Holy, why, pray? I have the solos to-ni

 Say it again; don't tremble like that." "I would die," she
whispered,
"A thousand times I would die rather than have brought
this on you. If I had known--if I had guessed!" "Your hair
is like down," said Velasco, "a soft, golden fluff. I can't
see it, or you; are you there? I shouldn't know if I didn't feel you
breathing,

and the touch of your head and your hand. Go to sleep; I will watch."
She murmured and stirred in his arms. "Yes, yes, I forgive you. I
never was angry

_______________________________________________
Containers mailing list
Containers@...
https://lists.linux-foundation.org/mailman/listinfo/containers

Re: [PATCH] Replace pid_t in autofs4 with struct pid reference.

On 10/01/2010 12:36 AM, Serge Hallyn wrote:
> Quoting Daniel Lezcano (daniel.lezcano@...):
>    
>> I resurect and refreshed this old patch from
>> https://lists.linux-foundation.org/pipermail/containers/2007-February/003726.html
>>
>> This patch makes automount to work within a container.
>>
>> Make autofs4 container-friendly by caching struct pid reference rather
>> than pid_t and using pid_nr() to retreive a task's pid_t.
>>
>> ChangeLog:
>> 	- Refreshed against linux-next (added dev-ioctl.c)
>> 	- Fix Eric Biederman's comments - Use find_get_pid() to hold a
>> 	  reference to oz_pgrp and release while unmounting; separate out
>> 	  changes to autofs and autofs4.
>> 	- Also rollback my earlier change to autofs_wait_queue (pid and tgid
>> 	  in the wait queue are just used to write to a userspace daemon's
>> 	  pipe).
>>          - Fix Cedric's comments: retain old prototype of parse_options()
>>            and move necessary change to its caller.
>>
>> Signed-off-by: Sukadev Bhattiprolu<sukadev@...>
>> Signed-off-by: Daniel Lezcano<daniel.lezcano@...>
>> Cc: Ian Kent<raven@...>
>> Cc: Cedric Le Goater<clg@...>
>> Cc: Dave Hansen<haveblue@...>
>> Cc: Serge E. Hallyn<serge.hallyn@...>
>> Cc: Eric Biederman<ebiederm@...>
>> Cc: Helmut Lichtenberg<heli@...>

Re: [PATCH 05/10] memcg: add dirty page accounting infrastructure

KAMEZAWA Hiroyuki <kamezawa.hiroyu@...> writes:

> On Sun,  3 Oct 2010 23:58:00 -0700
> Greg Thelen <gthelen@...> wrote:
>
>> Add memcg routines to track dirty, writeback, and unstable_NFS pages.
>> These routines are not yet used by the kernel to count such pages.
>> A later change adds kernel calls to these new routines.
>> 
>> Signed-off-by: Greg Thelen <gthelen@...>
>> Signed-off-by: Andrea Righi <arighi@...>
>
> a small request. see below.
>
>> ---
>>  include/linux/memcontrol.h |    3 +
>>  mm/memcontrol.c            |   89 ++++++++++++++++++++++++++++++++++++++++----
>>  2 files changed, 84 insertions(+), 8 deletions(-)
>> 
>> diff --git a/include/linux/memcontrol.h b/include/linux/memcontrol.h
>> index 7c7bec4..6303da1 100644
>> --- a/include/linux/memcontrol.h
>> +++ b/include/linux/memcontrol.h
>>  <at>  <at>  -28,6 +28,9  <at>  <at>  struct mm_struct;
>>  /* Stats that can be updated by kernel. */
>>  enum mem_cgroup_write_page_stat_item {
>>  	MEMCG_NR_FILE_MAPPED, /* # of pages charged as file rss */
>> +	MEMCG_NR_FILE_DIRTY, /* # of dirty pages in page cache */
>> +	MEMCG_NR_FILE_WRITEBACK, /* # of pages under writeback */
>> +	MEMCG_NR_FILE_UNSTABLE_NFS, /* # of NFS unstable pages */

[PATCH 1/1] cgroups: strcpy destination string overflow

From: Evgeny Kuznetsov <ext-eugeny.kuznetsov@...>

Function "strcpy" is used without check for maximum allowed source
string length and could cause destination string overflow.
Check for string length is added before using "strcpy".
Function now is return error if source string length is more than
a maximum.

Signed-off-by: Evgeny Kuznetsov <EXT-Eugeny.Kuznetsov@...>
---
 kernel/cgroup.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index c9483d8..82bbede 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
 <at>  <at>  -1883,6 +1883,8  <at>  <at>  static int cgroup_release_agent_write(struct cgroup *cgrp, struct cftype *cft,
 				      const char *buffer)
 {
 	BUILD_BUG_ON(sizeof(cgrp->root->release_agent_path) < PATH_MAX);
+	if (strlen(buffer) >= PATH_MAX)
+		return -EINVAL;
 	if (!cgroup_lock_live_group(cgrp))
 		return -ENODEV;
 	strcpy(cgrp->root->release_agent_path, buffer);
--

-- 
1.6.3.3

[PATCH 0/1] cgroups: strcpy destination string overflow

Hi,

Here is patch which fixes minor bug in /kernel/cgroup.c file.
Function "strcpy" is used without check for maximum allowed source
string length and could cause destination string overflow.

Thanks,
Best Regards,
Evgeny

Evgeny Kuznetsov (1):
  cgroups: strcpy destination string overflow

 kernel/cgroup.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

[RFC V1] Replace pid_t in autofs4 with struct pid reference.

I resurect and refreshed this old patch from
https://lists.linux-foundation.org/pipermail/containers/2007-February/003726.html

This patch makes automount to work within a container.

Make autofs4 container-friendly by caching struct pid reference rather
than pid_t and using pid_nr() to retreive a task's pid_t.

ChangeLog:

V1:
	- fixed pgrp option in parse_options
	- used get_task_pid(current, PIDTYPE_PGID) instead of task_pgrp
	- fixed how is passed the 'pgrp' argument autofs4_fill_super
	- fixed bad pid conversion, was pid_vnr not pid_nr in autofs4_wait
V0:
	- Refreshed against linux-next (added dev-ioctl.c)
	- Fix Eric Biederman's comments - Use find_get_pid() to hold a
	  reference to oz_pgrp and release while unmounting; separate out
	  changes to autofs and autofs4.
	- Also rollback my earlier change to autofs_wait_queue (pid and tgid
	  in the wait queue are just used to write to a userspace daemon's
	  pipe).
        - Fix Cedric's comments: retain old prototype of parse_options()
          and move necessary change to its caller.

Signed-off-by: Sukadev Bhattiprolu <sukadev@...>
Signed-off-by: Daniel Lezcano <daniel.lezcano@...>
Cc: Ian Kent <raven@...>
Cc: Cedric Le Goater <clg@...>

Re: [PATCH 1/1] cgroups: strcpy destination string overflow

On Tue,  5 Oct 2010 12:38:05 +0400
Evgeny Kuznetsov <EXT-Eugeny.Kuznetsov@...> wrote:

> From: Evgeny Kuznetsov <ext-eugeny.kuznetsov@...>
> 
> Function "strcpy" is used without check for maximum allowed source
> string length and could cause destination string overflow.
> Check for string length is added before using "strcpy".
> Function now is return error if source string length is more than
> a maximum.
> 
> Signed-off-by: Evgeny Kuznetsov <EXT-Eugeny.Kuznetsov@...>
> ---
>  kernel/cgroup.c |    2 ++
>  1 files changed, 2 insertions(+), 0 deletions(-)
> 
> diff --git a/kernel/cgroup.c b/kernel/cgroup.c
> index c9483d8..82bbede 100644
> --- a/kernel/cgroup.c
> +++ b/kernel/cgroup.c
>  <at>  <at>  -1883,6 +1883,8  <at>  <at>  static int cgroup_release_agent_write(struct cgroup *cgrp, struct cftype *cft,
>  				      const char *buffer)
>  {
>  	BUILD_BUG_ON(sizeof(cgrp->root->release_agent_path) < PATH_MAX);
> +	if (strlen(buffer) >= PATH_MAX)
> +		return -EINVAL;
>  	if (!cgroup_lock_live_group(cgrp))
>  		return -ENODEV;
>  	strcpy(cgrp->root->release_agent_path, buffer);

Re: [PATCH 1/1] cgroups: strcpy destination string overflow

On Tue, Oct 5, 2010 at 12:48 PM, Andrew Morton
<akpm@...> wrote:
> On Tue,  5 Oct 2010 12:38:05 +0400
> Evgeny Kuznetsov <EXT-Eugeny.Kuznetsov@...> wrote:
>
>> From: Evgeny Kuznetsov <ext-eugeny.kuznetsov@...>
>>
>> Function "strcpy" is used without check for maximum allowed source
>> string length and could cause destination string overflow.
>> Check for string length is added before using "strcpy".
>> Function now is return error if source string length is more than
>> a maximum.
>>
>> Signed-off-by: Evgeny Kuznetsov <EXT-Eugeny.Kuznetsov@...>
>> ---
>>  kernel/cgroup.c |    2 ++
>>  1 files changed, 2 insertions(+), 0 deletions(-)
>>
>> diff --git a/kernel/cgroup.c b/kernel/cgroup.c
>> index c9483d8..82bbede 100644
>> --- a/kernel/cgroup.c
>> +++ b/kernel/cgroup.c
>>  <at>  <at>  -1883,6 +1883,8  <at>  <at>  static int cgroup_release_agent_write(struct cgroup *cgrp, struct cftype *cft,
>>                                     const char *buffer)
>>  {
>>       BUILD_BUG_ON(sizeof(cgrp->root->release_agent_path) < PATH_MAX);
>> +     if (strlen(buffer) >= PATH_MAX)
>> +             return -EINVAL;
>>       if (!cgroup_lock_live_group(cgrp))
>>               return -ENODEV;

Re: C/R and stdio redirection

Greg Kurz [gkurz@...] wrote:
| On Tue, 2010-09-07 at 13:03 -0700, Sukadev Bhattiprolu wrote:
| > Suppose we create a container and redirect its stdout/stderr as follows:
| > 
| > 	lxc-execute -name foo -- /path/to/app > /tmp/xyz.out 2>&1
| > 
| > If we attempt to checkpoint the container 'foo', we fail bc one of the
| > fds in the application refers to /tmp/xyz.out, which is also in use
| > outside the container (specifically sys_checkpoint() fails due to the
| > "alien mount ns" check in ckpt_fill_fname()).
| > 
| > It can be argued, 'foo' is not a strict container (since it shares the
| > fd with another container).  For this reason, we currently need the
| > CHECKPOINT_SUBTREE flag in lxc-checkpoint.
| > 
| > We initially thought that solving mount-namespaces will solve this, but
| > realized that they are both separate problems. Mount-namespace C/R addresses
| > preserving the mounts within the container and /tmp/xyz.out is outside
| > the container.
| > 
| > So if an application container needs to redirect stdio as above, we should
| > either 
| > 	a) disable/ignore the alien-mount-ns check or 
| > 
| > 	b) try and start the application something like:
| > 
| > 		$ cat /tmp/wrapper
| > 		/path/to/app > /tmp/xyz.out 2>&1
| > 
| > 		$ lxc-execute --name foo --  /tmp/wrapper

Re: C/R and stdio redirection

On 05/10/10 22:50 -0700, Sukadev Bhattiprolu wrote:
> Greg Kurz [gkurz@...] wrote:
> | On Tue, 2010-09-07 at 13:03 -0700, Sukadev Bhattiprolu wrote:
> | > Suppose we create a container and redirect its stdout/stderr as follows:
> | > 
> | > 	lxc-execute -name foo -- /path/to/app > /tmp/xyz.out 2>&1
> | > 
> | > If we attempt to checkpoint the container 'foo', we fail bc one of the
> | > fds in the application refers to /tmp/xyz.out, which is also in use
> | > outside the container (specifically sys_checkpoint() fails due to the
> | > "alien mount ns" check in ckpt_fill_fname()).
> | > 
> | > It can be argued, 'foo' is not a strict container (since it shares the
> | > fd with another container).  For this reason, we currently need the
> | > CHECKPOINT_SUBTREE flag in lxc-checkpoint.
> | > 
> | > We initially thought that solving mount-namespaces will solve this, but
> | > realized that they are both separate problems. Mount-namespace C/R addresses
> | > preserving the mounts within the container and /tmp/xyz.out is outside
> | > the container.
> | > 
> | > So if an application container needs to redirect stdio as above, we should
> | > either 
> | > 	a) disable/ignore the alien-mount-ns check or 
> | > 
> | > 	b) try and start the application something like:
> | > 
> | > 		$ cat /tmp/wrapper
> | > 		/path/to/app > /tmp/xyz.out 2>&1
> | >