[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20090219202611.GA10134@us.ibm.com>
Date: Thu, 19 Feb 2009 12:26:11 -0800
From: Sukadev Bhattiprolu <sukadev@...ux.vnet.ibm.com>
To: Oleg Nesterov <oleg@...hat.com>
Cc: Andrew Morton <akpm@...l.org>, roland@...hat.com,
"Eric W. Biederman" <ebiederm@...ssion.com>, daniel@...ac.com,
Containers <containers@...ts.osdl.org>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 5/7][v8] zap_pid_ns_process() should use force_sig()
Oleg Nesterov [oleg@...hat.com] wrote:
| On 02/18, Sukadev Bhattiprolu wrote:
| >
| > read_lock(&tasklist_lock);
| > nr = next_pidmap(pid_ns, 1);
| > while (nr > 0) {
| > - kill_proc_info(SIGKILL, SEND_SIG_PRIV, nr);
| > + rcu_read_lock();
| > +
| > + /*
| > + * Use force_sig() since it clears SIGNAL_UNKILLABLE ensuring
| > + * any nested-container's init processes don't ignore the
| > + * signal
| > + */
| > + task = pid_task(find_vpid(nr), PIDTYPE_PID);
| > + force_sig(SIGKILL, task);
|
| Shouldn't we check task != NULL ?
Yes. Here is the updated patch.
---
From: Sukadev Bhattiprolu <sukadev@...ux.vnet.ibm.com>
Date: Wed, 18 Feb 2009 15:12:30 -0800
Subject: [PATCH 5/7][v8] zap_pid_ns_process() should use force_sig()
send_signal() assumes that signals with SEND_SIG_PRIV are generated from
within the same namespace. So any nested container-init processes become
immune to the SIGKILL generated by kill_proc_info() in zap_pid_ns_processes().
Use force_sig() in zap_pid_ns_processes() instead - force_sig() clears the
SIGNAL_UNKILLABLE flag ensuring the signal is processed by container-inits.
Signed-off-by: Sukadev Bhattiprolu <sukadev@...ux.vnet.ibm.com>
---
kernel/pid_namespace.c | 15 ++++++++++++++-
1 files changed, 14 insertions(+), 1 deletions(-)
diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c
index fab8ea8..2d1001b 100644
--- a/kernel/pid_namespace.c
+++ b/kernel/pid_namespace.c
@@ -152,6 +152,7 @@ void zap_pid_ns_processes(struct pid_namespace *pid_ns)
{
int nr;
int rc;
+ struct task_struct *task;
/*
* The last thread in the cgroup-init thread group is terminating.
@@ -169,7 +170,19 @@ void zap_pid_ns_processes(struct pid_namespace *pid_ns)
read_lock(&tasklist_lock);
nr = next_pidmap(pid_ns, 1);
while (nr > 0) {
- kill_proc_info(SIGKILL, SEND_SIG_PRIV, nr);
+ rcu_read_lock();
+
+ /*
+ * Use force_sig() since it clears SIGNAL_UNKILLABLE ensuring
+ * any nested-container's init processes don't ignore the
+ * signal
+ */
+ task = pid_task(find_vpid(nr), PIDTYPE_PID);
+ if (task)
+ force_sig(SIGKILL, task);
+
+ rcu_read_unlock();
+
nr = next_pidmap(pid_ns, nr);
}
read_unlock(&tasklist_lock);
--
1.5.2.5
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists