Merge tag 'vfs-6.13.rust.pid_namespace' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs

Pull pid_namespace rust bindings from Christian Brauner:
 "This contains my Rust bindings for pid namespaces needed for various
  rust drivers. Here's a description of the basic C semantics and how
  they are mapped to Rust.

  The pid namespace of a task doesn't ever change once the task is
  alive. A unshare(CLONE_NEWPID) or setns(fd_pidns/pidfd, CLONE_NEWPID)
  will not have an effect on the calling task's pid namespace. It will
  only effect the pid namespace of children created by the calling task.
  This invariant guarantees that after having acquired a reference to a
  task's pid namespace it will remain unchanged.

  When a task has exited and been reaped release_task() will be called.
  This will set the pid namespace of the task to NULL. So retrieving the
  pid namespace of a task that is dead will return NULL. Note, that
  neither holding the RCU lock nor holding a reference count to the task
  will prevent release_task() from being called.

  In order to retrieve the pid namespace of a task the
  task_active_pid_ns() function can be used. There are two cases to
  consider:

   (1) retrieving the pid namespace of the current task
   (2) retrieving the pid namespace of a non-current task

  From system call context retrieving the pid namespace for case (1) is
  always safe and requires neither RCU locking nor a reference count to
  be held. Retrieving the pid namespace after release_task() for current
  will return NULL but no codepath like that is exposed to Rust.

  Retrieving the pid namespace from system call context for (2) requires
  RCU protection. Accessing a pid namespace outside of RCU protection
  requires a reference count that must've been acquired while holding
  the RCU lock. Note that accessing a non-current task means NULL can be
  returned as the non-current task could have already passed through
  release_task().

  To retrieve (1) the current_pid_ns!() macro should be used. It ensures
  that the returned pid namespace cannot outlive the calling scope. The
  associated current_pid_ns() function should not be called directly as
  it could be abused to created an unbounded lifetime for the pid
  namespace. The current_pid_ns!() macro allows Rust to handle the
  common case of accessing current's pid namespace without RCU
  protection and without having to acquire a reference count.

  For (2) the task_get_pid_ns() method must be used. This will always
  acquire a reference on the pid namespace and will return an Option to
  force the caller to explicitly handle the case where pid namespace is
  None. Something that tends to be forgotten when doing the equivalent
  operation in C.

  Missing RCU primitives make it difficult to perform operations that
  are otherwise safe without holding a reference count as long as RCU
  protection is guaranteed. But it is not important currently. But we do
  want it in the future.

  Note that for (2) the required RCU protection around calling
  task_active_pid_ns() synchronizes against putting the last reference
  of the associated struct pid of task->thread_pid. The struct pid
  stored in that field is used to retrieve the pid namespace of the
  caller. When release_task() is called task->thread_pid will be NULLed
  and put_pid() on said struct pid will be delayed in free_pid() via
  call_rcu() allowing everyone with an RCU protected access to the
  struct pid acquired from task->thread_pid to finish"

* tag 'vfs-6.13.rust.pid_namespace' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs:
  rust: add PidNamespace

1 files changed, 1 insertions, 0 deletions

diff --git a/rust/helpers/helpers.c b/rust/helpers/helpers.c
index 463b970154de..61102cdb2b43 100644
--- a/rust/helpers/helpers.c
+++ b/rust/helpers/helpers.c
@@ -18,6 +18,7 @@
 #include "kunit.c"
 #include "mutex.c"
 #include "page.c"
+#include "pid_namespace.c"
 #include "rbtree.c"
 #include "refcount.c"
 #include "security.c"