[Devel] [PATCH RHEL7 COMMIT] ms/exit: reparent: document the ->has_child_subreaper checks

Konstantin Khorenko khorenko at virtuozzo.com
Mon Jun 20 21:12:50 MSK 2022 

The commit is pushed to "branch-rh7-3.10.0-1160.62.1.vz7.187.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.62.1.vz7.187.5
------>
commit 5c2af96d7fca3eb2728d6e11f80703b1303d1e09
Author: Oleg Nesterov <oleg at redhat.com>
Date:   Wed Jun 15 17:54:19 2022 +0300

    ms/exit: reparent: document the ->has_child_subreaper checks
    
    Swap the "init_task" and same_thread_group() checks.  This way it is more
    simple to document these checks and we can remove the link to the previous
    discussion on lkml.
    
    Signed-off-by: Oleg Nesterov <oleg at redhat.com>
    Cc: Aaron Tomlin <atomlin at redhat.com>
    Cc: "Eric W. Biederman" <ebiederm at xmission.com>
    Cc: Kay Sievers <kay at vrfy.org>
    Cc: Lennart Poettering <lennart at poettering.net>
    Cc: Sterling Alexander <stalexan at redhat.com>
    Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
    
    (cherry picked from ms commit 175aed3f8d38b87d3287bb765c794205f2b511de)
    Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
    
    =================
    Patchset description:
    vz7: fix child-reaper reparenting
    
    Forth patch is needed as kernel can reparent process to a dead thread
    which is wrong.
    
    Third patch is needed as kernel could reparent process from father from
    one pidns to process from different pidns, which creates configurations
    not supported by CRIU. Found it when reproducing problem from CRIU
    mainstream issue in VZ7 ct.
    
    https://github.com/checkpoint-restore/criu/issues/1914
    
    First and Second are just to make it apply cleaner.
    
    Oleg Nesterov (4):
      exit: reparent: fix the cross-namespace PR_SET_CHILD_SUBREAPER
        reparenting
      exit: reparent: document the ->has_child_subreaper checks
      exit: fix the setns() && PR_SET_CHILD_SUBREAPER interaction
      exit: reparent: fix the dead-parent PR_SET_CHILD_SUBREAPER reparenting
---
 kernel/exit.c | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/kernel/exit.c b/kernel/exit.c
index ff6c58f12d8f..b87564b77011 100644
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -643,18 +643,16 @@ static struct task_struct *find_new_reaper(struct task_struct *father)
 
 	if (father->signal->has_child_subreaper) {
 		struct task_struct *reaper;
-
 		/*
-		 * Find the first ancestor marked as child_subreaper.
-		 * Note that the code below checks same_thread_group(reaper,
-		 * pid_ns->child_reaper).  This is what we need to DTRT in a
-		 * PID namespace. However we still need the check above, see
-		 * http://marc.info/?l=linux-kernel&m=131385460420380
+		 * Find the first ->is_child_subreaper ancestor in our pid_ns.
+		 * We start from father to ensure we can not look into another
+		 * namespace, this is safe because all its threads are dead.
 		 */
 		for (reaper = father;
-		     reaper != &init_task;
+		     !same_thread_group(reaper, pid_ns->child_reaper);
 		     reaper = reaper->real_parent) {
-			if (same_thread_group(reaper, pid_ns->child_reaper))
+			/* call_usermodehelper() descendants need this check */
+			if (reaper == &init_task)
 				break;
 			if (!reaper->signal->is_child_subreaper)
 				continue;

More information about the Devel mailing list