Oleg Nesterov [o...@redhat.com] wrote: | On 02/18, Sukadev Bhattiprolu wrote: | > | > read_lock(&tasklist_lock); | > nr = next_pidmap(pid_ns, 1); | > while (nr > 0) { | > - kill_proc_info(SIGKILL, SEND_SIG_PRIV, nr); | > + rcu_read_lock(); | > + | > + /* | > + * Use force_sig() since it clears SIGNAL_UNKILLABLE ensuring | > + * any nested-container's init processes don't ignore the | > + * signal | > + */ | > + task = pid_task(find_vpid(nr), PIDTYPE_PID); | > + force_sig(SIGKILL, task); | | Shouldn't we check task != NULL ?
Yes. Here is the updated patch. --- From: Sukadev Bhattiprolu <suka...@linux.vnet.ibm.com> Date: Wed, 18 Feb 2009 15:12:30 -0800 Subject: [PATCH 5/7][v8] zap_pid_ns_process() should use force_sig() send_signal() assumes that signals with SEND_SIG_PRIV are generated from within the same namespace. So any nested container-init processes become immune to the SIGKILL generated by kill_proc_info() in zap_pid_ns_processes(). Use force_sig() in zap_pid_ns_processes() instead - force_sig() clears the SIGNAL_UNKILLABLE flag ensuring the signal is processed by container-inits. Signed-off-by: Sukadev Bhattiprolu <suka...@linux.vnet.ibm.com> --- kernel/pid_namespace.c | 15 ++++++++++++++- 1 files changed, 14 insertions(+), 1 deletions(-) diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c index fab8ea8..2d1001b 100644 --- a/kernel/pid_namespace.c +++ b/kernel/pid_namespace.c @@ -152,6 +152,7 @@ void zap_pid_ns_processes(struct pid_namespace *pid_ns) { int nr; int rc; + struct task_struct *task; /* * The last thread in the cgroup-init thread group is terminating. @@ -169,7 +170,19 @@ void zap_pid_ns_processes(struct pid_namespace *pid_ns) read_lock(&tasklist_lock); nr = next_pidmap(pid_ns, 1); while (nr > 0) { - kill_proc_info(SIGKILL, SEND_SIG_PRIV, nr); + rcu_read_lock(); + + /* + * Use force_sig() since it clears SIGNAL_UNKILLABLE ensuring + * any nested-container's init processes don't ignore the + * signal + */ + task = pid_task(find_vpid(nr), PIDTYPE_PID); + if (task) + force_sig(SIGKILL, task); + + rcu_read_unlock(); + nr = next_pidmap(pid_ns, nr); } read_unlock(&tasklist_lock); -- 1.5.2.5 _______________________________________________ Containers mailing list contain...@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/containers _______________________________________________ Devel mailing list Devel@openvz.org https://openvz.org/mailman/listinfo/devel