From: Oleg Nesterov <oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org
Cc: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
lennart-mdGvqq1h2p+GdvJs77BJ7Q@public.gmane.org,
kay.sievers-tD+1rO4QERM@public.gmane.org,
linux-man-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
roland-/Z5OmTQCD9xF6kxbq+BtvQ@public.gmane.org,
torvalds-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org
Subject: Re: + prctl-add-pr_setget_child_reaper-to-allow-simple-process-supervision .patch added to -mm tree
Date: Wed, 17 Aug 2011 13:55:43 +0200 [thread overview]
Message-ID: <20110817115543.GA8745@redhat.com> (raw)
In-Reply-To: <201108162011.p7GKBcY0023134-AB4EexQrvXRQetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>
On 08/16, Andrew Morton wrote:
>
> From: Lennart Poettering <lennart-mdGvqq1h2p+GdvJs77BJ7Q@public.gmane.org>
>
> Userspace service managers/supervisors need to track their started
> services. Many services daemonize by double-forking and get implicitely
> re-parented to PID 1. The process manager will no longer be able to
> receive the SIGCHLD signals for them.
>
> With this prctl, a service manager can mark itself as a sort of 'sub-init'
> process, able to stay as the parent process for all processes created by
> the started services. All SIGCHLD signals will be delivered to the
> service manager.
I try to never argue with the new features. But to be honest, this
doesn't look very good to me.
OK, a service manager M does prctl(PR_SET_CHILD_REAPER), then it forks
a service X which forks another child C and exits. Then C exits and
notifies M.
But. How can M know that the service X should be restarted? It only
knows the pid. What if wait(WEXITED) succeeds because C in turn does
fork + exit? What M has 2 or more services?
Anyway, the implementation is certainly buggy.
> @@ -1296,6 +1296,8 @@ struct task_struct {
> * execve */
> unsigned in_iowait:1;
>
> + /* Reparent child processes to this process instead of pid 1. */
> + unsigned child_reaper:1;
First of all - this is already very wrong imho. This should be
per-process, not per-thread.
> + /* find the first ancestor which is marked as child_reaper */
> + for (reaper = father->parent;
> + reaper != &init_task && reaper != pid_ns->child_reaper;
> + reaper = reaper->parent)
This loop can never reach init_task/child_reaper and crash the kernel.
For example, father->parent can point to init_task's sub-thread.
OTOH you shouldn't use init_task at all.
Also. You shouldn't do this if the sub-namespace init exits, this is
wrong.
> + if (reaper->child_reaper)
> + return reaper;
No, we can't blindly return this task, it can be dead/exiting. More
precisely, we must not do this if it has already passed
forget_original_parent(). That is why the code above checks PF_EXITING.
Oleg.
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: Oleg Nesterov <oleg@redhat.com>
To: akpm@linux-foundation.org
Cc: linux-kernel@vger.kernel.org, lennart@poettering.net,
kay.sievers@vrfy.org, linux-man@vger.kernel.org,
roland@hack.frob.com, torvalds@linux-foundation.org
Subject: Re: + prctl-add-pr_setget_child_reaper-to-allow-simple-process-supervision .patch added to -mm tree
Date: Wed, 17 Aug 2011 13:55:43 +0200 [thread overview]
Message-ID: <20110817115543.GA8745@redhat.com> (raw)
In-Reply-To: <201108162011.p7GKBcY0023134@imap1.linux-foundation.org>
On 08/16, Andrew Morton wrote:
>
> From: Lennart Poettering <lennart@poettering.net>
>
> Userspace service managers/supervisors need to track their started
> services. Many services daemonize by double-forking and get implicitely
> re-parented to PID 1. The process manager will no longer be able to
> receive the SIGCHLD signals for them.
>
> With this prctl, a service manager can mark itself as a sort of 'sub-init'
> process, able to stay as the parent process for all processes created by
> the started services. All SIGCHLD signals will be delivered to the
> service manager.
I try to never argue with the new features. But to be honest, this
doesn't look very good to me.
OK, a service manager M does prctl(PR_SET_CHILD_REAPER), then it forks
a service X which forks another child C and exits. Then C exits and
notifies M.
But. How can M know that the service X should be restarted? It only
knows the pid. What if wait(WEXITED) succeeds because C in turn does
fork + exit? What M has 2 or more services?
Anyway, the implementation is certainly buggy.
> @@ -1296,6 +1296,8 @@ struct task_struct {
> * execve */
> unsigned in_iowait:1;
>
> + /* Reparent child processes to this process instead of pid 1. */
> + unsigned child_reaper:1;
First of all - this is already very wrong imho. This should be
per-process, not per-thread.
> + /* find the first ancestor which is marked as child_reaper */
> + for (reaper = father->parent;
> + reaper != &init_task && reaper != pid_ns->child_reaper;
> + reaper = reaper->parent)
This loop can never reach init_task/child_reaper and crash the kernel.
For example, father->parent can point to init_task's sub-thread.
OTOH you shouldn't use init_task at all.
Also. You shouldn't do this if the sub-namespace init exits, this is
wrong.
> + if (reaper->child_reaper)
> + return reaper;
No, we can't blindly return this task, it can be dead/exiting. More
precisely, we must not do this if it has already passed
forget_original_parent(). That is why the code above checks PF_EXITING.
Oleg.
next prev parent reply other threads:[~2011-08-17 11:55 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-08-16 20:11 + prctl-add-pr_setget_child_reaper-to-allow-simple-process-supervision.patch added to -mm tree akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b
[not found] ` <201108162011.p7GKBcY0023134-AB4EexQrvXRQetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>
2011-08-17 11:55 ` Oleg Nesterov [this message]
2011-08-17 11:55 ` + prctl-add-pr_setget_child_reaper-to-allow-simple-process-supervision .patch " Oleg Nesterov
[not found] ` <20110817115543.GA8745-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2011-08-17 13:05 ` Oleg Nesterov
2011-08-17 13:05 ` Oleg Nesterov
[not found] ` <20110817130531.GA12204-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2011-08-17 13:21 ` Kay Sievers
2011-08-17 13:21 ` Kay Sievers
[not found] ` <CAPXgP10A4rcQLht--h1d3PJE=oOrm=MSjGXTUSKVF+ssnkt_gw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2011-08-17 13:37 ` Alan Cox
2011-08-17 13:37 ` Alan Cox
[not found] ` <20110817143728.7abc955b-qBU/x9rampVanCEyBjwyrvXRex20P6io@public.gmane.org>
2011-08-23 0:30 ` Colin Walters
2011-08-23 0:30 ` Colin Walters
2011-08-17 14:16 ` Oleg Nesterov
2011-08-17 14:16 ` Oleg Nesterov
2011-08-17 16:03 ` Denys Vlasenko
2011-08-17 16:03 ` Denys Vlasenko
2011-08-17 13:13 ` Kay Sievers
[not found] ` <CAPXgP12rYf2HmmsJAuJw=nrtcjTRR1WzDhLNM47eKhKA1UTfJQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2011-08-17 13:45 ` Oleg Nesterov
2011-08-17 13:45 ` Oleg Nesterov
[not found] ` <20110817134516.GA14136-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2011-08-17 15:45 ` Kay Sievers
2011-08-17 15:45 ` Kay Sievers
[not found] ` <CAPXgP101N_GESzpqu=P_H8cLoekMzb2_W2eWyAqATSjm4Gj9CA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2011-08-17 15:53 ` Alan Cox
2011-08-17 15:53 ` Alan Cox
2011-08-17 16:20 ` Oleg Nesterov
2011-08-17 16:20 ` Oleg Nesterov
[not found] ` <20110817162041.GA21406-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2011-08-17 16:47 ` Kay Sievers
2011-08-17 16:47 ` Kay Sievers
[not found] ` <CAPXgP13Dn2c-OnYg-Cty5r4JbqeH_zYPtXDj5GAfK1btoKYmDg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2011-08-17 18:57 ` Oleg Nesterov
2011-08-17 18:57 ` Oleg Nesterov
[not found] ` <20110817185709.GA27663-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2011-08-17 20:56 ` Kay Sievers
2011-08-17 20:56 ` Kay Sievers
2011-08-18 12:43 ` Lennart Poettering
2011-08-18 12:43 ` Lennart Poettering
[not found] ` <20110818124353.GA2839-kS5D54t9nk0aINubkmmoJbNAH6kLmebB@public.gmane.org>
2011-08-18 14:25 ` Oleg Nesterov
2011-08-18 14:25 ` Oleg Nesterov
2011-08-18 18:11 ` Kay Sievers
2011-08-18 18:48 ` Oleg Nesterov
2011-08-18 18:48 ` Oleg Nesterov
[not found] ` <20110818184857.GA12094-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2011-08-19 1:31 ` Kay Sievers
2011-08-19 1:31 ` Kay Sievers
2011-08-19 12:25 ` Oleg Nesterov
2011-08-19 12:25 ` Oleg Nesterov
[not found] ` <20110819122503.GA8411-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2011-08-19 12:44 ` Kay Sievers
2011-08-19 12:44 ` Kay Sievers
[not found] ` <CAPXgP11KC2fTWBVYo6CBXe924YAyTGhx9=UTBDf4cP5Acuo0NA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2011-08-19 13:13 ` Oleg Nesterov
2011-08-19 13:13 ` Oleg Nesterov
2011-08-19 14:20 ` Kay Sievers
2011-08-19 14:58 ` Oleg Nesterov
2011-08-19 14:58 ` Oleg Nesterov
[not found] ` <20110819145815.GA15420-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2011-08-20 15:33 ` Oleg Nesterov
2011-08-20 15:33 ` Oleg Nesterov
2011-08-21 18:33 ` Kay Sievers
2011-08-22 11:14 ` Oleg Nesterov
2011-08-22 11:14 ` Oleg Nesterov
[not found] ` <20110822111402.GA13248-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2011-08-22 23:48 ` Kay Sievers
2011-08-22 23:48 ` Kay Sievers
2011-08-18 21:23 ` Linus Torvalds
2011-08-18 21:23 ` Linus Torvalds
[not found] ` <CA+55aFxGDbNOhNQJe_LpUMcJCGcW8qFFWzC9H0_KW26Xzb0cXw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2011-08-18 21:55 ` Kay Sievers
2011-08-18 21:55 ` Kay Sievers
2011-08-18 22:22 ` Linus Torvalds
2011-08-18 22:22 ` Linus Torvalds
[not found] ` <CA+55aFyFnMRMuWSSpytwvpk9u5YysMRfTRELyhGX9grWbGyi6Q-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2011-08-19 0:48 ` Kay Sievers
2011-08-19 0:48 ` Kay Sievers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110817115543.GA8745@redhat.com \
--to=oleg-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
--cc=akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
--cc=kay.sievers-tD+1rO4QERM@public.gmane.org \
--cc=lennart-mdGvqq1h2p+GdvJs77BJ7Q@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-man-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=roland-/Z5OmTQCD9xF6kxbq+BtvQ@public.gmane.org \
--cc=torvalds-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.