid_list)
|
|
return;
|
|
|
|
irq_work_sync(&pid_list->refill_irqwork);
|
|
|
|
while (pid_list->lower_list) {
|
|
union lower_chunk *chunk;
|
|
|
|
chunk = pid_list->lower_list;
|
|
pid_list->lower_list = pid_list->lower_list->next;
|
|
kfree(chunk);
|
|
}
|
|
|
|
while (pid_list->upper_list) {
|
|
union upper_chunk *chunk;
|
|
|
|
chunk = pid_list->upper_list;
|
|
pid_list->upper_list = pid_list->upper_list->next;
|
|
kfree(chunk);
|
|
}
|
|
|
|
for (i = 0; i < UPPER1_SIZE; i++) {
|
|
upper = pid_list->upper[i];
|
|
if (upper) {
|
|
for (j = 0; j < UPPER2_SIZE; j++) {
|
|
lower = upper->data[j];
|
|
kfree(lower);
|
|
}
|
|
kfree(upper);
|
|
}
|
|
}
|
|
kfree(pid_list);
|
|
}
|