From: Oleg Nesterov <oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Cc: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Containers <containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>,
Sukadev Bhattiprolu
<sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>,
roland-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org
Subject: Re: [PATCH 7/7][v8] SI_USER: Masquerade si_pid when crossing pid ns boundary
Date: Thu, 19 Feb 2009 23:31:37 +0100 [thread overview]
Message-ID: <20090219223137.GA10378@redhat.com> (raw)
In-Reply-To: <m1fxiayss9.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
On 02/19, Eric W. Biederman wrote:
>
> Oleg Nesterov <oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> writes:
> >
> > SI_FROMUSER() == T, unless we have more (hopefully not) in-kernel
> > users which send SI_FROMUSER() signals, .si_pid must be valid?
>
> So the argument is that while things such as force_sig_info(SIGSEGV)
> don't have a si_pid we don't care because from_ancestor_ns == 0.
>
> Interesting. Then I don't know if we have any kernel senders
> that cross the namespace boundaries.
>
> That said I still object to this code.
>
> sys_kill(-pgrp, SIGUSR1)
> kill_something_info(SIGUSR1, &info, 0)
> __kill_pgrp_info(SIGUSR1, &info task_pgrp(current))
> group_send_sig_info(SIGUSR1, &info, tsk)
> __group_send_sig_info(SIGUSR1, &info, tsk)
> send_signal(SIGUSR1, &info, tsk, 1)
> __send_signal(SIGUSR1, &info, tsk, 1)
>
>
> Process groups and sessions can have processes in multiple pid
> namespaces, which is very useful for not messing up your controlling
> terminal.
>
> In which case sys_kill cannot possibly set the si_pid value correct
> and from_ancestor_ns is not enough either.
(I know, I shouldn't reply today because I am already sleeping ;)
Why? send_signal() should calculate the correct value of
from_parent and pass it to __send_signal(). If it is true, then
we clear .si_pid in the copied siginfo (which was already queued).
We don't mangle the original siginfo.
This happens for each process we send the signal.
Or I misunderstood you?
Oleg.
WARNING: multiple messages have this Message-ID (diff)
From: Oleg Nesterov <oleg@redhat.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>,
Andrew Morton <akpm@osdl.org>,
roland@redhat.com, daniel@hozac.com,
Containers <containers@lists.osdl.org>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 7/7][v8] SI_USER: Masquerade si_pid when crossing pid ns boundary
Date: Thu, 19 Feb 2009 23:31:37 +0100 [thread overview]
Message-ID: <20090219223137.GA10378@redhat.com> (raw)
In-Reply-To: <m1fxiayss9.fsf@fess.ebiederm.org>
On 02/19, Eric W. Biederman wrote:
>
> Oleg Nesterov <oleg@redhat.com> writes:
> >
> > SI_FROMUSER() == T, unless we have more (hopefully not) in-kernel
> > users which send SI_FROMUSER() signals, .si_pid must be valid?
>
> So the argument is that while things such as force_sig_info(SIGSEGV)
> don't have a si_pid we don't care because from_ancestor_ns == 0.
>
> Interesting. Then I don't know if we have any kernel senders
> that cross the namespace boundaries.
>
> That said I still object to this code.
>
> sys_kill(-pgrp, SIGUSR1)
> kill_something_info(SIGUSR1, &info, 0)
> __kill_pgrp_info(SIGUSR1, &info task_pgrp(current))
> group_send_sig_info(SIGUSR1, &info, tsk)
> __group_send_sig_info(SIGUSR1, &info, tsk)
> send_signal(SIGUSR1, &info, tsk, 1)
> __send_signal(SIGUSR1, &info, tsk, 1)
>
>
> Process groups and sessions can have processes in multiple pid
> namespaces, which is very useful for not messing up your controlling
> terminal.
>
> In which case sys_kill cannot possibly set the si_pid value correct
> and from_ancestor_ns is not enough either.
(I know, I shouldn't reply today because I am already sleeping ;)
Why? send_signal() should calculate the correct value of
from_parent and pass it to __send_signal(). If it is true, then
we clear .si_pid in the copied siginfo (which was already queued).
We don't mangle the original siginfo.
This happens for each process we send the signal.
Or I misunderstood you?
Oleg.
next prev parent reply other threads:[~2009-02-19 22:31 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-02-19 3:02 [PATCH 0/7][v8] Container-init signal semantics Sukadev Bhattiprolu
2009-02-19 3:05 ` [PATCH 1/7][v8] Remove 'handler' parameter to tracehook functions Sukadev Bhattiprolu
2009-02-19 3:05 ` [PATCH 2/7][v8] Protect init from unwanted signals more Sukadev Bhattiprolu
2009-02-19 3:06 ` [PATCH 3/7][v8] Add from_ancestor_ns parameter to send_signal() Sukadev Bhattiprolu
2009-02-19 3:06 ` [PATCH 4/7][v8] Protect cinit from unblocked SIG_DFL signals Sukadev Bhattiprolu
[not found] ` <20090219030207.GA18783-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-02-19 3:07 ` [PATCH 5/7][v8] zap_pid_ns_process() should use force_sig() Sukadev Bhattiprolu
2009-02-19 3:07 ` Sukadev Bhattiprolu
[not found] ` <20090219030704.GE18990-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-02-19 18:59 ` Oleg Nesterov
2009-02-19 18:59 ` Oleg Nesterov
2009-02-19 20:26 ` Sukadev Bhattiprolu
2009-02-19 3:07 ` [PATCH 6/7][v8] Protect cinit from blocked fatal signals Sukadev Bhattiprolu
2009-02-19 3:07 ` Sukadev Bhattiprolu
2009-02-19 20:53 ` [PATCH 0/7][v8] Container-init signal semantics Oleg Nesterov
2009-02-19 20:53 ` Oleg Nesterov
2009-02-19 3:07 ` [PATCH 7/7][v8] SI_USER: Masquerade si_pid when crossing pid ns boundary Sukadev Bhattiprolu
2009-02-19 16:11 ` Eric W. Biederman
[not found] ` <m1y6w21k6d.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2009-02-19 18:51 ` Oleg Nesterov
2009-02-19 18:51 ` Oleg Nesterov
2009-02-19 22:18 ` Eric W. Biederman
[not found] ` <m1fxiayss9.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2009-02-19 22:31 ` Oleg Nesterov [this message]
2009-02-19 22:31 ` Oleg Nesterov
2009-02-19 23:21 ` Eric W. Biederman
2009-02-19 23:51 ` Roland McGrath
2009-02-19 23:51 ` Roland McGrath
2009-02-20 0:35 ` Eric W. Biederman
[not found] ` <m1bpsyt05t.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2009-02-20 1:06 ` Roland McGrath
2009-02-20 1:06 ` Roland McGrath
2009-02-20 2:12 ` Eric W. Biederman
2009-02-20 3:10 ` Roland McGrath
2009-02-20 3:10 ` Roland McGrath
2009-02-20 4:05 ` Eric W. Biederman
[not found] ` <m1fxiaxbb5.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2009-02-20 0:28 ` Oleg Nesterov
2009-02-20 0:28 ` Oleg Nesterov
2009-02-20 1:16 ` Eric W. Biederman
2009-02-19 14:59 ` [PATCH 0/7][v8] Container-init signal semantics Daniel Lezcano
2009-03-07 19:04 ` Sukadev Bhattiprolu
2009-03-07 19:43 ` Daniel Lezcano
2009-03-07 19:51 ` Greg Kurz
2009-03-07 19:59 ` Daniel Lezcano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090219223137.GA10378@redhat.com \
--to=oleg-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=roland-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.