Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751672AbdIMR06 convert rfc822-to-8bit (ORCPT ); Wed, 13 Sep 2017 13:26:58 -0400 Received: from nov-007-i584.relay.mailchannels.net ([46.232.183.138]:14553 "EHLO nov-007-i584.relay.mailchannels.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751619AbdIMR0x (ORCPT ); Wed, 13 Sep 2017 13:26:53 -0400 X-Sender-Id: novatrend|x-authuser|juerg@bitron.ch X-Sender-Id: novatrend|x-authuser|juerg@bitron.ch X-MC-Relay: Neutral X-MailChannels-SenderId: novatrend|x-authuser|juerg@bitron.ch X-MailChannels-Auth-Id: novatrend X-Soft-Abaft: 47b0735e0c5b06d9_1505323608739_609866409 X-MC-Loop-Signature: 1505323608739:1171887708 X-MC-Ingress-Time: 1505323608738 Message-ID: <1505323578.49783.10.camel@bitron.ch> Subject: Re: [PATCH] prctl: add PR_[GS]ET_PDEATHSIG_PROC From: =?ISO-8859-1?Q?J=FCrg?= Billeter To: Oleg Nesterov Cc: Andrew Morton , Eric Biederman , linux-kernel@vger.kernel.org, Linus Torvalds , Michael Kerrisk Date: Wed, 13 Sep 2017 19:26:18 +0200 In-Reply-To: <20170913171135.GB14063@redhat.com> References: <20170909094008.49983-1-j@bitron.ch> <20170912170544.GA32121@redhat.com> <1505242495.5111.82.camel@bitron.ch> <20170913171135.GB14063@redhat.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.26.0 Mime-Version: 1.0 X-AuthUser: juerg@bitron.ch Content-Transfer-Encoding: 8BIT Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1679 Lines: 39 On Wed, 2017-09-13 at 19:11 +0200, Oleg Nesterov wrote: > On 09/12, Jürg Billeter wrote: > > > > On Tue, 2017-09-12 at 19:05 +0200, Oleg Nesterov wrote: > > > On 09/09, Jürg Billeter wrote: > > > > Unlike > > > > PR_SET_PDEATHSIG, this is inherited across fork to allow killing a whole > > > > subtree without race conditions. > > > > > > but I am still not sure this is right... at least I can't understand the > > > "without race conditions" above. > > > > > > IOW, the child can do prctl(PR_SET_PDEATHSIG_PROC, SIGKILL) right after fork(), > > > why this is not enough to kill a whole subtree without race conditions? > > > > What if the parent dies between fork() and prctl()? > > The child will be killed? Sorry, can't understand... If PR_SET_PDEATHSIG_PROC was not inherited across fork and the parent died between fork() and prctl(PR_SET_PDEATHSIG_PROC, SIGKILL) in the child, the child would not be killed. It would be reparented to init(1) or a subreaper, i.e., you end up with a runaway process. It would be possible to safe guard against this race condition in other ways but inheriting the setting avoids it nicely, and makes it easy to apply/enforce PDEATHSIG_PROC for all descendants. > > > Say, CLONE_PARENT. Should it succeed if ->pdeath_signal_proc != 0 ? > > > > Yes, I don't see an issue with that. The new process will be a sibling > > and inheriting pdeath_signal_proc seems sensible to me for this. > > I meant, the process created by clone(CLONE_PARENT) won't be killed by > pdeath_signal if the creator process exits, exactly because it won't be > its child. Not that I think this is wrong. Right, creator and parent won't be the same. Jürg