From: Oleg Nesterov <oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org
Cc: clg-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org,
"Eric W. Biederman"
<ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>,
Containers <containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>,
Nadia Derbey <Nadia.Derbey-6ktuUTfB/bM@public.gmane.org>,
Pavel Emelyanov <xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
Subject: Re: Signals to cinit
Date: Mon, 10 Nov 2008 18:38:39 +0100 [thread overview]
Message-ID: <20081110173839.GA11121@redhat.com> (raw)
In-Reply-To: <20081101180505.GA24268-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
On 11/01, sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org wrote:
>
> Other approaches to try ?
I think we should try to do something simple, even if not perfect. Because
most users do not care about this problem since they do not use containers
at all. It would be very sad to add intrusive changes to the code.
I think we should fix another problem first. send_signal()->copy_siginfo()
path must be changed anyway, when the signal comes from the parent ns we
report the "wrong" si_code/si_pid, yes? So, somehow send_signal() must
have "bool from_parent_ns" (or whatever) annyway.
Now, let's forget forget for a moment that send_signal()->__sigqueue_alloc()
can fail.
I think we should encode this "from_parent_ns" into "struct siginfo". I do
not think it is good idea to extend this structure, I think we can introduce
SI_FROM_PARENT_NS or we perhaps can use "SI_FROMUSER(info) && info->si_pid == 0".
Or something. yes, sys_rt_sigqueueinfo() is problematic...
Now, copy_process(CLONE_NEWPID) sets child->signal |= SIGNAL_UNKILLABLE, this
protects cinit from unwanted signals. Then we change get_signal_to_deliver()
- if (unlikely(signal->flags & SIGNAL_UNKILLABLE) &&
+ if (unlikely(signal->flags & SIGNAL_UNKILLABLE) && !siginfo_from_parent_ns(info)
and now we can kill cinit from parent ns. This needs more checks if we want
to stop/strace it, but perhaps this is enough for the start. Note that we
do not need to change complete_signal(), at least for now, the code under
"if (sig_fatal(p, sig)" is just optimization.
So, afaics, the only real problem is how we can handle the case when
__sigqueue_alloc() fails. I think for the start we can just return
-ENOMEM in this case (when from_parent_ns == T). Then we can improve
this behaviour. We can change complete_signal() to ensure that the
fatal signal from the upper ns always kills cinit, and in this case
we ignore the the failed __sigqueue_alloc(). This way at least SIGKILL
always works.
Yes, this is not perfect, and it is very possible I missed something
else. But simple.
Oleg.
next prev parent reply other threads:[~2008-11-10 17:38 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-01 18:05 Signals to cinit sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8
[not found] ` <20081101180505.GA24268-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-11-10 17:38 ` Oleg Nesterov [this message]
[not found] ` <20081110173839.GA11121-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2008-11-10 18:00 ` Oleg Nesterov
2008-11-10 19:32 ` Oleg Nesterov
2008-11-10 23:27 ` sukadev
2008-11-12 14:52 ` Oleg Nesterov
2008-11-12 16:12 ` Oleg Nesterov
2008-11-12 16:49 ` Serge E. Hallyn
2008-11-12 18:12 ` Sukadev Bhattiprolu
2008-11-12 19:06 ` Serge E. Hallyn
2008-11-11 2:24 ` sukadev
2008-11-12 15:05 ` Oleg Nesterov
2008-11-12 19:04 ` Sukadev Bhattiprolu
2008-11-14 17:26 ` Oleg Nesterov
2008-11-12 16:53 ` Serge E. Hallyn
2008-11-13 19:10 ` Sukadev Bhattiprolu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20081110173839.GA11121@redhat.com \
--to=oleg-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
--cc=Nadia.Derbey-6ktuUTfB/bM@public.gmane.org \
--cc=clg-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org \
--cc=xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.