[CRIU] [PATCH] seize: detach from external processes before killing dumped processes

Mon Feb 8 03:04:20 PST 2016

On 02/05/2016 04:02 AM, Andrey Vagin wrote:
> When we kill a container, all processes from its pidns are killed by
> SIGKILL, but we don't expect that someone from the freezer cgroup will
> be killed too if it was not dumped.
> 
> (00.468446) Error (seize.c:439): Unexpected child 79162
> (00.468489) Error (seize.c:440): BUG at seize.c:440
> 
> This situation is posiable, if someone enters into pidns by setns.
> 
> In this patch, we deatches from extra processes before killing dumped
> processes. In this case, we are not get signals if someone is killed.
> 
> https://jira.sw.ru/browse/PSBM-43795
> Signed-off-by: Andrey Vagin <avagin at openvz.org>
> Signed-off-by: Andrew Vagin <avagin at virtuozzo.com>
> ---
>  ptrace.c |  3 ---
>  seize.c  | 50 +++++++++++++++++++++++++++++++-------------------
>  2 files changed, 31 insertions(+), 22 deletions(-)
> 
> diff --git a/ptrace.c b/ptrace.c
> index 85c7603..25970fc 100644
> --- a/ptrace.c
> +++ b/ptrace.c
> @@ -50,9 +50,6 @@ int unseize_task(pid_t pid, int orig_st, int st)
>  	} else
>  		pr_err("Unknown final state %d\n", st);
>  
> -	if (opts.freeze_cgroup)
> -		return 0;
> -
>  	if (ptrace(PTRACE_DETACH, pid, NULL, NULL)) {
>  		pr_perror("Unable to detach from %d", pid);
>  		return -1;
> diff --git a/seize.c b/seize.c
> index 17ec830..bb4b1ad 100644
> --- a/seize.c
> +++ b/seize.c
> @@ -177,6 +177,8 @@ static int seize_cgroup_tree(char *root_path, const char *state)
>  /* A number of tasks in a freezer cgroup which are not going to be dumped */
>  int processes_to_wait;
>  
> +static int *external_processes;
> +int n_external_processes;

This is becoming a mess.
My first question -- is BUG_ON(n_external_processes == processes_to_wait) valid?

>  /*
>   * A freezer cgroup can contain tasks which will not be dumped
>   * and we need to wait them, because the are interupted them by ptrace.