[Devel] [PATCH rh7] signal/ve: allow to send signal from another ve namespace

Thu Nov 12 06:46:04 PST 2015

12 нояб. 2015 г. 15:14 пользователь Andrey Ryabinin <aryabinin at virtuozzo.com> написал:
>
> CRIU sends SIGKILL to container's init process as a part of 
> cleanup process if restoring failed. 
> CRIU does this from a different ve, which is currently not allowed 
> without any apparent reason.

The reason looks very clear to me: improve namespaces isolation.
It espesially applies to killing child reaper of another ve.
You throwed away this check, and now it's possible to kill one container from another one.
Or I'm missing somethig?

> SIGKILL just ignored, thus CRIU 
> hangs on wait for process being killed. 
> So this patch allows such signals. 
>
> https://jira.sw.ru/browse/PSBM-40896 
>
> Signed-off-by: Andrey Ryabinin <aryabinin at virtuozzo.com> 
> --- 
> include/linux/ve_proto.h |  3 --- 
> kernel/signal.c          | 27 ++------------------------- 
> 2 files changed, 2 insertions(+), 28 deletions(-) 
>
> diff --git a/include/linux/ve_proto.h b/include/linux/ve_proto.h 
> index 0f5898e..153f18b 100644 
> --- a/include/linux/ve_proto.h 
> +++ b/include/linux/ve_proto.h 
> @@ -31,7 +31,6 @@ static inline bool ve_is_super(struct ve_struct *ve) 
> } 
>
> #define get_exec_env() (current->task_ve) 
> -#define get_env_init(ve) (ve->ve_ns->pid_ns->child_reaper) 
>
> const char *ve_name(struct ve_struct *ve); 
>
> @@ -122,8 +121,6 @@ static inline struct ve_struct *get_exec_env(void) 
> return NULL; 
> } 
>
> -#define get_env_init(ve) (ve->ve_ns->pid_ns->child_reaper) 
> - 
> static inline bool ve_is_super(struct ve_struct *ve) 
> { 
> return true; 
> diff --git a/kernel/signal.c b/kernel/signal.c 
> index 357f164..49fbdb0 100644 
> --- a/kernel/signal.c 
> +++ b/kernel/signal.c 
> @@ -55,27 +55,6 @@ static inline int is_si_special(const struct siginfo *info); 
>
> int print_fatal_signals __read_mostly; 
>
> -static int sig_ve_ignored(int sig, struct siginfo *info, struct task_struct *t) 
> -{ 
> - struct ve_struct *ve; 
> - 
> - /* always allow signals from the kernel */ 
> - if (info == SEND_SIG_FORCED || 
> -     (!is_si_special(info) && SI_FROMKERNEL(info))) 
> - return 0; 
> - 
> - ve = get_exec_env(); 
> - if (ve_is_super(ve)) 
> - return 0; 
> - rcu_read_lock(); 
> - if (ve->ve_ns && get_env_init(ve) != t) { 
> - rcu_read_unlock(); 
> - return 0; 
> - } 
> - rcu_read_unlock(); 
> - return !sig_user_defined(t, sig) || sig_kernel_only(sig); 
> -} 
> - 
> static void __user *sig_handler(struct task_struct *t, int sig) 
> { 
> return t->sighand->action[sig - 1].sa.sa_handler; 
> @@ -1361,8 +1340,7 @@ int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) 
> rcu_read_unlock(); 
>
> if (!ret && sig) 
> - ret = sig_ve_ignored(sig, info, p) ? 0 : 
> - do_send_sig_info(sig, info, p, true); 
> + ret = do_send_sig_info(sig, info, p, true); 
>
> return ret; 
> } 
> @@ -2976,8 +2954,7 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info) 
> * probe.  No signal is actually delivered. 
> */ 
> if (!error && sig) { 
> - if (!sig_ve_ignored(sig, info, p)) 
> - error = do_send_sig_info(sig, info, p, false); 
> + error = do_send_sig_info(sig, info, p, false); 
> /* 
> * If lock_task_sighand() failed we pretend the task 
> * dies after receiving the signal. The window is tiny, 
> -- 
> 2.4.10 
>
> _______________________________________________ 
> Devel mailing list 
> Devel at openvz.org 
> https://lists.openvz.org/mailman/listinfo/devel 