From: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
To: Bastian Blank <bastian@waldi.eu.org>,
Greg Kurz <gkurz@fr.ibm.com>,
linux-kernel@vger.kernel.org, oleg@redhat.com,
ebiederm@xmission.com, containers@lists.osdl.org,
roland@redhat.com
Subject: Re: [RFC][PATCH 2/5] pid: Generalize task_active_pid_ns
Date: Tue, 2 Dec 2008 23:41:03 -0800 [thread overview]
Message-ID: <20081203074103.GA8487@us.ibm.com> (raw)
In-Reply-To: <20081202115729.GB1132@wavehammer.waldi.eu.org>
Bastian Blank [bastian@waldi.eu.org] wrote:
| On Mon, Dec 01, 2008 at 01:15:18PM -0800, Sukadev Bhattiprolu wrote:
| > Greg Kurz [gkurz@fr.ibm.com] wrote:
| > | On Thu, 2008-11-27 at 02:17 +0100, Bastian Blank wrote:
| > | > On Tue, Nov 25, 2008 at 07:45:28PM -0800, Sukadev Bhattiprolu wrote:
| > | > > Currently task_active_pid_ns is not safe to call after a
| > | > > task becomes a zombie and exit_task_namespaces is called,
| > | > > as nsproxy becomes NULL.
| > | > Why do you need to be able to get the pid namespace from zombie
| > | > processes?
| > After exiting namespaces, the process notifies parent. With new changes
| > to signals (in this patchset), the signal code may need to determine
| > the namespace of sender (the exiting child in this case).
|
| So the parent of a process with a new pid namespace will never get a
| SIGCHLD?
I am wondering what I said that leads to that conclusion :-) If parent
has a handler the handler will be called as usual otherwise SIGCHLD
will be ignored.
But anyway, an earlier version of my patches checked the pid namespace
sooner and so I had to generalize task_active_pid_ns().
With the present order of checks in siginfo_from_ancestor_ns(), we don't
need to generalize task_active_pid_ns(). SIG_FROM_USER flag will be clear
when do_notify_parent() calls send_signal().
IOW, while we should eventually generalize task_active_pid_ns(), it is
not required for this signals patchset and we can ignore patches 1 and 2
for now.
|
| What I read in the kernel source (kernel/signal.c:do_notify_parent,
| include/asm-generic/siginfo.h:CLD_EXITED) is that the exit signals
| (SIGCHLD) are describes as sent by the kernel.
Yes. Are you suggesting a check like
if (!is_si_special(info) && !SI_FROMKERNEL(info)) ?
/* must be from user, safe to check ns */
But SI_ASYNCIO comes from the driver - so its not safe to check pid ns.
(sent a separate query on SI_ASYNCIO).
|
| > | I agree with Eric and Sukadev that task_active_pid_ns() is unsafe. There
| > | isn't even a /* don't use with zombies */ in pid_namespace.h...
| > Hmm. Its not unsafe at present. It would become unsafe if the signals code
| > tries to determine the namespace of sender.
|
| Why? Even now it may be used on zombie tasks.
It used to be unsafe, and iirc was fixed a while ago(in part by moving
exit_task_namespaces() into exit_notify()).
Are you saying there is another path (outside these signals patches) where
task_active_pid_ns() is called for zombies ?
WARNING: multiple messages have this Message-ID (diff)
From: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
To: Bastian Blank <bastian@waldi.eu.org>,
Greg Kurz <gkurz@fr.ibm.com>,
linux-kernel@vger.kernel.org, oleg@redhat.com,
ebiederm@xmission.com, containers@lists.osdl.org,
roland@redhat.com, xemul@openvz.org
Subject: Re: [RFC][PATCH 2/5] pid: Generalize task_active_pid_ns
Date: Tue, 2 Dec 2008 23:41:03 -0800 [thread overview]
Message-ID: <20081203074103.GA8487@us.ibm.com> (raw)
In-Reply-To: <20081202115729.GB1132@wavehammer.waldi.eu.org>
Bastian Blank [bastian@waldi.eu.org] wrote:
| On Mon, Dec 01, 2008 at 01:15:18PM -0800, Sukadev Bhattiprolu wrote:
| > Greg Kurz [gkurz@fr.ibm.com] wrote:
| > | On Thu, 2008-11-27 at 02:17 +0100, Bastian Blank wrote:
| > | > On Tue, Nov 25, 2008 at 07:45:28PM -0800, Sukadev Bhattiprolu wrote:
| > | > > Currently task_active_pid_ns is not safe to call after a
| > | > > task becomes a zombie and exit_task_namespaces is called,
| > | > > as nsproxy becomes NULL.
| > | > Why do you need to be able to get the pid namespace from zombie
| > | > processes?
| > After exiting namespaces, the process notifies parent. With new changes
| > to signals (in this patchset), the signal code may need to determine
| > the namespace of sender (the exiting child in this case).
|
| So the parent of a process with a new pid namespace will never get a
| SIGCHLD?
I am wondering what I said that leads to that conclusion :-) If parent
has a handler the handler will be called as usual otherwise SIGCHLD
will be ignored.
But anyway, an earlier version of my patches checked the pid namespace
sooner and so I had to generalize task_active_pid_ns().
With the present order of checks in siginfo_from_ancestor_ns(), we don't
need to generalize task_active_pid_ns(). SIG_FROM_USER flag will be clear
when do_notify_parent() calls send_signal().
IOW, while we should eventually generalize task_active_pid_ns(), it is
not required for this signals patchset and we can ignore patches 1 and 2
for now.
|
| What I read in the kernel source (kernel/signal.c:do_notify_parent,
| include/asm-generic/siginfo.h:CLD_EXITED) is that the exit signals
| (SIGCHLD) are describes as sent by the kernel.
Yes. Are you suggesting a check like
if (!is_si_special(info) && !SI_FROMKERNEL(info)) ?
/* must be from user, safe to check ns */
But SI_ASYNCIO comes from the driver - so its not safe to check pid ns.
(sent a separate query on SI_ASYNCIO).
|
| > | I agree with Eric and Sukadev that task_active_pid_ns() is unsafe. There
| > | isn't even a /* don't use with zombies */ in pid_namespace.h...
| > Hmm. Its not unsafe at present. It would become unsafe if the signals code
| > tries to determine the namespace of sender.
|
| Why? Even now it may be used on zombie tasks.
It used to be unsafe, and iirc was fixed a while ago(in part by moving
exit_task_namespaces() into exit_notify()).
Are you saying there is another path (outside these signals patches) where
task_active_pid_ns() is called for zombies ?
next prev parent reply other threads:[~2008-12-03 7:41 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-26 3:42 [RFC][PATCH 0/5] Container init signal semantics Sukadev Bhattiprolu
2008-11-26 3:44 ` [RFC][PATCH 1/5] pid: Implement ns_of_pid Sukadev Bhattiprolu
2008-11-26 3:44 ` Sukadev Bhattiprolu
2008-11-27 1:19 ` Bastian Blank
2008-12-01 20:24 ` Sukadev Bhattiprolu
2008-12-02 11:58 ` Bastian Blank
2008-12-02 22:12 ` Sukadev Bhattiprolu
2008-12-03 0:34 ` Valdis.Kletnieks
2008-11-26 3:45 ` [RFC][PATCH 2/5] pid: Generalize task_active_pid_ns Sukadev Bhattiprolu
2008-11-26 3:45 ` Sukadev Bhattiprolu
2008-11-27 1:17 ` Bastian Blank
2008-11-27 21:19 ` Greg Kurz
2008-12-01 21:15 ` Sukadev Bhattiprolu
2008-12-02 11:57 ` Bastian Blank
2008-12-03 7:41 ` Sukadev Bhattiprolu [this message]
2008-12-03 7:41 ` Sukadev Bhattiprolu
2008-12-04 12:58 ` Bastian Blank
2008-11-27 13:09 ` Nadia Derbey
2008-12-01 20:38 ` Sukadev Bhattiprolu
2008-11-26 3:46 ` [RFC][PATCH 3/5] Determine if sender is from ancestor ns Sukadev Bhattiprolu
2008-11-26 3:46 ` Sukadev Bhattiprolu
2008-12-02 3:07 ` Roland McGrath
[not found] ` <20081126034611.GC23238-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-11-27 1:01 ` Bastian Blank
2008-11-27 1:01 ` Bastian Blank
2008-12-01 20:15 ` Sukadev Bhattiprolu
2008-12-02 11:48 ` Bastian Blank
2008-12-02 19:59 ` Sukadev Bhattiprolu
2008-12-04 12:45 ` [RFC][PATCH 3/5] Determine if sender is from ancestor ns+ Bastian Blank
2008-12-04 1:06 ` [RFC][PATCH 3/5] Determine if sender is from ancestor ns Roland McGrath
2008-12-04 1:06 ` Roland McGrath
2008-12-09 3:22 ` Sukadev Bhattiprolu
2008-11-26 3:46 ` [RFC][PATCH 4/5] Protect cinit from fatal signals Sukadev Bhattiprolu
2008-11-26 3:46 ` Sukadev Bhattiprolu
2008-11-27 1:07 ` Bastian Blank
2008-12-01 20:21 ` Sukadev Bhattiprolu
2008-12-02 12:06 ` Bastian Blank
2008-12-02 20:51 ` Sukadev Bhattiprolu
2008-12-04 12:52 ` Bastian Blank
2008-12-04 18:58 ` Sukadev Bhattiprolu
2008-11-26 3:46 ` [RFC][PATCH 5/5] Clear si_pid for signal from ancestor ns Sukadev Bhattiprolu
2008-11-26 3:46 ` Sukadev Bhattiprolu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20081203074103.GA8487@us.ibm.com \
--to=sukadev@linux.vnet.ibm.com \
--cc=bastian@waldi.eu.org \
--cc=containers@lists.osdl.org \
--cc=ebiederm@xmission.com \
--cc=gkurz@fr.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=oleg@redhat.com \
--cc=roland@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.