From: Oleg Nesterov <oleg@redhat.com>
To: Qianli Zhao <zhaoqianligood@gmail.com>
Cc: christian@brauner.io, axboe@kernel.dk, ebiederm@xmission.com,
tglx@linutronix.de, pcc@google.com, linux-kernel@vger.kernel.org,
zhaoqianli@xiaomi.com
Subject: Re: [PATCH V3] exit: trigger panic when global init has exited
Date: Wed, 17 Mar 2021 15:38:06 +0100 [thread overview]
Message-ID: <20210317143805.GA5610@redhat.com> (raw)
In-Reply-To: <1615985460-112867-1-git-send-email-zhaoqianligood@gmail.com>
On 03/17, Qianli Zhao wrote:
>
> From: Qianli Zhao <zhaoqianli@xiaomi.com>
>
> When init sub-threads running on different CPUs exit at the same time,
> zap_pid_ns_processe()->BUG() may be happened.
and why do you think your patch can't prevent this?
Sorry, I must have missed something. But it seems to me that you are trying
to fix the wrong problem. Yes, zap_pid_ns_processes() must not be called in
the root namespace, and this has nothing to do with CONFIG_PID_NS.
> And every thread status is abnormal after exit(PF_EXITING set,task->mm=NULL etc),
> which makes it difficult to parse coredump from fulldump normally.
> In order to fix the above problem, when any one init has been set to SIGNAL_GROUP_EXIT,
> trigger panic immediately, and prevent other init threads from continuing to exit
>
> [ 24.705376] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00007f00
> [ 24.705382] CPU: 4 PID: 552 Comm: init Tainted: G S O 4.14.180-perf-g4483caa8ae80-dirty #1
> [ 24.705390] kernel BUG at include/linux/pid_namespace.h:98!
>
> PID: 552 CPU: 4 COMMAND: "init"
> PID: 1 CPU: 7 COMMAND: "init"
> core4 core7
> ... sys_exit_group()
> do_group_exit()
> - sig->flags = SIGNAL_GROUP_EXIT
> - zap_other_threads()
> do_exit() //PF_EXITING is set
> ret_to_user()
> do_notify_resume()
> get_signal()
> - signal_group_exit
> - goto fatal;
> do_group_exit()
> do_exit() //PF_EXITING is set
> - panic("Attempted to kill init! exitcode=0x%08x\n")
> exit_notify()
> find_alive_thread() //no alive sub-threads
> zap_pid_ns_processes()//CONFIG_PID_NS is not set
> BUG()
>
> Signed-off-by: Qianli Zhao <zhaoqianli@xiaomi.com>
> ---
> V3:
> - Use group_dead instead of thread_group_empty() to test single init exit.
>
> V2:
> - Changelog update
> - Remove wrong useage of SIGNAL_UNKILLABLE.
> - Add thread_group_empty() test to handle single init thread exit
> ---
> kernel/exit.c | 20 +++++++++++---------
> 1 file changed, 11 insertions(+), 9 deletions(-)
>
> diff --git a/kernel/exit.c b/kernel/exit.c
> index 04029e3..32b74e4 100644
> --- a/kernel/exit.c
> +++ b/kernel/exit.c
> @@ -766,6 +766,17 @@ void __noreturn do_exit(long code)
>
> validate_creds_for_do_exit(tsk);
>
> + group_dead = atomic_dec_and_test(&tsk->signal->live);
> + /*
> + * If global init has exited,
> + * panic immediately to get a useable coredump.
> + */
> + if (unlikely(is_global_init(tsk) &&
> + (group_dead || (tsk->signal->flags & SIGNAL_GROUP_EXIT)))) {
> + panic("Attempted to kill init! exitcode=0x%08x\n",
> + tsk->signal->group_exit_code ?: (int)code);
> + }
> +
> /*
> * We're taking recursive faults here in do_exit. Safest is to just
> * leave this task alone and wait for reboot.
> @@ -784,16 +795,7 @@ void __noreturn do_exit(long code)
> if (tsk->mm)
> sync_mm_rss(tsk->mm);
> acct_update_integrals(tsk);
> - group_dead = atomic_dec_and_test(&tsk->signal->live);
> if (group_dead) {
> - /*
> - * If the last thread of global init has exited, panic
> - * immediately to get a useable coredump.
> - */
> - if (unlikely(is_global_init(tsk)))
> - panic("Attempted to kill init! exitcode=0x%08x\n",
> - tsk->signal->group_exit_code ?: (int)code);
> -
> #ifdef CONFIG_POSIX_TIMERS
> hrtimer_cancel(&tsk->signal->real_timer);
> exit_itimers(tsk->signal);
> --
> 1.9.1
>
next prev parent reply other threads:[~2021-03-17 14:39 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-17 12:51 [PATCH V3] exit: trigger panic when global init has exited Qianli Zhao
2021-03-17 14:38 ` Oleg Nesterov [this message]
2021-03-18 2:47 ` qianli zhao
2021-03-18 18:04 ` Oleg Nesterov
2021-03-18 19:08 ` Eric W. Biederman
2021-03-19 6:33 ` qianli zhao
2021-03-19 16:34 ` Oleg Nesterov
2021-03-19 16:26 ` Oleg Nesterov
2021-03-21 16:00 ` qianli zhao
2021-03-22 17:07 ` Oleg Nesterov
2021-03-22 17:09 ` Oleg Nesterov
2021-03-19 5:08 ` qianli zhao
2021-03-19 16:32 ` Oleg Nesterov
2021-03-21 13:04 ` qianli zhao
2021-03-22 16:37 ` Oleg Nesterov
2021-03-23 3:14 ` qianli zhao
2021-03-23 9:00 ` Oleg Nesterov
2021-03-23 11:23 ` qianli zhao
2021-03-24 18:12 ` Oleg Nesterov
2021-03-25 3:00 ` qianli zhao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210317143805.GA5610@redhat.com \
--to=oleg@redhat.com \
--cc=axboe@kernel.dk \
--cc=christian@brauner.io \
--cc=ebiederm@xmission.com \
--cc=linux-kernel@vger.kernel.org \
--cc=pcc@google.com \
--cc=tglx@linutronix.de \
--cc=zhaoqianli@xiaomi.com \
--cc=zhaoqianligood@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.