[Devel] [PATCH rh7] signal/ve: allow to send signal from another ve namespace

Thu Nov 12 06:59:04 PST 2015

12.11.2015 15:53, Andrey Wagin пишет:
> 2015-11-12 17:46 GMT+03:00 Stanislav Kinsburskiу <skinsbursky at odin.com>:
>> 12 нояб. 2015 г. 15:14 пользователь Andrey Ryabinin <aryabinin at virtuozzo.com> написал:
>>> CRIU sends SIGKILL to container's init process as a part of
>>> cleanup process if restoring failed.
>>> CRIU does this from a different ve, which is currently not allowed
>>> without any apparent reason.
>> The reason looks very clear to me: improve namespaces isolation.
>> It espesially applies to killing child reaper of another ve.
>> You throwed away this check, and now it's possible to kill one container from another one.
>> Or I'm missing somethig?
> Each container has its own pidns, so you can't kill anyone who isn't
> in this pidns.

So how CRIU sends kill signal from one ve to another then?

>
>>> SIGKILL just ignored, thus CRIU
>>> hangs on wait for process being killed.
>>> So this patch allows such signals.
>>>
>>> https://jira.sw.ru/browse/PSBM-40896
>>>
>>> Signed-off-by: Andrey Ryabinin <aryabinin at virtuozzo.com>
>>> ---
>>> include/linux/ve_proto.h |  3 ---
>>> kernel/signal.c          | 27 ++-------------------------
>>> 2 files changed, 2 insertions(+), 28 deletions(-)
>>>
>>> diff --git a/include/linux/ve_proto.h b/include/linux/ve_proto.h
>>> index 0f5898e..153f18b 100644
>>> --- a/include/linux/ve_proto.h
>>> +++ b/include/linux/ve_proto.h
>>> @@ -31,7 +31,6 @@ static inline bool ve_is_super(struct ve_struct *ve)
>>> }
>>>
>>> #define get_exec_env() (current->task_ve)
>>> -#define get_env_init(ve) (ve->ve_ns->pid_ns->child_reaper)
>>>
>>> const char *ve_name(struct ve_struct *ve);
>>>
>>> @@ -122,8 +121,6 @@ static inline struct ve_struct *get_exec_env(void)
>>> return NULL;
>>> }
>>>
>>> -#define get_env_init(ve) (ve->ve_ns->pid_ns->child_reaper)
>>> -
>>> static inline bool ve_is_super(struct ve_struct *ve)
>>> {
>>> return true;
>>> diff --git a/kernel/signal.c b/kernel/signal.c
>>> index 357f164..49fbdb0 100644
>>> --- a/kernel/signal.c
>>> +++ b/kernel/signal.c
>>> @@ -55,27 +55,6 @@ static inline int is_si_special(const struct siginfo *info);
>>>
>>> int print_fatal_signals __read_mostly;
>>>
>>> -static int sig_ve_ignored(int sig, struct siginfo *info, struct task_struct *t)
>>> -{
>>> - struct ve_struct *ve;
>>> -
>>> - /* always allow signals from the kernel */
>>> - if (info == SEND_SIG_FORCED ||
>>> -     (!is_si_special(info) && SI_FROMKERNEL(info)))
>>> - return 0;
>>> -
>>> - ve = get_exec_env();
>>> - if (ve_is_super(ve))
>>> - return 0;
>>> - rcu_read_lock();
>>> - if (ve->ve_ns && get_env_init(ve) != t) {
>>> - rcu_read_unlock();
>>> - return 0;
>>> - }
>>> - rcu_read_unlock();
>>> - return !sig_user_defined(t, sig) || sig_kernel_only(sig);
>>> -}
>>> -
>>> static void __user *sig_handler(struct task_struct *t, int sig)
>>> {
>>> return t->sighand->action[sig - 1].sa.sa_handler;
>>> @@ -1361,8 +1340,7 @@ int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
>>> rcu_read_unlock();
>>>
>>> if (!ret && sig)
>>> - ret = sig_ve_ignored(sig, info, p) ? 0 :
>>> - do_send_sig_info(sig, info, p, true);
>>> + ret = do_send_sig_info(sig, info, p, true);
>>>
>>> return ret;
>>> }
>>> @@ -2976,8 +2954,7 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info)
>>> * probe.  No signal is actually delivered.
>>> */
>>> if (!error && sig) {
>>> - if (!sig_ve_ignored(sig, info, p))
>>> - error = do_send_sig_info(sig, info, p, false);
>>> + error = do_send_sig_info(sig, info, p, false);
>>> /*
>>> * If lock_task_sighand() failed we pretend the task
>>> * dies after receiving the signal. The window is tiny,
>>> --
>>> 2.4.10
>>>
>>> _______________________________________________
>>> Devel mailing list
>>> Devel at openvz.org
>>> https://lists.openvz.org/mailman/listinfo/devel
>> _______________________________________________
>> Devel mailing list
>> Devel at openvz.org
>> https://lists.openvz.org/mailman/listinfo/devel