From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751208AbdFBBN4 (ORCPT ); Thu, 1 Jun 2017 21:13:56 -0400 Received: from out02.mta.xmission.com ([166.70.13.232]:33510 "EHLO out02.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750892AbdFBBNz (ORCPT ); Thu, 1 Jun 2017 21:13:55 -0400 From: ebiederm@xmission.com (Eric W. Biederman) To: Guenter Roeck Cc: Vovo Yang , Ingo Molnar , linux-kernel@vger.kernel.org References: <8760h66wak.fsf@xmission.com> <20170512165214.GA12960@roeck-us.net> <874lwqyo8i.fsf@xmission.com> <20170512194304.GE12960@roeck-us.net> <87wp9lvo4u.fsf@xmission.com> <87inkfab4l.fsf@xmission.com> <20170601184549.GA28522@roeck-us.net> <87tw3z8pq1.fsf@xmission.com> <20170601214339.GB8803@roeck-us.net> Date: Thu, 01 Jun 2017 20:06:46 -0500 In-Reply-To: <20170601214339.GB8803@roeck-us.net> (Guenter Roeck's message of "Thu, 1 Jun 2017 14:43:39 -0700") Message-ID: <87efv38aft.fsf@xmission.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-XM-SPF: eid=1dGb9c-0006R9-SU;;;mid=<87efv38aft.fsf@xmission.com>;;;hst=in01.mta.xmission.com;;;ip=97.121.81.159;;;frm=ebiederm@xmission.com;;;spf=neutral X-XM-AID: U2FsdGVkX18VnCgNjl+8O/Mxng9cVQeQA9c3jfD4DLU= X-SA-Exim-Connect-IP: 97.121.81.159 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * 0.0 TVD_RCVD_IP Message was received from an IP address * 0.5 XMGappySubj_01 Very gappy subject * 0.0 T_TM2_M_HEADER_IN_MSG BODY: No description available. * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.4999] * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC * [sa06 1397; Body=1 Fuz1=1 Fuz2=1] X-Spam-DCC: XMission; sa06 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: ;Guenter Roeck X-Spam-Relay-Country: X-Spam-Timing: total 5303 ms - load_scoreonly_sql: 0.03 (0.0%), signal_user_changed: 2.4 (0.0%), b_tie_ro: 1.63 (0.0%), parse: 0.78 (0.0%), extract_message_metadata: 16 (0.3%), get_uri_detail_list: 2.4 (0.0%), tests_pri_-1000: 5 (0.1%), tests_pri_-950: 1.13 (0.0%), tests_pri_-900: 0.94 (0.0%), tests_pri_-400: 22 (0.4%), check_bayes: 21 (0.4%), b_tokenize: 7 (0.1%), b_tok_get_all: 7 (0.1%), b_comp_prob: 2.4 (0.0%), b_tok_touch_all: 2.5 (0.0%), b_finish: 0.60 (0.0%), tests_pri_0: 200 (3.8%), check_dkim_signature: 0.48 (0.0%), check_dkim_adsp: 18 (0.3%), tests_pri_500: 5053 (95.3%), poll_dns_idle: 5046 (95.1%), rewrite_mail: 0.00 (0.0%) Subject: Re: Threads stuck in zap_pid_ns_processes() X-Spam-Flag: No X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600) X-SA-Exim-Scanned: Yes (on in01.mta.xmission.com) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Guenter Roeck writes: > On Thu, Jun 01, 2017 at 02:36:38PM -0500, Eric W. Biederman wrote: >> Guenter Roeck writes: >> >> > On Thu, Jun 01, 2017 at 12:08:58PM -0500, Eric W. Biederman wrote: >> >> Guenter Roeck writes: >> >> > >> >> > I think you nailed it. If I drop CLONE_NEWPID from the reproducer I get >> >> > a zombie process. >> >> > >> >> > I guess the only question left is if zap_pid_ns_processes() should (or could) >> >> > somehow detect that situation and return instead of waiting forever. >> >> > What do you think ? >> >> >> >> Any chance you can point me at the chromium code that is performing the >> >> ptrace? >> >> >> >> I want to conduct a review of the kernel semantics to see if the current >> >> semantics make it unnecessarily easy to get into hang situations. If >> >> the semantics make it really easy to get into a hang situation I want >> >> to see if there is anything we can do to delicately change the semantics >> >> to avoid the hangs without breaking existing userspace. >> >> >> > The internal bug should be accessible to you. >> > >> > https://bugs.chromium.org/p/chromium/issues/detail?id=721298&desc=2 >> > >> > It has some additional information, and points to the following code in Chrome. >> > >> > https://cs.chromium.org/chromium/src/breakpad/src/client/linux/minidump_writer/linux_ptrace_dumper.cc?rcl=47e51739fd00badbceba5bc26b8abc8bbd530989&l=85 >> > >> > With the information we have, I don't really have a good idea what we could or >> > should change in Chrome to make the problem disappear, so I just concluded that >> > we'll have to live with the forever-sleeping task. >> >> I believe I see what is happening. The code makes the assumption that a >> thread will stay stopped and will not go away once ptrace attach >> completes. >> >> Unfortunately if someone sends SIGKILL to the process or exec sends >> SIGKILL to the individual thread then PTRACE_DETACH will fail. >> >> At which point you can use waitpid to reap the zombie and detach >> from the thread. >> >> So I think the forever-sleeping can be fixed with something as simple >> as changing ResumeThread to say: >> >> // Resumes a thread by detaching from it. >> static bool ResumeThread(pid_t pid) { >> if (sys_ptrace(PTRACE_DETACH, pid, NULL, NULL) >= 0) >> return true; >> /* Someone killed the thread? */ >> return waitpid(pid, NULL, 0) == pid; >> } >> >> It almost certainly makes sense to fix PTRACE_DETACH in the kernel to >> allow this case to work. And odds are good that we could make that >> change without breaking anyone. So it is worth a try. >> > > Do I interpret this correctly as "the above code should work, but currently > doesn't" ? I added the early exit and the fallback waitpid clause. So I am saying with a trivial modification the code can be made to work. Eric