[Devel] [PATCH rh7] signal/ve: allow to send signal from another ve namespace

Thu Nov 12 06:53:59 PST 2015

2015-11-12 17:46 GMT+03:00 Stanislav Kinsburskiу <skinsbursky at odin.com>:
>
> 12 нояб. 2015 г. 15:14 пользователь Andrey Ryabinin <aryabinin at virtuozzo.com> написал:
>>
>> CRIU sends SIGKILL to container's init process as a part of
>> cleanup process if restoring failed.
>> CRIU does this from a different ve, which is currently not allowed
>> without any apparent reason.
>
> The reason looks very clear to me: improve namespaces isolation.
> It espesially applies to killing child reaper of another ve.
> You throwed away this check, and now it's possible to kill one container from another one.
> Or I'm missing somethig?

Each container has its own pidns, so you can't kill anyone who isn't
in this pidns.

>
>> SIGKILL just ignored, thus CRIU
>> hangs on wait for process being killed.
>> So this patch allows such signals.
>>
>> https://jira.sw.ru/browse/PSBM-40896
>>
>> Signed-off-by: Andrey Ryabinin <aryabinin at virtuozzo.com>
>> ---
>> include/linux/ve_proto.h |  3 ---
>> kernel/signal.c          | 27 ++-------------------------
>> 2 files changed, 2 insertions(+), 28 deletions(-)
>>
>> diff --git a/include/linux/ve_proto.h b/include/linux/ve_proto.h
>> index 0f5898e..153f18b 100644
>> --- a/include/linux/ve_proto.h
>> +++ b/include/linux/ve_proto.h
>> @@ -31,7 +31,6 @@ static inline bool ve_is_super(struct ve_struct *ve)
>> }
>>
>> #define get_exec_env() (current->task_ve)
>> -#define get_env_init(ve) (ve->ve_ns->pid_ns->child_reaper)
>>
>> const char *ve_name(struct ve_struct *ve);
>>
>> @@ -122,8 +121,6 @@ static inline struct ve_struct *get_exec_env(void)
>> return NULL;
>> }
>>
>> -#define get_env_init(ve) (ve->ve_ns->pid_ns->child_reaper)
>> -
>> static inline bool ve_is_super(struct ve_struct *ve)
>> {
>> return true;
>> diff --git a/kernel/signal.c b/kernel/signal.c
>> index 357f164..49fbdb0 100644
>> --- a/kernel/signal.c
>> +++ b/kernel/signal.c
>> @@ -55,27 +55,6 @@ static inline int is_si_special(const struct siginfo *info);
>>
>> int print_fatal_signals __read_mostly;
>>
>> -static int sig_ve_ignored(int sig, struct siginfo *info, struct task_struct *t)
>> -{
>> - struct ve_struct *ve;
>> -
>> - /* always allow signals from the kernel */
>> - if (info == SEND_SIG_FORCED ||
>> -     (!is_si_special(info) && SI_FROMKERNEL(info)))
>> - return 0;
>> -
>> - ve = get_exec_env();
>> - if (ve_is_super(ve))
>> - return 0;
>> - rcu_read_lock();
>> - if (ve->ve_ns && get_env_init(ve) != t) {
>> - rcu_read_unlock();
>> - return 0;
>> - }
>> - rcu_read_unlock();
>> - return !sig_user_defined(t, sig) || sig_kernel_only(sig);
>> -}
>> -
>> static void __user *sig_handler(struct task_struct *t, int sig)
>> {
>> return t->sighand->action[sig - 1].sa.sa_handler;
>> @@ -1361,8 +1340,7 @@ int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
>> rcu_read_unlock();
>>
>> if (!ret && sig)
>> - ret = sig_ve_ignored(sig, info, p) ? 0 :
>> - do_send_sig_info(sig, info, p, true);
>> + ret = do_send_sig_info(sig, info, p, true);
>>
>> return ret;
>> }
>> @@ -2976,8 +2954,7 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info)
>> * probe.  No signal is actually delivered.
>> */
>> if (!error && sig) {
>> - if (!sig_ve_ignored(sig, info, p))
>> - error = do_send_sig_info(sig, info, p, false);
>> + error = do_send_sig_info(sig, info, p, false);
>> /*
>> * If lock_task_sighand() failed we pretend the task
>> * dies after receiving the signal. The window is tiny,
>> --
>> 2.4.10
>>
>> _______________________________________________
>> Devel mailing list
>> Devel at openvz.org
>> https://lists.openvz.org/mailman/listinfo/devel
>
> _______________________________________________
> Devel mailing list
> Devel at openvz.org
> https://lists.openvz.org/mailman/listinfo/devel