From f8f7bcf2a39969608ff6299ac74b5ff3612815e8 Mon Sep 17 00:00:00 2001 From: LoGin Date: Sat, 28 Jun 2025 21:20:21 +0800 Subject: [PATCH] refactor: Remove namespace related code (#1218) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * 删除mnt namespace * 移除Namespace代码 Signed-off-by: longjin * 删除Namespace相关文档 Signed-off-by: longjin --------- Signed-off-by: longjin --- docs/kernel/container/index.rst | 3 - docs/kernel/container/namespaces/index.rst | 14 - .../container/namespaces/mnt_namespace.md | 19 -- .../container/namespaces/pid_namespace.md | 23 -- .../en/kernel/container/namespaces/index.rst | 28 -- .../container/namespaces/mnt_namespace.md | 33 --- .../container/namespaces/pid_namespace.md | 38 --- kernel/src/filesystem/fs.rs | 66 +++++ kernel/src/filesystem/mod.rs | 1 + kernel/src/init/initial_kthread.rs | 2 - kernel/src/lib.rs | 1 - kernel/src/namespaces/mnt_namespace.rs | 243 ---------------- kernel/src/namespaces/mod.rs | 92 ------ kernel/src/namespaces/namespace.rs | 120 -------- kernel/src/namespaces/pid_namespace.rs | 273 ------------------ kernel/src/namespaces/syscall.rs | 50 ---- kernel/src/namespaces/ucount.rs | 187 ------------ kernel/src/namespaces/user_namespace.rs | 135 --------- kernel/src/process/fork.rs | 41 --- kernel/src/process/mod.rs | 22 +- kernel/src/syscall/mod.rs | 2 +- 21 files changed, 69 insertions(+), 1324 deletions(-) delete mode 100644 docs/kernel/container/namespaces/index.rst delete mode 100644 docs/kernel/container/namespaces/mnt_namespace.md delete mode 100644 docs/kernel/container/namespaces/pid_namespace.md delete mode 100644 docs/locales/en/kernel/container/namespaces/index.rst delete mode 100644 docs/locales/en/kernel/container/namespaces/mnt_namespace.md delete mode 100644 docs/locales/en/kernel/container/namespaces/pid_namespace.md create mode 100644 kernel/src/filesystem/fs.rs delete mode 100644 kernel/src/namespaces/mnt_namespace.rs delete mode 100644 kernel/src/namespaces/mod.rs delete mode 100644 kernel/src/namespaces/namespace.rs delete mode 100644 kernel/src/namespaces/pid_namespace.rs delete mode 100644 kernel/src/namespaces/syscall.rs delete mode 100644 kernel/src/namespaces/ucount.rs delete mode 100644 kernel/src/namespaces/user_namespace.rs diff --git a/docs/kernel/container/index.rst b/docs/kernel/container/index.rst index 852b33cbb..a176a9076 100644 --- a/docs/kernel/container/index.rst +++ b/docs/kernel/container/index.rst @@ -3,11 +3,8 @@ ==================================== 这里是DragonOS中,与容器化相关的说明文档。 - - 主要包括namespace,overlayfs和cgroup .. toctree:: :maxdepth: 2 - namespaces/index ../filesystem/unionfs/index diff --git a/docs/kernel/container/namespaces/index.rst b/docs/kernel/container/namespaces/index.rst deleted file mode 100644 index 886f28412..000000000 --- a/docs/kernel/container/namespaces/index.rst +++ /dev/null @@ -1,14 +0,0 @@ -==================================== -命名空间 -==================================== - -DragonOS的namespaces目前支持pid_namespace和mnt_namespace 预计之后会继续完善 -namespace是容器化实现过程中的重要组成部分 - -由于目前os是单用户,user_namespace为全局静态 - -.. toctree:: - :maxdepth: 1 - - pid_namespace - mnt_namespace diff --git a/docs/kernel/container/namespaces/mnt_namespace.md b/docs/kernel/container/namespaces/mnt_namespace.md deleted file mode 100644 index 2a8cacf70..000000000 --- a/docs/kernel/container/namespaces/mnt_namespace.md +++ /dev/null @@ -1,19 +0,0 @@ -# 挂载命名空间 - -## 底层架构 - -pcb -> nsproxy -> mnt_namespace - -每一个挂载文件系统都有自立独立的挂载点,表现在数据结构上是一个挂载的红黑树,每一个命名空间中挂载是独立的,所以文件系统的挂载和卸载不会影响别的 - -## 系统调用接口 - - -- clone - - CLONE_NEWNS用于创建一个新的 MNT 命名空间。提供独立的文件系统挂载点 -- unshare - - 使用 CLONE_NEWPID 标志调用 unshare() 后,后续创建的所有子进程都将在新的命名空间中运行。 -- setns - - 将进程加入到指定的命名空间 -- chroot - - 将当前进程的根目录更改为指定的路径,提供文件系统隔离。 \ No newline at end of file diff --git a/docs/kernel/container/namespaces/pid_namespace.md b/docs/kernel/container/namespaces/pid_namespace.md deleted file mode 100644 index eaa7a3fe7..000000000 --- a/docs/kernel/container/namespaces/pid_namespace.md +++ /dev/null @@ -1,23 +0,0 @@ -# 进程命名空间 -:::{note} 本文作者:操丰毅 1553389239@qq.com - -2024年10月30日 -::: - -pid_namespace 是内核中的一种命名空间,用于实现进程隔离,允许在不同的命名空间中运行的进程有独立的pid视图 - -## 底层架构 - -pcb -> nsproxy -> pid_namespace -- pid_namespace 内有独立的一套进程分配器,以及孤儿进程回收器,独立管理内部的pid -- 不同进程的详细信息都存放在proc文件系统中,里面的找到对应的pid号里面的信息都在pid中,记录的是pid_namespace中的信息 -- pid_namespace等限制由ucount来控制管理 - -## 系统调用接口 - -- clone - - CLONE_NEWPID用于创建一个新的 PID 命名空间。使用这个标志时,子进程将在新的 PID 命名空间内运行,进程 ID 从 1 开始。 -- unshare - - 使用 CLONE_NEWPID 标志调用 unshare() 后,后续创建的所有子进程都将在新的命名空间中运行。 -- getpid - - 在命名空间中调用 getpid() 会返回进程在当前 PID 命名空间中的进程 ID \ No newline at end of file diff --git a/docs/locales/en/kernel/container/namespaces/index.rst b/docs/locales/en/kernel/container/namespaces/index.rst deleted file mode 100644 index 61c4ee437..000000000 --- a/docs/locales/en/kernel/container/namespaces/index.rst +++ /dev/null @@ -1,28 +0,0 @@ -.. note:: AI Translation Notice - - This document was automatically translated by `Qwen/Qwen3-8B` model, for reference only. - - - Source document: kernel/container/namespaces/index.rst - - - Translation time: 2025-05-19 01:41:19 - - - Translation model: `Qwen/Qwen3-8B` - - - Please report issues via `Community Channel `_ - -==================================== -Namespaces -==================================== - -DragonOS's namespaces currently support pid_namespace and mnt_namespace, and more features are expected to be added in the future. - -Namespaces are an important component in the process of containerization. - -Since the current OS is single-user, user_namespace is globally static. - -.. toctree:: - :maxdepth: 1 - - pid_namespace - mnt_namespace diff --git a/docs/locales/en/kernel/container/namespaces/mnt_namespace.md b/docs/locales/en/kernel/container/namespaces/mnt_namespace.md deleted file mode 100644 index ac145e8dc..000000000 --- a/docs/locales/en/kernel/container/namespaces/mnt_namespace.md +++ /dev/null @@ -1,33 +0,0 @@ -:::{note} -**AI Translation Notice** - -This document was automatically translated by `Qwen/Qwen3-8B` model, for reference only. - -- Source document: kernel/container/namespaces/mnt_namespace.md - -- Translation time: 2025-05-19 01:41:19 - -- Translation model: `Qwen/Qwen3-8B` - -Please report issues via [Community Channel](https://github.com/DragonOS-Community/DragonOS/issues) - -::: - -# Mount Namespace - -## Underlying Architecture - -pcb -> nsproxy -> mnt_namespace - -Each mounted file system has its own independent mount point, which is represented in the data structure as a red-black tree of mounts. Each namespace has its own independent mounts, so mounting and unmounting file systems will not affect others. - -## System Call Interface - -- clone - - CLONE_NEWNS is used to create a new MNT namespace. It provides an independent file system mount point. -- unshare - - After calling unshare() with the CLONE_NEWPID flag, all subsequent child processes will run in the new namespace. -- setns - - Adds the process to the specified namespace. -- chroot - - Changes the current process's root directory to the specified path, providing file system isolation. diff --git a/docs/locales/en/kernel/container/namespaces/pid_namespace.md b/docs/locales/en/kernel/container/namespaces/pid_namespace.md deleted file mode 100644 index 6da5823d7..000000000 --- a/docs/locales/en/kernel/container/namespaces/pid_namespace.md +++ /dev/null @@ -1,38 +0,0 @@ -:::{note} -**AI Translation Notice** - -This document was automatically translated by `Qwen/Qwen3-8B` model, for reference only. - -- Source document: kernel/container/namespaces/pid_namespace.md - -- Translation time: 2025-05-19 01:41:31 - -- Translation model: `Qwen/Qwen3-8B` - -Please report issues via [Community Channel](https://github.com/DragonOS-Community/DragonOS/issues) - -::: - -# Process Namespace -:::{note} Author: Cao Fengyi 1553389239@qq.com - -October 30, 2024 -::: - -`pid_namespace` is a type of namespace in the kernel that is used to achieve process isolation. It allows processes running in different namespaces to have independent views of process IDs (PIDs). - -## Underlying Architecture - -pcb -> nsproxy -> pid_namespace -- `pid_namespace` contains an independent set of process allocators and an orphan process reaper, which independently manages PIDs within the namespace. -- Detailed information about processes is stored in the proc file system. The information corresponding to a specific PID is located within the `pid_namespace`, recording information related to the `pid_namespace`. -- The limitations imposed by `pid_namespace` are controlled and managed by `ucount`. - -## System Call Interface - -- `clone` - - `CLONE_NEWPID` is used to create a new PID namespace. When this flag is used, the child process will run in the new PID namespace, with the process ID starting from 1. -- `unshare` - - After calling `unshare()` with the `CLONE_NEWPID` flag, all subsequent child processes will run within the new namespace. -- `getpid` - - Calling `getpid()` within a namespace returns the process ID of the process within the current PID namespace. diff --git a/kernel/src/filesystem/fs.rs b/kernel/src/filesystem/fs.rs new file mode 100644 index 000000000..1a2d4bf27 --- /dev/null +++ b/kernel/src/filesystem/fs.rs @@ -0,0 +1,66 @@ +use alloc::sync::Arc; + +use crate::filesystem::vfs::syscall::ModeType; +use crate::filesystem::vfs::IndexNode; +use crate::filesystem::vfs::ROOT_INODE; +use crate::libs::rwlock::RwLock; +#[derive(Debug, Clone)] +struct PathContext { + root: Arc, + pwd: Arc, +} + +impl PathContext { + pub fn new() -> Self { + Self { + root: ROOT_INODE(), + pwd: ROOT_INODE(), + } + } +} + +#[derive(Debug)] +pub struct FsStruct { + umask: ModeType, //文件权限掩码 + path_context: RwLock, +} + +impl Clone for FsStruct { + fn clone(&self) -> Self { + Self { + umask: self.umask, + path_context: RwLock::new(self.path_context.read().clone()), + } + } +} + +impl Default for FsStruct { + fn default() -> Self { + Self::new() + } +} + +impl FsStruct { + pub fn new() -> Self { + Self { + umask: ModeType::S_IWUGO, + path_context: RwLock::new(PathContext::new()), + } + } + + pub fn set_root(&self, inode: Arc) { + self.path_context.write().root = inode; + } + + pub fn set_pwd(&self, inode: Arc) { + self.path_context.write().pwd = inode; + } + + pub fn pwd(&self) -> Arc { + self.path_context.read().pwd.clone() + } + + pub fn root(&self) -> Arc { + self.path_context.read().root.clone() + } +} diff --git a/kernel/src/filesystem/mod.rs b/kernel/src/filesystem/mod.rs index 2b9e836b6..a0dc39e5e 100644 --- a/kernel/src/filesystem/mod.rs +++ b/kernel/src/filesystem/mod.rs @@ -3,6 +3,7 @@ pub mod devpts; pub mod epoll; pub mod eventfd; pub mod fat; +pub mod fs; pub mod kernfs; pub mod mbr; pub mod overlayfs; diff --git a/kernel/src/init/initial_kthread.rs b/kernel/src/init/initial_kthread.rs index 10a8fdc8e..74001ef51 100644 --- a/kernel/src/init/initial_kthread.rs +++ b/kernel/src/init/initial_kthread.rs @@ -10,7 +10,6 @@ use crate::{ arch::{interrupt::TrapFrame, process::arch_switch_to_user}, driver::net::e1000e::e1000e::e1000e_init, filesystem::vfs::vcore::mount_root_fs, - namespaces::NsProxy, net::net_core::net_init, process::{ exec::ProcInitInfo, execve::do_execve, kthread::KernelThreadMechanism, stdio::stdio_init, @@ -160,7 +159,6 @@ fn run_init_process( trap_frame: &mut TrapFrame, ) -> Result<(), SystemError> { compiler_fence(Ordering::SeqCst); - ProcessManager::current_pcb().set_nsproxy(NsProxy::new()); // 初始化init进程的namespace let path = proc_init_info.proc_name.to_str().unwrap(); do_execve( diff --git a/kernel/src/lib.rs b/kernel/src/lib.rs index b7d370467..bd1399a14 100644 --- a/kernel/src/lib.rs +++ b/kernel/src/lib.rs @@ -67,7 +67,6 @@ mod init; mod ipc; mod misc; mod mm; -mod namespaces; mod net; mod perf; mod process; diff --git a/kernel/src/namespaces/mnt_namespace.rs b/kernel/src/namespaces/mnt_namespace.rs deleted file mode 100644 index 819545862..000000000 --- a/kernel/src/namespaces/mnt_namespace.rs +++ /dev/null @@ -1,243 +0,0 @@ -#![allow(dead_code, unused_variables, unused_imports)] -use core::sync::atomic::AtomicU64; -use core::sync::atomic::Ordering; - -use alloc::boxed::Box; -use alloc::string::ToString; - -use alloc::string::String; - -use alloc::sync::Arc; -use system_error::SystemError; - -use super::namespace::Namespace; -use super::namespace::NsOperations; -use super::ucount::Ucount::MntNamespaces; -use super::{namespace::NsCommon, ucount::UCounts, user_namespace::UserNamespace}; -use crate::container_of; -use crate::filesystem::vfs::mount::MountFSInode; -use crate::filesystem::vfs::syscall::ModeType; -use crate::filesystem::vfs::IndexNode; -use crate::filesystem::vfs::InodeId; -use crate::filesystem::vfs::MountFS; -use crate::filesystem::vfs::ROOT_INODE; -use crate::libs::rbtree::RBTree; -use crate::libs::rwlock::RwLock; -use crate::libs::wait_queue::WaitQueue; -use crate::process::fork::CloneFlags; -use crate::process::geteuid::do_geteuid; -use crate::process::ProcessManager; -#[allow(dead_code)] -#[derive(Debug)] -pub struct MntNamespace { - /// namespace 共有的部分 - ns_common: Arc, - /// 关联的用户名字空间 - user_ns: Arc, - /// 资源计数器 - ucounts: Arc, - /// 根文件系统 - root: Option>, - /// 红黑树用于挂载所有挂载点 - mounts: RBTree, - /// 等待队列 - poll: WaitQueue, - /// 挂载序列号 - seq: AtomicU64, - /// 挂载点的数量 - nr_mounts: u32, - /// 待处理的挂载点 - pending_mounts: u32, -} - -impl Default for MntNamespace { - fn default() -> Self { - Self::new() - } -} - -#[derive(Debug)] -struct MntNsOperations { - name: String, - clone_flags: CloneFlags, -} - -#[derive(Debug, Clone)] -struct PathContext { - root: Arc, - pwd: Arc, -} - -impl PathContext { - pub fn new() -> Self { - Self { - root: ROOT_INODE(), - pwd: ROOT_INODE(), - } - } -} - -#[derive(Debug)] -pub struct FsStruct { - umask: ModeType, //文件权限掩码 - path_context: RwLock, -} - -impl Clone for FsStruct { - fn clone(&self) -> Self { - Self { - umask: self.umask, - path_context: RwLock::new(self.path_context.read().clone()), - } - } -} - -impl Default for FsStruct { - fn default() -> Self { - Self::new() - } -} - -impl FsStruct { - pub fn new() -> Self { - Self { - umask: ModeType::S_IWUGO, - path_context: RwLock::new(PathContext::new()), - } - } - - pub fn set_root(&self, inode: Arc) { - self.path_context.write().root = inode; - } - - pub fn set_pwd(&self, inode: Arc) { - self.path_context.write().pwd = inode; - } - - pub fn pwd(&self) -> Arc { - self.path_context.read().pwd.clone() - } - - pub fn root(&self) -> Arc { - self.path_context.read().root.clone() - } -} - -impl Namespace for MntNamespace { - fn ns_common_to_ns(ns_common: Arc) -> Arc { - let ns_common_ptr = Arc::as_ptr(&ns_common); - // container_of!(ns_common_ptr, MntNamespace, ns_common) - panic!("not implemented") - } -} - -impl MntNsOperations { - pub fn new(name: String) -> Self { - Self { - name, - clone_flags: CloneFlags::CLONE_NEWNS, - } - } -} - -impl NsOperations for MntNsOperations { - fn get(&self, pid: crate::process::Pid) -> Option> { - let pcb = ProcessManager::find(pid); - pcb.map(|pcb| pcb.get_nsproxy().read().mnt_namespace.ns_common.clone()) - } - // 不存在这个方法 - fn get_parent(&self, _ns_common: Arc) -> Result, SystemError> { - unreachable!() - } - fn install( - &self, - nsset: &mut super::NsSet, - ns_common: Arc, - ) -> Result<(), SystemError> { - let nsproxy = &mut nsset.nsproxy; - let mnt_ns = MntNamespace::ns_common_to_ns(ns_common); - if mnt_ns.is_anon_ns() { - return Err(SystemError::EINVAL); - } - nsproxy.mnt_namespace = mnt_ns; - - let guard = nsset.fs.write(); - guard.set_pwd(ROOT_INODE()); - guard.set_root(ROOT_INODE()); - - Ok(()) - } - fn owner(&self, ns_common: Arc) -> Arc { - let mnt_ns = MntNamespace::ns_common_to_ns(ns_common); - mnt_ns.user_ns.clone() - } - fn put(&self, ns_common: Arc) { - let pid_ns = MntNamespace::ns_common_to_ns(ns_common); - } -} -impl MntNamespace { - pub fn new() -> Self { - let ns_common = Arc::new(NsCommon::new(Box::new(MntNsOperations::new( - "mnt".to_string(), - )))); - - Self { - ns_common, - user_ns: Arc::new(UserNamespace::new()), - ucounts: Arc::new(UCounts::new()), - root: None, - mounts: RBTree::new(), - poll: WaitQueue::default(), - seq: AtomicU64::new(0), - nr_mounts: 0, - pending_mounts: 0, - } - } - /// anon 用来判断是否是匿名的.匿名函数的问题还需要考虑 - pub fn create_mnt_namespace( - &self, - user_ns: Arc, - anon: bool, - ) -> Result { - let ucounts = self.inc_mnt_namespace(user_ns.clone())?; - if ucounts.is_none() { - return Err(SystemError::ENOSPC); - } - let ucounts = ucounts.unwrap(); - let ns_common = Arc::new(NsCommon::new(Box::new(MntNsOperations::new( - "mnt".to_string(), - )))); - let seq = AtomicU64::new(0); - if !anon { - seq.fetch_add(1, core::sync::atomic::Ordering::SeqCst); - } - Ok(Self { - ns_common, - user_ns, - ucounts, - root: None, - mounts: RBTree::new(), - poll: WaitQueue::default(), - seq, - nr_mounts: 0, - pending_mounts: 0, - }) - } - - pub fn inc_mnt_namespace( - &self, - user_ns: Arc, - ) -> Result>, SystemError> { - Ok(self - .ucounts - .inc_ucounts(user_ns, do_geteuid()?, MntNamespaces)) - } - - pub fn dec_mnt_namespace(&self, uc: Arc) { - UCounts::dec_ucount(uc, super::ucount::Ucount::MntNamespaces) - } - //判断是不是匿名空间 - pub fn is_anon_ns(&self) -> bool { - self.seq.load(Ordering::SeqCst) == 0 - } -} diff --git a/kernel/src/namespaces/mod.rs b/kernel/src/namespaces/mod.rs deleted file mode 100644 index 51ead2c69..000000000 --- a/kernel/src/namespaces/mod.rs +++ /dev/null @@ -1,92 +0,0 @@ -use alloc::sync::Arc; -use mnt_namespace::{FsStruct, MntNamespace}; -use pid_namespace::PidNamespace; -use system_error::SystemError; -use user_namespace::UserNamespace; - -use crate::{ - libs::rwlock::RwLock, - process::{fork::CloneFlags, ProcessControlBlock}, -}; - -pub mod mnt_namespace; -pub mod namespace; -pub mod pid_namespace; -pub mod syscall; -pub mod ucount; -pub mod user_namespace; - -/// 管理 namespace,包含了所有namespace的信息 -pub struct NsSet { - flags: u64, - nsproxy: NsProxy, - pub fs: RwLock>, -} - -#[derive(Debug, Clone)] -pub struct NsProxy { - pub pid_namespace: Arc, - pub mnt_namespace: Arc, -} -impl Default for NsProxy { - fn default() -> Self { - Self::new() - } -} - -impl NsProxy { - pub fn new() -> Self { - Self { - pid_namespace: Arc::new(PidNamespace::new()), - mnt_namespace: Arc::new(MntNamespace::new()), - } - } - pub fn set_pid_namespace(&mut self, new_pid_ns: Arc) { - self.pid_namespace = new_pid_ns; - } - - pub fn set_mnt_namespace(&mut self, new_mnt_ns: Arc) { - self.mnt_namespace = new_mnt_ns; - } -} - -pub fn create_new_namespaces( - clone_flags: u64, - pcb: &Arc, - user_ns: Arc, -) -> Result { - let mut nsproxy = NsProxy::new(); - // pid_namespace - let new_pid_ns = if (clone_flags & CloneFlags::CLONE_NEWPID.bits()) != 0 { - Arc::new(PidNamespace::new().create_pid_namespace( - pcb.get_nsproxy().read().pid_namespace.clone(), - user_ns.clone(), - )?) - } else { - pcb.get_nsproxy().read().pid_namespace.clone() - }; - nsproxy.set_pid_namespace(new_pid_ns); - - // mnt_namespace - let new_mnt_ns = if clone_flags & CloneFlags::CLONE_NEWNS.bits() != 0 { - Arc::new(MntNamespace::new().create_mnt_namespace(user_ns.clone(), false)?) - } else { - pcb.get_nsproxy().read().mnt_namespace.clone() - }; - nsproxy.set_mnt_namespace(new_mnt_ns); - - Ok(nsproxy) -} - -#[macro_export] -macro_rules! container_of { - ($ptr:expr, $struct:path, $field:ident) => { - unsafe { - let dummy = core::mem::MaybeUninit::<$struct>::uninit(); - let dummy_ptr = dummy.as_ptr(); - let field_ptr = &(*dummy_ptr).$field as *const _ as usize; - let offset = field_ptr - dummy_ptr as usize; - Arc::from_raw(($ptr as *const u8).wrapping_sub(offset) as *mut $struct) - } - }; -} diff --git a/kernel/src/namespaces/namespace.rs b/kernel/src/namespaces/namespace.rs deleted file mode 100644 index f4b77880e..000000000 --- a/kernel/src/namespaces/namespace.rs +++ /dev/null @@ -1,120 +0,0 @@ -#![allow(dead_code, unused_variables, unused_imports)] -use core::fmt::Debug; - -use crate::filesystem::procfs::ProcFSInode; -use crate::filesystem::vfs::{IndexNode, ROOT_INODE}; -use crate::libs::rwlock::RwLock; -use crate::namespaces::user_namespace::UserNamespace; -use crate::process::fork::CloneFlags; -use crate::process::{Pid, ProcessControlBlock, ProcessManager}; -use alloc::boxed::Box; -use alloc::sync::Arc; -use system_error::SystemError; - -// 目前无credit功能,采用全局静态的user_namespace -lazy_static! { - pub static ref USER_NS: Arc = Arc::new(UserNamespace::new()); -} -use super::{create_new_namespaces, NsProxy, NsSet}; -pub trait NsOperations: Send + Sync + Debug { - fn get(&self, pid: Pid) -> Option>; - fn put(&self, ns_common: Arc); - fn install(&self, nsset: &mut NsSet, ns_common: Arc) -> Result<(), SystemError>; - fn owner(&self, ns_common: Arc) -> Arc; - fn get_parent(&self, ns_common: Arc) -> Result, SystemError>; -} -#[derive(Debug)] -pub struct NsCommon { - ops: Box, - stashed: Arc, -} - -impl NsCommon { - pub fn new(ops: Box) -> Self { - let inode = ROOT_INODE().find("proc").unwrap_or_else(|_| ROOT_INODE()); - Self { - ops, - stashed: inode, - } - } -} - -pub enum NsType { - Pid, - User, - Uts, - Ipc, - Net, - Mnt, - Cgroup, - Time, -} - -pub trait Namespace { - fn ns_common_to_ns(ns_common: Arc) -> Arc; -} - -pub fn check_unshare_flags(unshare_flags: u64) -> Result { - let valid_flags = CloneFlags::CLONE_THREAD - | CloneFlags::CLONE_FS - | CloneFlags::CLONE_NEWNS - | CloneFlags::CLONE_SIGHAND - | CloneFlags::CLONE_VM - | CloneFlags::CLONE_FILES - | CloneFlags::CLONE_SYSVSEM - | CloneFlags::CLONE_NEWUTS - | CloneFlags::CLONE_NEWIPC - | CloneFlags::CLONE_NEWNET - | CloneFlags::CLONE_NEWUSER - | CloneFlags::CLONE_NEWPID - | CloneFlags::CLONE_NEWCGROUP; - - if unshare_flags & !valid_flags.bits() != 0 { - return Err(SystemError::EINVAL); - } - Ok(0) -} - -pub fn unshare_nsproxy_namespaces(unshare_flags: u64) -> Result, SystemError> { - if (unshare_flags - & (CloneFlags::CLONE_NEWNS.bits() - | CloneFlags::CLONE_NEWUTS.bits() - | CloneFlags::CLONE_NEWIPC.bits() - | CloneFlags::CLONE_NEWNET.bits() - | CloneFlags::CLONE_NEWPID.bits() - | CloneFlags::CLONE_NEWCGROUP.bits())) - == 0 - { - return Ok(None); - } - let current = ProcessManager::current_pid(); - let pcb = ProcessManager::find(current).unwrap(); - let new_nsproxy = create_new_namespaces(unshare_flags, &pcb, USER_NS.clone())?; - Ok(Some(new_nsproxy)) -} - -pub fn switch_task_namespace(pcb: Arc, new_nsproxy: NsProxy) { - let ns = pcb.get_nsproxy(); - pcb.set_nsproxy(new_nsproxy); -} - -pub fn prepare_nsset(flags: u64) -> Result { - let current = ProcessManager::current_pcb(); - Ok(NsSet { - flags, - fs: RwLock::new(current.fs_struct()), - nsproxy: create_new_namespaces(flags, ¤t, USER_NS.clone())?, - }) -} - -pub fn commit_nsset(nsset: NsSet) { - let flags = CloneFlags::from_bits_truncate(nsset.flags); - let current = ProcessManager::current_pcb(); - if flags.contains(CloneFlags::CLONE_NEWNS) { - let nsset_fs = nsset.fs.read(); - let fs = current.fs_struct_mut(); - fs.set_pwd(nsset_fs.pwd()); - fs.set_root(nsset_fs.root()); - } - switch_task_namespace(current, nsset.nsproxy); // 转移所有权 -} diff --git a/kernel/src/namespaces/pid_namespace.rs b/kernel/src/namespaces/pid_namespace.rs deleted file mode 100644 index f07a51bdb..000000000 --- a/kernel/src/namespaces/pid_namespace.rs +++ /dev/null @@ -1,273 +0,0 @@ -#![allow(dead_code, unused_variables, unused_imports)] -use alloc::vec::Vec; - -use super::namespace::Namespace; -use super::ucount::Ucount::PidNamespaces; -use super::NsSet; -use super::{namespace::NsCommon, ucount::UCounts, user_namespace::UserNamespace}; -use crate::container_of; -use crate::filesystem::vfs::{IndexNode, ROOT_INODE}; -use crate::namespaces::namespace::NsOperations; -use crate::process::fork::CloneFlags; -use crate::process::geteuid::do_geteuid; -use crate::process::ProcessManager; -use crate::{libs::rwlock::RwLock, process::Pid}; -use alloc::boxed::Box; -use alloc::string::String; -use alloc::string::ToString; -use alloc::sync::Arc; -use ida::IdAllocator; -use system_error::SystemError; -use system_error::SystemError::ENOSPC; - -const INT16_MAX: u32 = 32767; -const MAX_PID_NS_LEVEL: usize = 32; -const PIDNS_ADDING: u32 = 1 << 31; -const PID_MAX: usize = 4096; -static PID_IDA: ida::IdAllocator = ida::IdAllocator::new(1, usize::MAX).unwrap(); -#[derive(Debug)] -#[repr(C)] -pub struct PidNamespace { - id_alloctor: RwLock, - /// 已经分配的进程数 - pid_allocated: u32, - /// 当前的pid_namespace所在的层数 - pub level: usize, - /// 父命名空间 - parent: Option>, - /// 资源计数器 - ucounts: Arc, - /// 关联的用户namespace - user_ns: Arc, - /// 回收孤儿进程的init进程 - child_reaper: Arc>, - /// namespace共有部分 - pub ns_common: Arc, -} - -impl Default for PidNamespace { - fn default() -> Self { - Self::new() - } -} - -#[derive(Debug, Clone)] -pub struct PidStrcut { - pub level: usize, - pub numbers: Vec, - pub stashed: Arc, -} - -impl Default for PidStrcut { - fn default() -> Self { - Self::new() - } -} -#[derive(Debug, Clone)] -pub struct UPid { - pub nr: Pid, // 在该pid_namespace 中的pid - pub ns: Arc, -} - -impl PidStrcut { - pub fn new() -> Self { - Self { - level: 0, - numbers: vec![UPid { - nr: Pid::new(0), - ns: Arc::new(PidNamespace::new()), - }], - stashed: ROOT_INODE(), - } - } - - pub fn put_pid(pid: PidStrcut) { - let ns = pid.numbers[pid.level].ns.clone(); - let id = pid.numbers[pid.level].nr.data(); - ns.id_alloctor.write().free(id); - } - pub fn alloc_pid(ns: Arc, set_tid: Vec) -> Result { - let mut set_tid_size = set_tid.len(); - if set_tid_size > ns.level + 1 { - return Err(SystemError::EINVAL); - } - - let mut numbers = Vec::::with_capacity(ns.level + 1); - let mut tid_iter = set_tid.into_iter().rev(); - let mut pid_ns = ns.clone(); // 当前正在处理的命名空间 - for i in (0..=ns.level).rev() { - let tid = tid_iter.next().unwrap_or(0); - if set_tid_size > 0 { - if tid < 1 || tid > INT16_MAX as usize { - return Err(SystemError::EINVAL); - } - set_tid_size -= 1; - } - let mut nr = tid; - - if tid == 0 { - nr = pid_ns - .id_alloctor - .write() - .alloc() - .expect("PID allocation failed."); - } - - numbers.insert( - i, - UPid { - nr: Pid::from(nr), - ns: pid_ns.clone(), - }, - ); - - if let Some(parent_ns) = &pid_ns.parent { - pid_ns = parent_ns.clone(); - } else { - break; // 根命名空间,无需继续向上。 - } - } - Ok(PidStrcut { - level: ns.level, - numbers, - stashed: ROOT_INODE(), - }) - } - - pub fn ns_of_pid(&self) -> Arc { - self.numbers[self.level].ns.clone() - } -} -#[derive(Debug)] -struct PidNsOperations { - name: String, - clone_flags: CloneFlags, -} -impl PidNsOperations { - pub fn new(name: String) -> Self { - Self { - name, - clone_flags: CloneFlags::CLONE_NEWPID, - } - } -} -impl Namespace for PidNamespace { - fn ns_common_to_ns(ns_common: Arc) -> Arc { - container_of!(Arc::as_ptr(&ns_common), PidNamespace, ns_common) - } -} - -impl NsOperations for PidNsOperations { - fn put(&self, ns_common: Arc) { - let _pid_ns = PidNamespace::ns_common_to_ns(ns_common); - // pid_ns 超出作用域自动drop 同时递归drop - } - - fn owner(&self, ns_common: Arc) -> Arc { - let pid_ns = PidNamespace::ns_common_to_ns(ns_common); - pid_ns.user_ns.clone() - } - - fn get_parent(&self, ns_common: Arc) -> Result, SystemError> { - let current = ProcessManager::current_pid(); - let pcb = ProcessManager::find(current).unwrap(); - let active = pcb.pid_strcut().read().ns_of_pid(); - let mut pid_ns = &PidNamespace::ns_common_to_ns(ns_common).parent; - - while let Some(ns) = pid_ns { - if Arc::ptr_eq(&active, ns) { - return Ok(ns.ns_common.clone()); - } - pid_ns = &ns.parent; - } - Err(SystemError::EPERM) - } - - fn get(&self, pid: Pid) -> Option> { - let pcb = ProcessManager::find(pid); - pcb.map(|pcb| pcb.get_nsproxy().read().pid_namespace.ns_common.clone()) - } - fn install(&self, nsset: &mut NsSet, ns_common: Arc) -> Result<(), SystemError> { - let nsproxy = &mut nsset.nsproxy; - let current = ProcessManager::current_pid(); - let pcb = ProcessManager::find(current).unwrap(); - let active = pcb.pid_strcut().read().ns_of_pid(); - let mut pid_ns = PidNamespace::ns_common_to_ns(ns_common); - if pid_ns.level < active.level { - return Err(SystemError::EINVAL); - } - while pid_ns.level > active.level { - if let Some(ns) = &pid_ns.parent { - pid_ns = ns.clone(); - } else { - break; - } - } - if Arc::ptr_eq(&pid_ns, &active) { - return Err(SystemError::EINVAL); - } - nsproxy.pid_namespace = pid_ns.clone(); - Ok(()) - } -} -impl PidNamespace { - pub fn new() -> Self { - Self { - id_alloctor: RwLock::new(IdAllocator::new(1, PID_MAX).unwrap()), - pid_allocated: 1, - level: 0, - child_reaper: Arc::new(RwLock::new(Pid::from(1))), - parent: None, - ucounts: Arc::new(UCounts::new()), - user_ns: Arc::new(UserNamespace::new()), - ns_common: Arc::new(NsCommon::new(Box::new(PidNsOperations::new( - "pid".to_string(), - )))), - } - } - - pub fn create_pid_namespace( - &self, - parent: Arc, - user_ns: Arc, - ) -> Result { - let level = parent.level + 1; - if level > MAX_PID_NS_LEVEL { - return Err(ENOSPC); - } - let ucounts = self.inc_pid_namespaces(user_ns.clone())?; - - if ucounts.is_none() { - return Err(SystemError::ENOSPC); - } - let ucounts = ucounts.unwrap(); - - let ns_common = Arc::new(NsCommon::new(Box::new(PidNsOperations::new( - "pid".to_string(), - )))); - let child_reaper = parent.child_reaper.clone(); - Ok(Self { - id_alloctor: RwLock::new(IdAllocator::new(1, PID_MAX).unwrap()), - pid_allocated: PIDNS_ADDING, - level, - ucounts, - parent: Some(parent), - user_ns, - ns_common, - child_reaper, - }) - } - - pub fn inc_pid_namespaces( - &self, - user_ns: Arc, - ) -> Result>, SystemError> { - Ok(self - .ucounts - .inc_ucounts(user_ns, do_geteuid()?, PidNamespaces)) - } - - pub fn dec_pid_namespaces(&mut self, uc: Arc) { - UCounts::dec_ucount(uc, PidNamespaces) - } -} diff --git a/kernel/src/namespaces/syscall.rs b/kernel/src/namespaces/syscall.rs deleted file mode 100644 index baf32967a..000000000 --- a/kernel/src/namespaces/syscall.rs +++ /dev/null @@ -1,50 +0,0 @@ -use system_error::SystemError; - -use crate::{ - process::{fork::CloneFlags, ProcessManager}, - syscall::Syscall, -}; - -use super::namespace::{ - check_unshare_flags, commit_nsset, prepare_nsset, unshare_nsproxy_namespaces, -}; - -impl Syscall { - pub fn sys_unshare(mut unshare_flags: u64) -> Result { - if unshare_flags & CloneFlags::CLONE_NEWUSER.bits() != 0 { - unshare_flags |= CloneFlags::CLONE_THREAD.bits() | CloneFlags::CLONE_FS.bits(); - } - - if unshare_flags & CloneFlags::CLONE_VM.bits() != 0 { - unshare_flags |= CloneFlags::CLONE_SIGHAND.bits(); - } - - if unshare_flags & CloneFlags::CLONE_SIGHAND.bits() != 0 { - unshare_flags |= CloneFlags::CLONE_THREAD.bits(); - } - - if unshare_flags & CloneFlags::CLONE_NEWNS.bits() != 0 { - unshare_flags |= CloneFlags::CLONE_FS.bits(); - } - - let check = check_unshare_flags(unshare_flags)?; - - let current = ProcessManager::current_pcb(); - if let Some(nsproxy) = unshare_nsproxy_namespaces(unshare_flags)? { - *current.get_nsproxy().write() = nsproxy; - } - - Ok(check) - } - #[allow(dead_code)] - pub fn sys_setns(_fd: i32, flags: u64) -> Result { - let check = check_unshare_flags(flags)?; - - let nsset = prepare_nsset(flags)?; - - if check == 0 { - commit_nsset(nsset) - }; - Ok(0) - } -} diff --git a/kernel/src/namespaces/ucount.rs b/kernel/src/namespaces/ucount.rs deleted file mode 100644 index 358c8cef0..000000000 --- a/kernel/src/namespaces/ucount.rs +++ /dev/null @@ -1,187 +0,0 @@ -#![allow(dead_code, unused_variables, unused_imports)] -use alloc::vec::Vec; -use core::{hash::Hash, sync::atomic::AtomicU32}; -use system_error::SystemError; - -use alloc::sync::Arc; -use hashbrown::HashMap; -use log::warn; - -use super::user_namespace::UserNamespace; -use crate::libs::mutex::Mutex; - -#[derive(Clone, Copy)] -pub enum Ucount { - UserNamespaces = 1, - PidNamespaces = 2, - UtsNamespaces = 3, - IpcNamespaces = 4, - NetNamespaces = 5, - MntNamespaces = 6, - CgroupNamespaces = 7, - TimeNamespaces = 8, - Counts = 9, -} - -pub enum UcountRlimit { - Nproc = 1, - Msgqueue = 2, - Sigpending = 3, - Memlock = 4, - Counts = 5, -} - -lazy_static! { - static ref COUNT_MANAGER: Arc = Arc::new(CountManager::new()); -} - -#[derive(Debug)] -pub struct UCounts { - /// 对应的user_namespace - ns: Arc, - /// 用户标识符 - uid: usize, - count: AtomicU32, - ucount: Vec, //[AtomicU32; UCOUNT_COUNTS as usize], - rlimit: Vec, //[AtomicU32; UCOUNT_RLIMIT_COUNTS as usize], -} - -impl Default for UCounts { - fn default() -> Self { - Self::new() - } -} -impl UCounts { - pub fn new() -> Self { - Self { - ns: Arc::new(UserNamespace::new()), - uid: 0, - count: AtomicU32::new(1), - ucount: (0..Ucount::Counts as usize) - .map(|_| AtomicU32::new(0)) - .collect(), - rlimit: (0..UcountRlimit::Counts as usize) - .map(|_| AtomicU32::new(0)) - .collect(), - } - } - - fn alloc_ucounts(&self, ns: Arc, uid: usize) -> Arc { - let mut counts = COUNT_MANAGER.counts.lock(); - let key = UKey { - user_ns: ns.clone(), - uid, - }; - let uc = if let Some(uc) = counts.get(&key) { - self.count - .fetch_add(1, core::sync::atomic::Ordering::SeqCst); - uc.clone() - } else { - Arc::new(Self { - ns, - uid, - count: AtomicU32::new(1), - ucount: (0..Ucount::Counts as usize) - .map(|_| AtomicU32::new(0)) - .collect(), - rlimit: (0..UcountRlimit::Counts as usize) - .map(|_| AtomicU32::new(0)) - .collect(), - }) - }; - counts.insert(key, uc.clone()); - uc - } - - pub fn inc_ucounts( - &self, - user_ns: Arc, - uid: usize, - ucount_type: Ucount, - ) -> Option> { - let uc_type = ucount_type as usize; - let uc = self.alloc_ucounts(user_ns, uid); - let mut uc_iter = Some(uc.clone()); - let mut ucounts_add = vec![]; - while let Some(iter) = uc_iter { - let num = iter.ucount[uc_type].fetch_add(1, core::sync::atomic::Ordering::SeqCst); - ucounts_add.push(iter.clone()); - // 分配失败回滚 - if num > iter.ns.ucount_max[uc_type] { - for add_iter in &ucounts_add { - add_iter.ucount[uc_type].fetch_sub(1, core::sync::atomic::Ordering::SeqCst); - } - return None; - } - uc_iter = iter.ns.ucounts.clone(); - } - return Some(uc); - } - - fn find_ucounts(user_ns: Arc, uid: usize) -> Option> { - let counts = COUNT_MANAGER.counts.lock(); - let key = UKey { user_ns, uid }; - counts.get(&key).cloned() - } - - fn get_ucounts(uc: Arc) { - let mut counts = COUNT_MANAGER.counts.lock(); - let ukey = UKey { - user_ns: uc.ns.clone(), - uid: uc.uid, - }; - counts.insert(ukey, uc); - } - - pub fn dec_ucount(uc: Arc, ucount_type: Ucount) { - let mut uc_iter = Some(uc.clone()); - let uc_type = ucount_type as usize; - while let Some(iter) = uc_iter { - let num = iter.ucount[uc_type].fetch_sub(1, core::sync::atomic::Ordering::SeqCst); - if num == 0 { - warn!("count has reached zero"); - } - uc_iter = iter.ns.ucounts.clone(); - } - Self::put_ucounts(uc); - } - - fn put_ucounts(uc: Arc) { - let mut counts = COUNT_MANAGER.counts.lock(); - let key = UKey { - user_ns: uc.ns.clone(), - uid: uc.uid, - }; - counts.remove(&key); - } -} -struct UKey { - user_ns: Arc, - uid: usize, -} - -impl Hash for UKey { - fn hash(&self, state: &mut H) { - let user_ns_ptr = Arc::as_ptr(&self.user_ns); - user_ns_ptr.hash(state); - self.uid.hash(state) - } -} -impl Eq for UKey {} -impl PartialEq for UKey { - fn eq(&self, other: &Self) -> bool { - Arc::ptr_eq(&self.user_ns, &other.user_ns) && self.uid == other.uid - } -} - -struct CountManager { - counts: Mutex>>, -} - -impl CountManager { - fn new() -> Self { - Self { - counts: Mutex::new(HashMap::new()), - } - } -} diff --git a/kernel/src/namespaces/user_namespace.rs b/kernel/src/namespaces/user_namespace.rs deleted file mode 100644 index 2314ccfcb..000000000 --- a/kernel/src/namespaces/user_namespace.rs +++ /dev/null @@ -1,135 +0,0 @@ -#![allow(dead_code, unused_variables, unused_imports)] - -use alloc::boxed::Box; - -use crate::libs::rwlock::RwLock; -use alloc::string::String; -use alloc::string::ToString; - -use alloc::vec::Vec; -use system_error::SystemError; - -use crate::namespaces::namespace::NsCommon; -use crate::namespaces::ucount::UCounts; -use crate::process::fork::CloneFlags; -use crate::process::Pid; -use alloc::sync::Arc; - -use super::namespace::NsOperations; -use super::ucount::Ucount::Counts; - -const UID_GID_MAP_MAX_BASE_EXTENTS: usize = 5; -const UCOUNT_MAX: u32 = 62636; -/// 管理用户ID和组ID的映射 -#[allow(dead_code)] -#[derive(Clone, Debug)] -struct UidGidMap { - nr_extents: u32, - extent: Vec, -} - -///区间映射 -#[allow(dead_code)] -#[derive(Clone, Debug)] -struct UidGidExtent { - first: u32, - lower_first: u32, - count: u32, -} -#[derive(Debug)] -pub struct UserNamespace { - uid_map: UidGidMap, - gid_map: UidGidMap, - progid_map: UidGidMap, - ///项目ID映射 - parent: Option>, - level: u32, - owner: usize, - group: usize, - ns_common: Arc, - flags: u32, - pid: Arc>, - pub ucounts: Option>, - pub ucount_max: Vec, //vec![u32; UCOUNT_COUNTS as usize], - pub rlimit_max: Vec, // vec![u32; UCOUNT_RLIMIT_COUNTS as usize], -} - -impl Default for UserNamespace { - fn default() -> Self { - Self::new() - } -} -#[derive(Debug)] -struct UserNsOperations { - name: String, - clone_flags: CloneFlags, -} -impl UserNsOperations { - pub fn new(name: String) -> Self { - Self { - name, - clone_flags: CloneFlags::CLONE_NEWUSER, - } - } -} -impl NsOperations for UserNsOperations { - fn get(&self, pid: Pid) -> Option> { - unimplemented!() - } - fn get_parent(&self, ns_common: Arc) -> Result, SystemError> { - unimplemented!() - } - fn install( - &self, - nsset: &mut super::NsSet, - ns_common: Arc, - ) -> Result<(), SystemError> { - unimplemented!() - } - fn owner(&self, ns_common: Arc) -> Arc { - unimplemented!() - } - fn put(&self, ns_common: Arc) { - unimplemented!() - } -} -impl UidGidMap { - pub fn new() -> Self { - Self { - nr_extents: 1, - extent: vec![UidGidExtent::new(); UID_GID_MAP_MAX_BASE_EXTENTS], - } - } -} - -impl UidGidExtent { - pub fn new() -> Self { - Self { - first: 0, - lower_first: 0, - count: u32::MAX, - } - } -} - -impl UserNamespace { - pub fn new() -> Self { - Self { - uid_map: UidGidMap::new(), - gid_map: UidGidMap::new(), - progid_map: UidGidMap::new(), - owner: 0, - level: 0, - group: 0, - flags: 1, - parent: None, - ns_common: Arc::new(NsCommon::new(Box::new(UserNsOperations::new( - "User".to_string(), - )))), - pid: Arc::new(RwLock::new(Pid::new(1))), - ucount_max: vec![UCOUNT_MAX; Counts as usize], - ucounts: None, - rlimit_max: vec![65535, 10, 32000, 64 * 1024], - } - } -} diff --git a/kernel/src/process/fork.rs b/kernel/src/process/fork.rs index e1e345541..9f80004ab 100644 --- a/kernel/src/process/fork.rs +++ b/kernel/src/process/fork.rs @@ -11,7 +11,6 @@ use crate::{ ipc::signal::flush_signal_handlers, libs::rwlock::RwLock, mm::VirtAddr, - namespaces::{create_new_namespaces, namespace::USER_NS, pid_namespace::PidStrcut}, process::ProcessFlags, sched::{sched_cgroup_fork, sched_fork}, smp::core::smp_get_processor_id, @@ -255,34 +254,6 @@ impl ProcessManager { return Ok(()); } - #[inline(never)] - fn copy_namespaces( - clone_flags: &CloneFlags, - current_pcb: &Arc, - new_pcb: &Arc, - ) -> Result<(), SystemError> { - if !clone_flags.contains(CloneFlags::CLONE_NEWNS) - && !clone_flags.contains(CloneFlags::CLONE_NEWUTS) - && !clone_flags.contains(CloneFlags::CLONE_NEWIPC) - && !clone_flags.contains(CloneFlags::CLONE_NEWPID) - && !clone_flags.contains(CloneFlags::CLONE_NEWNET) - && !clone_flags.contains(CloneFlags::CLONE_NEWCGROUP) - { - new_pcb.set_nsproxy(current_pcb.get_nsproxy().read().clone()); - return Ok(()); - } - - if clone_flags.contains(CloneFlags::CLONE_NEWIPC) - && clone_flags.contains(CloneFlags::CLONE_SYSVSEM) - { - return Err(SystemError::EINVAL); - } - - let new_nsproxy = create_new_namespaces(clone_flags.bits(), current_pcb, USER_NS.clone())?; - *new_pcb.nsproxy.write() = new_nsproxy; - Ok(()) - } - #[inline(never)] fn copy_files( clone_flags: &CloneFlags, @@ -457,11 +428,6 @@ impl ProcessManager { ) }); - Self::copy_namespaces(&clone_flags, current_pcb, pcb).unwrap_or_else(|e|{ - panic!("fork: Failed to copy namespace form current process, current pid: [{:?}], new pid: [{:?}]. Error: {:?}", - current_pcb.pid(), pcb.pid(), e) - }); - // 拷贝文件描述符表 Self::copy_files(&clone_flags, current_pcb, pcb).unwrap_or_else(|e| { panic!( @@ -485,13 +451,6 @@ impl ProcessManager { current_pcb.pid(), pcb.pid(), e ) }); - if current_pcb.pid() != Pid(0) { - let new_pid = PidStrcut::alloc_pid( - pcb.get_nsproxy().read().pid_namespace.clone(), // 获取命名空间 - clone_args.set_tid.clone(), - )?; - *pcb.thread_pid.write() = new_pid; - } // log::debug!("fork: clone_flags: {:?}", clone_flags); // 设置线程组id、组长 diff --git a/kernel/src/process/mod.rs b/kernel/src/process/mod.rs index 5aa10643c..0562903ce 100644 --- a/kernel/src/process/mod.rs +++ b/kernel/src/process/mod.rs @@ -30,6 +30,7 @@ use crate::{ driver::tty::tty_core::TtyCore, exception::InterruptArch, filesystem::{ + fs::FsStruct, procfs::procfs_unregister_pid, vfs::{file::FileDescriptorVec, FileType, IndexNode}, }, @@ -56,7 +57,6 @@ use crate::{ ucontext::AddressSpace, PhysAddr, VirtAddr, }, - namespaces::{mnt_namespace::FsStruct, pid_namespace::PidStrcut, NsProxy}, net::socket::SocketInode, sched::{ completion::Completion, cpu_rq, fair::FairSchedEntity, prio::MAX_PRIO, DequeueFlag, @@ -697,8 +697,6 @@ pub struct ProcessControlBlock { pid: Pid, /// 当前进程的线程组id(这个值在同一个线程组内永远不变) tgid: Pid, - /// 有关Pid的相关的信息 - thread_pid: Arc>, basic: RwLock, /// 当前进程的自旋锁持有计数 preempt_count: AtomicUsize, @@ -745,9 +743,6 @@ pub struct ProcessControlBlock { /// 进程的robust lock列表 robust_list: RwLock>, - /// namespace的指针 - nsproxy: Arc>, - /// 进程作为主体的凭证集 cred: SpinLock, self_ref: Weak, @@ -826,7 +821,6 @@ impl ProcessControlBlock { let pcb = Self { pid, tgid: pid, - thread_pid: Arc::new(RwLock::new(PidStrcut::new())), basic: basic_info, preempt_count, flags, @@ -846,7 +840,6 @@ impl ProcessControlBlock { fs: RwLock::new(Arc::new(FsStruct::new())), alarm_timer: SpinLock::new(None), robust_list: RwLock::new(None), - nsproxy: Arc::new(RwLock::new(NsProxy::new())), cred: SpinLock::new(cred), self_ref: weak.clone(), restart_block: SpinLock::new(None), @@ -1021,11 +1014,6 @@ impl ProcessControlBlock { return self.pid; } - #[inline(always)] - pub fn pid_strcut(&self) -> Arc> { - self.thread_pid.clone() - } - #[inline(always)] pub fn tgid(&self) -> Pid { return self.tgid; @@ -1207,14 +1195,6 @@ impl ProcessControlBlock { return self.alarm_timer.lock_irqsave(); } - pub fn get_nsproxy(&self) -> Arc> { - self.nsproxy.clone() - } - - pub fn set_nsproxy(&self, nsprsy: NsProxy) { - *self.nsproxy.write() = nsprsy; - } - /// Exit fd table when process exit fn exit_files(&self) { // 关闭文件描述符表 diff --git a/kernel/src/syscall/mod.rs b/kernel/src/syscall/mod.rs index 13a58529b..cb46ec2a1 100644 --- a/kernel/src/syscall/mod.rs +++ b/kernel/src/syscall/mod.rs @@ -846,7 +846,7 @@ impl Syscall { let flags = args[1] as u32; Self::sys_eventfd(initval, flags) } - SYS_UNSHARE => Self::sys_unshare(args[0] as u64), + SYS_BPF => { let cmd = args[0] as u32; let attr = args[1] as *mut u8;