| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 08 Jul 2021 08:14:54 +0200
From: Florian Weimer <fweimer@...hat.com>
To: Suren Baghdasaryan <surenb@...gle.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>,
Michal Hocko <mhocko@...nel.org>,
Michal Hocko <mhocko@...e.com>,
David Rientjes <rientjes@...gle.com>,
Matthew Wilcox <willy@...radead.org>,
Johannes Weiner <hannes@...xchg.org>,
Roman Gushchin <guro@...com>, Rik van Riel <riel@...riel.com>,
Minchan Kim <minchan@...nel.org>,
Christian Brauner <christian@...uner.io>,
Christoph Hellwig <hch@...radead.org>,
Oleg Nesterov <oleg@...hat.com>,
David Hildenbrand <david@...hat.com>,
Jann Horn <jannh@...gle.com>,
Shakeel Butt <shakeelb@...gle.com>,
Tim Murray <timmurray@...gle.com>,
Linux API <linux-api@...r.kernel.org>,
linux-mm <linux-mm@...ck.org>,
LKML <linux-kernel@...r.kernel.org>,
kernel-team <kernel-team@...roid.com>
Subject: Re: [PATCH 1/1] mm: introduce process_reap system call
* Suren Baghdasaryan:
> On Wed, Jul 7, 2021 at 10:41 PM Florian Weimer <fweimer@...hat.com> wrote:
>>
>> * Suren Baghdasaryan:
>>
>> > On Wed, Jul 7, 2021 at 2:47 AM Florian Weimer <fweimer@...hat.com> wrote:
>> >>
>> >> * Suren Baghdasaryan:
>> >>
>> >> > The API is as follows,
>> >> >
>> >> > int process_reap(int pidfd, unsigned int flags);
>> >> >
>> >> > DESCRIPTION
>> >> > The process_reap() system call is used to free the memory of a
>> >> > dying process.
>> >> >
>> >> > The pidfd selects the process referred to by the PID file
>> >> > descriptor.
>> >> > (See pidofd_open(2) for further information)
>> >> >
>> >> > The flags argument is reserved for future use; currently, this
>> >> > argument must be specified as 0.
>> >> >
>> >> > RETURN VALUE
>> >> > On success, process_reap() returns 0. On error, -1 is returned
>> >> > and errno is set to indicate the error.
>> >>
>> >> I think the manual page should mention what it means for a process to be
>> >> “dying”, and how to move a process to this state.
>> >
>> > Thanks for the suggestion, Florian! Would replacing "dying process"
>> > with "process which was sent a SIGKILL signal" be sufficient?
>>
>> That explains very clearly the requirement, but it raises the question
>> why this isn't an si_code flag for rt_sigqueueinfo, reusing the existing
>> system call.
>
> I think you are suggesting to use sigqueue() to deliver the signal and
> perform the reaping when a special value accompanies it. This would be
> somewhat similar to my early suggestion to use a flag in
> pidfd_send_signal() (see:
> https://lore.kernel.org/patchwork/patch/1060407) to implement memory
> reaping which has another advantage of operation on PIDFDs instead of
> PIDs which can be recycled.
> kill()/pidfd_send_signal()/sigqueue() are supposed to deliver the
> signal and return without blocking. Changing that behavior was
> considered unacceptable in these discussions.
Does this mean that you need two threads, one that sends SIGKILL, and
one that calls process_reap? Given that sending SIGKILL is blocking
with the existing interfaces?
Please also note that asynchronous deallocation of resources leads to
bugs and can cause unrelated workloads to fail. For example, in some
configurations, clone can fail with EAGAIN even in cases where the total
number of tasks is clearly bounded because the kernel signals task exit
to applications before all resources are deallocated. I'm worried that
the new interface makes things quite a bit worse in this regard.
Thanks,
Florian
Powered by blists - more mailing lists