Re: [PATCH 1/1] signal: kill the obsolete SIGNAL_UNKILLABLE check in complete_signal()

[Oleg Nesterov <oleg@redhat.com>]

On 11/05, Oleg Nesterov wrote:
>
> On 11/04, Andrew Morton wrote:
> >
> > I'm thinking this should be backported into -stable due to WARN_ONs and
> > kernel crashes.
>
> Ah, sorry for confusion. The kernel crash is fine/correct. Debugger kills
> init process, the exiting init calls panic(). With or without this patch.
> BTW, I always thought we should remove this panic(), but this is off-topic.
>
> After this patch the test-case above still crashes the kernel, but without
> warning ;)
>
> > And as f008faff0e27 is from 2009, that means all
> > kernels.
>
> Yes, I think this change is safe for -stable. But the only visible problem
> is WARN_ON_ONCE() in task_participate_group_stop(), so I am not sure...
>
> Well. Actually there are more problems. zap_threads(), de_thread() can be
> fooled by signal_group_exit() == F too. So a multi-threaded /sbin/init can
> miss SIGKILL if it does execve(), or if it starts the coredump. But only if
> SIGKILL was private (sent by tkill).
>
> I do not see any serious problem this patch could fix.

Cough... and on the second thought this patch needs v2. Sorry Andrew, please
drop signal-kill-the-obsolete-signal_unkillable-check-in-complete_signal.patch
I'll send the updated version.

With this patch the parent namespace can use any fatal signal (not only SIGKILL)
to kill the init process in container. I do not think this is actually bad, but
in any case this should not silently come as a side effect. And this is not
consistent with SIGNAL_UNKILLABLE/sig_kernel_only() check in get_signal().

Most probably I will just resend this patch as 2/2, while 1/2 will change
sig_task_ignored() because afaics it is not actually right too (albeit not
really buggy).

Oleg.