From: Oleg Nesterov <oleg@redhat.com>
To: "Jürg Billeter" <j@bitron.ch>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Thomas Gleixner <tglx@linutronix.de>,
Eric Biederman <ebiederm@xmission.com>,
linux-api@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2] prctl: add PR_[GS]ET_KILLABLE
Date: Tue, 31 Jul 2018 16:39:50 +0200 [thread overview]
Message-ID: <20180731143949.GA1890@redhat.com> (raw)
In-Reply-To: <20180731070337.61004-1-j@bitron.ch>
On 07/31, Jürg Billeter wrote:
>
> PR_SET_KILLABLE clears the SIGNAL_UNKILLABLE flag. This allows
> CLONE_NEWPID tasks to restore normal signal behavior, opting out of the
> special signal protection for init processes. This prctl does not allow
> setting the SIGNAL_UNKILLABLE flag, only clearing.
>
> The SIGNAL_UNKILLABLE flag, which is implicitly set for tasks cloned
> with CLONE_NEWPID, has the effect of ignoring all signals (from
> userspace) if the corresponding handler is set to SIG_DFL. The only
> exceptions are SIGKILL and SIGSTOP and they are only accepted if raised
> from an ancestor namespace.
>
> SIGINT, SIGQUIT and SIGTSTP are used in job control for ^C, ^\, ^Z.
> While a task with the SIGNAL_UNKILLABLE flag could install handlers for
> these signals, this is not sufficient to implement a shell that uses
> CLONE_NEWPID for child processes:
Ah. My question wasn't clear, sorry.
Could you explain your use-case? Why a shell wants to use CLONE_NEWPID?
And what do we actually want in, say, ^Z case? Just stop the child reaper
or may be it would be better to stop the whole pid namespace?
> * As SIGSTOP is ignored when raised from the SIGNAL_UNKILLABLE process
> itself, it's not possible to implement the stop action in a custom
> SIGTSTP handler.
Yes. So may be we actually want to change __isig() paths to use
SEND_SIG_FORCED (this is not that simple), or perhaps we can change
__send_signal() to not drop SIGSTOP sent to itself, or may be we can even
introduce SIG_DFL_EVEN_IF_INIT, I dunno.
> * Many applications do not install handlers for these signals and
> thus, job control won't work properly with unmodified applications.
I can't understand this. An application should be changed anyway to do
PR_SET_KILLABLE?
Let me clarify. I am not arguing with this patch, probably it makes sense in
any case. I am just trying to understand your real motivation for this change.
> + case PR_SET_KILLABLE:
> + if (arg2 != 1 || arg3 || arg4 || arg5)
> + return -EINVAL;
> + spin_lock_irq(&me->sighand->siglock);
> + me->signal->flags &= ~SIGNAL_UNKILLABLE;
> + spin_unlock_irq(&me->sighand->siglock);
OK, but then you need to change the CLONE_PARENT/SIGNAL_UNKILLABLE check
in copy_process().
Oleg.
next prev parent reply other threads:[~2018-07-31 14:39 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-30 7:52 [PATCH] prctl: add PR_[GS]ET_KILLABLE Jürg Billeter
2018-07-30 10:17 ` Oleg Nesterov
2018-07-30 19:32 ` Jürg Billeter
2018-07-30 19:39 ` Thomas Gleixner
2018-07-31 7:03 ` [PATCH v2] " Jürg Billeter
2018-07-31 14:39 ` Oleg Nesterov [this message]
2018-07-31 16:12 ` Jürg Billeter
2018-08-01 14:19 ` Oleg Nesterov
2018-08-03 10:15 ` Jürg Billeter
2018-08-03 12:14 ` Oleg Nesterov
2018-08-03 13:34 ` Eric W. Biederman
2018-08-03 13:34 ` Eric W. Biederman
2018-08-03 14:39 ` Jürg Billeter
2018-07-31 16:26 ` [PATCH] " Jann Horn
2018-08-01 7:43 ` Jürg Billeter
2018-08-01 7:56 ` Jann Horn
2018-08-03 14:40 ` [PATCH v3 1/2] fork: do not rely on SIGNAL_UNKILLABLE for init check Jürg Billeter
2018-08-03 14:40 ` [PATCH v3 2/2] prctl: add PR_[GS]ET_KILLABLE Jürg Billeter
2018-09-06 22:42 ` Andrew Morton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180731143949.GA1890@redhat.com \
--to=oleg@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=ebiederm@xmission.com \
--cc=j@bitron.ch \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.