Re: [PATCH] pidfd: prevent creation of pidfds for kthreads

[Eric Biggers <ebiggers@kernel.org>]

Hi Christian,

On Wed, Jul 31, 2024 at 12:01:12PM +0200, Christian Brauner wrote:
> It's currently possible to create pidfds for kthreads but it is unclear
> what that is supposed to mean. Until we have use-cases for it and we
> figured out what behavior we want block the creation of pidfds for
> kthreads.
> 
> Fixes: 32fcb426ec00 ("pid: add pidfd_open()")
> Cc: stable@vger.kernel.org
> Signed-off-by: Christian Brauner <brauner@kernel.org>
> ---
>  kernel/fork.c | 25 ++++++++++++++++++++++---
>  1 file changed, 22 insertions(+), 3 deletions(-)

Unfortunately this commit broke systemd-shutdown's ability to kill processes,
which makes some filesystems no longer get unmounted at shutdown.

It looks like systemd-shutdown relies on being able to create a pidfd for any
process listed in /proc (even a kthread), and if it gets EINVAL it treats it a
fatal error and stops looking for more processes...

This is what shows up in the system log:

    systemd[1]: Shutting down.
    systemd-shutdown[1]: Syncing filesystems and block devices.
    systemd-shutdown[1]: Sending SIGTERM to remaining processes...
    systemd-shutdown[1]: Failed to enumerate /proc/: Invalid argument
    systemd-shutdown[1]: Sending SIGKILL to remaining processes...
    systemd-shutdown[1]: Failed to enumerate /proc/: Invalid argument
    systemd-shutdown[1]: Unmounting file systems.
    (sd-umount)[17359]: Unmounting '/run/credentials/systemd-vconsole-setup.service'.
    (sd-umount)[17360]: Unmounting '/run/credentials/systemd-journald.service'.
    (sd-remount)[17361]: Remounting '/' read-only with options ''.
    (sd-remount)[17361]: Failed to remount '/' read-only: Device or resource busy
    (sd-remount)[17362]: Remounting '/' read-only with options ''.
    (sd-remount)[17362]: Failed to remount '/' read-only: Device or resource busy
    systemd-shutdown[1]: Not all file systems unmounted, 1 left.

- Eric