From mboxrd@z Thu Jan 1 00:00:00 1970 From: Oren Laadan Subject: Re: [PATCH][usercr]: Ghost tasks must be detached Date: Wed, 09 Feb 2011 07:18:49 -0500 Message-ID: <4D528629.7030905@cs.columbia.edu> References: <20101211033548.GA12584@us.ibm.com> <4D2BB78A.9090701@cs.columbia.edu> <4D4D9D1B.3000209@cs.columbia.edu> <20110205214032.GA12944@us.ibm.com> <4D4DC90B.3010103@cs.columbia.edu> <20110209020942.GA5339@us.ibm.com> <20110209120100.GD13323@hawkmoon.kerlabs.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20110209120100.GD13323-Hu8+6S1rdjywhHL9vcZdMVaTQe2KTcn/@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: Sukadev Bhattiprolu , Luis Rilling Cc: Containers List-Id: containers.vger.kernel.org On 02/09/2011 07:01 AM, Louis Rilling wrote: > On 08/02/11 18:09 -0800, Sukadev Bhattiprolu wrote: >> Oren Laadan [orenl-eQaUEPhvms7ENvBUuze7eA@public.gmane.org] wrote: >> | >> | >> | On 02/05/2011 04:40 PM, Sukadev Bhattiprolu wrote: >> | > Oren Laadan [orenl-eQaUEPhvms7ENvBUuze7eA@public.gmane.org] wrote: >> | > | Suka, >> | > | >> | > | This patch - and the corresponding kernel patch - are wrong >> | > >> | > Ah, I see that now. >> | > >> | > But am not sure about the kernel part though. We were getting a crash >> | > reliably (with older kernels) because of the ->exit_signal = -1 in >> | > do_ghost_task(). >> | >> | Are we still getting it with 2.6.37 ? >> >> I am not currently getting the crash on 2.6.37 - I thought it was due to >> the following commit which removed the check for task_detached() in >> do_wait_thread(). >> >> commit 9cd80bbb07fcd6d4d037fad4297496d3b132ac6b >> Author: Oleg Nesterov >> Date: Thu Dec 17 15:27:15 2009 -0800 > > I don't think that this introduced the bug. The bug triggers with EXIT_DEAD > tasks, for which wait() must ignore (see below). So, the bug looks still there > in 2.6.37. > >> >> But if that is true, I need to investigate why Louis Rilling was getting >> the crash in Jun 2010 - which he tried to fix here: >> >> http://lkml.org/lkml/2010/6/16/295 > > I was getting the crash on Kerrighed, which heavily patches the 2.6.30 kernel. > I could reproduce it on vanilla Linux of the moment (2.6.35-rc3), but > only after introducing artificial delays in release_task(). > > IIRC, what triggers the crash is some exiting detached task in the > pid_namespace, which goes EXIT_DEAD, and as such cannot be reaped by > zap_pid_ns_processes()->sys_wait4(). So with some odd timing, the detached > task can call proc_flush_task() after container init does, which triggers the > proc_mnt crash. > > Container init Some detached task in the ctnr > exit_notify() > ->exit_state = EXIT_DEAD > exit_notify() > forget_original_parent() > find_new_reaper() > zap_pid_ns_processes() > sys_wait4() > /* cannot reap EXIT_DEAD tasks */ > /* reparents EXIT_DEAD tasks to global init */ > > Container reaper > release_task() > proc_flush_task() > pid_ns_release_proc() > release_task() > proc_flush_task() > proc_flush_task_mnt() > KABOOM Louis, thanks for the explanation, and two follow-up questions: 1) Is there a patch circulating for this ? or even better, on the way to mainline ? 2) Would it suffice if the c/r code ensures that the init never exits before any EXIT_DEAD tasks ? Thanks, Oren.