[Devel] Re: [PATCH 5/7][v8] zap_pid_ns_process() should use force_sig()

Thu, 19 Feb 2009 12:30:24 -0800 

Oleg Nesterov [o...@redhat.com] wrote:
| On 02/18, Sukadev Bhattiprolu wrote:
| >
| >     read_lock(&tasklist_lock);
| >     nr = next_pidmap(pid_ns, 1);
| >     while (nr > 0) {
| > -           kill_proc_info(SIGKILL, SEND_SIG_PRIV, nr);
| > +           rcu_read_lock();
| > +
| > +           /*
| > +            * Use force_sig() since it clears SIGNAL_UNKILLABLE ensuring
| > +            * any nested-container's init processes don't ignore the
| > +            * signal
| > +            */
| > +           task = pid_task(find_vpid(nr), PIDTYPE_PID);
| > +           force_sig(SIGKILL, task);
| 
| Shouldn't we check task != NULL ?

Yes. Here is the updated patch.
---

From: Sukadev Bhattiprolu <suka...@linux.vnet.ibm.com>
Date: Wed, 18 Feb 2009 15:12:30 -0800
Subject: [PATCH 5/7][v8] zap_pid_ns_process() should use force_sig()

send_signal() assumes that signals with SEND_SIG_PRIV are generated from
within the same namespace. So any nested container-init processes become
immune to the SIGKILL generated by kill_proc_info() in zap_pid_ns_processes().

Use force_sig() in zap_pid_ns_processes() instead - force_sig() clears the
SIGNAL_UNKILLABLE flag ensuring the signal is processed by container-inits.

Signed-off-by: Sukadev Bhattiprolu <suka...@linux.vnet.ibm.com>
---
 kernel/pid_namespace.c |   15 ++++++++++++++-
 1 files changed, 14 insertions(+), 1 deletions(-)

diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c
index fab8ea8..2d1001b 100644
--- a/kernel/pid_namespace.c
+++ b/kernel/pid_namespace.c
@@ -152,6 +152,7 @@ void zap_pid_ns_processes(struct pid_namespace *pid_ns)
 {
        int nr;
        int rc;
+       struct task_struct *task;
 
        /*
         * The last thread in the cgroup-init thread group is terminating.
@@ -169,7 +170,19 @@ void zap_pid_ns_processes(struct pid_namespace *pid_ns)
        read_lock(&tasklist_lock);
        nr = next_pidmap(pid_ns, 1);
        while (nr > 0) {
-               kill_proc_info(SIGKILL, SEND_SIG_PRIV, nr);
+               rcu_read_lock();
+
+               /*
+                * Use force_sig() since it clears SIGNAL_UNKILLABLE ensuring
+                * any nested-container's init processes don't ignore the
+                * signal
+                */
+               task = pid_task(find_vpid(nr), PIDTYPE_PID);
+               if (task)
+                       force_sig(SIGKILL, task);
+
+               rcu_read_unlock();
+
                nr = next_pidmap(pid_ns, nr);
        }
        read_unlock(&tasklist_lock);
-- 
1.5.2.5

_______________________________________________
Containers mailing list
contain...@lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers

_______________________________________________
Devel mailing list
Devel@openvz.org
https://openvz.org/mailman/listinfo/devel

Reply via email to