OpenVZ Forum: Devel » [PATCH 7/9] sig: Handle pid namespace crossing when sending signals.

Home » Mailing lists » Devel » [PATCH 7/9] sig: Handle pid namespace crossing when sending signals.

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Re: [PATCH 8/9] signal: Drop signals before sending them to init. [message #25166 is a reply to message #25061]

Sun, 16 December 2007 15:52

Oleg Nesterov
Messages: 143
Registered: August 2006

Senior Member

On 12/13, Eric W. Biederman wrote:
>
> Oleg Nesterov <oleg@tv-sign.ru> writes:
> 
> > OK, if we change the semantics for /sbin/init signals we can avoid
> > a lot of problems,
> 
> Yes.  Otherwise we must track the source of the signals.

Yes.

> > Well, I am not sure about "explain" though. Unless I missed something
> > this makes the semantics a bit special.
> 
> Well the semantics are a bit special for init period.  I just
> make them special in a slightly different way.

Yes.

But still I personally can't agree with the new behaviour.

> > Suppose that init does sigtimedwait() but the handler == SIG_DFL.
>
> Yes that is a bit surprising.  However it is still easy to explain.
> The signal is never enqueued so sigtimedwait never gets the chance
> to do anything with it.

But this precisely means that sigtimedwait() is just broken for init.

Another example. /sbin/init execs, and tries to make sure it doesn't
miss the important signal (say, SIGCHLD). So it blocks SIGCHLD, execs,
and the new program installs the handler. However, the handler == SIG_DFL
right after exec, so signal could be missed.

Eric, I think the blocked signal should be enqueued. If application
blocks the signal, this is the strong indication it does care about
it, we shouldn't throw it out.

Yes, this also has surprises. If init unblocks the signal without
installing the handler, it could be killed. But this can happen with
your patch as well. sig_init_drop() returns false if we have a handler,
but this races with sys_rt_sigaction() which can set SIG_DFL, so init
could be killed.

IOW, I still have a strong feeling that this patch

	http://marc.info/?l=linux-kernel&m=118753610515859

is better, and more correct. That said, this all is very subjective,
I can't "prove" this of course.

> Interestingly enough this is not a problem
> for the current sysvinit.
> 
> sysvinit does this at start up:
>         /*
>          *      Ignore all signals.
>          */
>         for(f = 1; f <= NSIG; f++)
>                 SETSIG(sa, f, SIG_IGN, SA_RESTART);

Yes sure, the "good" init shouldn't have any problems with any approach.

Oleg.

_______________________________________________
Containers mailing list
Containers@lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers

Report message to a moderator

[Message index]

		[PATCH 7/9] sig: Handle pid namespace crossing when sending signals. By: ebiederm on Wed, 12 December 2007 12:52
		[PATCH 8/9] signal: Drop signals before sending them to init. By: ebiederm on Wed, 12 December 2007 12:57
		[PATCH 9/9] signal: Ignore signals sent to the pid namespace init By: ebiederm on Wed, 12 December 2007 12:58
		[PATCH 0/4] pid namespace infrastructure cleanups By: ebiederm on Wed, 12 December 2007 13:09
		[PATCH 1/4] pidns: Remove the child_reaper special case from de_thread. By: ebiederm on Wed, 12 December 2007 13:27
		[PATCH 2/4] proc: Simplify proc_get_sb. By: ebiederm on Wed, 12 December 2007 13:30
		[PATCH 3/4] proc: Remove the unnecessary global proc_mnt By: ebiederm on Wed, 12 December 2007 13:31
		[PATCH 4/4] pid: Move all of the pid_namespace logic into copy_pid_ns. By: ebiederm on Wed, 12 December 2007 13:33
		Re: [PATCH 2/4] proc: Simplify proc_get_sb. By: Pavel Emelianov on Wed, 12 December 2007 13:42
		Re: [PATCH 2/4] proc: Simplify proc_get_sb. By: ebiederm on Wed, 12 December 2007 14:06
		Re: [PATCH 9/9] signal: Ignore signals sent to the pid namespace init By: Oleg Nesterov on Thu, 13 December 2007 16:28
		Re: [PATCH 9/9] signal: Ignore signals sent to the pid namespace init By: ebiederm on Thu, 13 December 2007 18:16
		Re: [PATCH 9/9] signal: Ignore signals sent to the pid namespace init By: ebiederm on Thu, 13 December 2007 18:33
		Re: [PATCH 9/9] signal: Ignore signals sent to the pid namespace init By: ebiederm on Tue, 18 December 2007 08:37
		Re: [PATCH 8/9] signal: Drop signals before sending them to init. By: serue on Wed, 12 December 2007 19:00
		Re: [PATCH 8/9] signal: Drop signals before sending them to init. By: ebiederm on Wed, 12 December 2007 19:33
		Re: [PATCH 8/9] signal: Drop signals before sending them to init. By: Oleg Nesterov on Thu, 13 December 2007 16:25
		Re: [PATCH 8/9] signal: Drop signals before sending them to init. By: ebiederm on Thu, 13 December 2007 17:50
		Re: [PATCH 8/9] signal: Drop signals before sending them to init. By: Oleg Nesterov on Thu, 13 December 2007 18:18
		Re: [PATCH 8/9] signal: Drop signals before sending them to init. By: ebiederm on Thu, 13 December 2007 18:50
		Re: [PATCH 8/9] signal: Drop signals before sending them to init. By: Oleg Nesterov on Sun, 16 December 2007 15:52
		Re: [PATCH 8/9] signal: Drop signals before sending them to init. By: ebiederm on Tue, 18 December 2007 04:06
		Re: [PATCH 8/9] signal: Drop signals before sending them to init. By: Oleg Nesterov on Tue, 18 December 2007 12:22
		Re: [PATCH 8/9] signal: Drop signals before sending them to init. By: ebiederm on Tue, 18 December 2007 13:36
		Re: [PATCH 8/9] signal: Drop signals before sending them to init. By: Oleg Nesterov on Tue, 18 December 2007 15:30
		Re: [PATCH 8/9] signal: Drop signals before sending them to init. By: ebiederm on Tue, 18 December 2007 21:34
		Re: [PATCH 8/9] signal: Drop signals before sending them to init. By: Oleg Nesterov on Wed, 19 December 2007 13:42

Previous Topic:	cifs_partialpagewrite() cleanup
Next Topic:	netlink compat for ipt_ULOG

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Thu Aug 15 17:37:44 GMT 2024

Total time taken to generate the page: 0.02990 seconds