Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp2019071pxf; Sat, 13 Mar 2021 05:18:32 -0800 (PST) X-Google-Smtp-Source: ABdhPJwfbvtW7lPy3v0ardFi3qjts2rotMScG6kwsOZz1A2f0hCbUDt2G6HdpHWMnbxGH5mBpyB2 X-Received: by 2002:a05:6402:3c7:: with SMTP id t7mr19973242edw.196.1615641512505; Sat, 13 Mar 2021 05:18:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1615641512; cv=none; d=google.com; s=arc-20160816; b=hvmuYRP4Xd2Pxs6HNRVDs4F3Ei5TjO+BU81xTAQfojFjA3iTAT6UE4KdSN0Bw6Zl/q K3mhuZt2q7/kQ9h6YsZIiN0vmsJt+exjzWfud0z/pRFSCMSO2iCzqMtB49WUKzTSp/8o 6RWxPGp/G2YeDy211/ymekXCk5HdiMo6aubd08QhHER7RgW/DgpGzvxjtV8TGVgwBypQ 62pz+MUGt646vYUUUCupVIbAgPuWeOLMZZjrJSlHZsfpW8u1lcqeODvOKpU8grSENY8M 8VmUW+OrWC7nKkpuo8Vn5wHc+CHQOThIcOMxUVIvIMHkP3Fcq7JBVGc5vQPgH7B+46AQ PjDg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=pMPkBnzdQOM60a/PfsFaO6+x3TlhRc/ju/+/xhkipuk=; b=OpoN3sBCbLnuv7X5Gyk/whGBsWHqEFeQGtjaVviHpBjOpmtpMgsXejBvSk+Nfb6bS8 xP55SF7Tfd0eiYvyGq3v9rex3SsgBejkl36FEZUbFCh3bzw80H4mbfxynE/1c6K7r8IE TkmYZzB+GfZV17LkvqQ5rWON09Zg3zKq+Z0UdCYzOGqztebLhfhZM2mcceY1Bk4OpLoM ibcovLS9Uia3ZYAVCQQgdEzjGEHTa5WSs3HMINLBq2h5lWPatRs1pnRrYihvF5/1A5lV ffcgedq/1zOFenWGeUVhWrg4fyrh/Pr2BPyLpjpQciCSKveH9pyo3g9Qli/0ZLpkBJ8v C3Nw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=avYx8PSe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id dt8si6614004ejc.111.2021.03.13.05.18.07; Sat, 13 Mar 2021 05:18:32 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=avYx8PSe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233103AbhCMNJl (ORCPT + 99 others); Sat, 13 Mar 2021 08:09:41 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40650 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229615AbhCMNJ1 (ORCPT ); Sat, 13 Mar 2021 08:09:27 -0500 Received: from mail-lf1-x133.google.com (mail-lf1-x133.google.com [IPv6:2a00:1450:4864:20::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 427F8C061574 for ; Sat, 13 Mar 2021 05:09:27 -0800 (PST) Received: by mail-lf1-x133.google.com with SMTP id 18so49737227lff.6 for ; Sat, 13 Mar 2021 05:09:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=pMPkBnzdQOM60a/PfsFaO6+x3TlhRc/ju/+/xhkipuk=; b=avYx8PSetnVKRaidyWDyvQY5qQq9MKkNRnx3AnvB4FoHVexesY/afg6CeRn3TEahod dN6Q6dBLAQ4IlNs1uJQK3qa3wneNG0ftMsdHYnuq73gecURNGBhwYXQw/B1u23z27cAt 2zLfRAPy1OU+eaXWKDnKkOIFufxjLXcs7QUfK+22/f3NlCqA4Yce5/B6XAOS/a0kH5NK M5YT4MG1oE1qhYdu1GosIgjL10BwObMVZ4h6dxHdxtb38fikbVs0Y0tUcz9AVX5UuNSX NxiPNQv0WSBSTpmKL+e0HnQDt90D3Y+MopiT4aGy+SmgxtdILpQfg/MrblBgkIvyQ4ot /YNA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=pMPkBnzdQOM60a/PfsFaO6+x3TlhRc/ju/+/xhkipuk=; b=kEfT98+32juwsEjWuNPUxq82YubzIk0fWgHUtOf499SufNwO8b+PRVCa66D1Rn1dly pwYTuLR6/WsxxkIFq9f1Zamfyd7gmfIXTOSctwpu8MLdYKwTOG0eYN1zDUywNJ+yjhbE Iw0vnePzHExaoNVpZWvfQsIrObmQoqKjK4seAgNC7wrZxoVbus2W60GutojHsbM9n1CB jdQESZu4XVd8Zl/no35hGiUNHP25EFH7byMTOD15t3my8JXJJ7k/P/DGwEELw4q3hvae 8nORattLt0mQqVSOYEfPXSQwr1k7IPP/oabGFiMVEkgN+Mx0FcBKUPTqmaWLBVPGlYNY 0Qcg== X-Gm-Message-State: AOAM530PyK1GFj6Pqf1X+7YSbePfUN/FVoE9AQR8m7UsNAxSUbGeiVQ8 T17hP+2OcWVFb22UEd5yHcj1WCtvlJEm5R0QK4Q= X-Received: by 2002:a19:4881:: with SMTP id v123mr2552082lfa.276.1615640964285; Sat, 13 Mar 2021 05:09:24 -0800 (PST) MIME-Version: 1.0 References: <1615519478-178620-1-git-send-email-zhaoqianligood@gmail.com> In-Reply-To: From: qianli zhao Date: Sat, 13 Mar 2021 21:12:35 +0800 Message-ID: Subject: Re: [PATCH V2] exit: trigger panic when global init has exited To: "Eric W. Biederman" Cc: christian@brauner.io, axboe@kernel.dk, Oleg Nesterov , Thomas Gleixner , Peter Collingbourne , linux-kernel@vger.kernel.org, Qianli Zhao Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Eric,Oleg > As Oleg pointer out we need to do something like the code below. > > diff --git a/kernel/exit.c b/kernel/exit.c > index 04029e35e69a..bc676c06ef9a 100644 > --- a/kernel/exit.c > +++ b/kernel/exit.c > @@ -785,15 +785,16 @@ void __noreturn do_exit(long code) > sync_mm_rss(tsk->mm); > acct_update_integrals(tsk); > group_dead = atomic_dec_and_test(&tsk->signal->live); > + /* > + * If the global init has exited, panic immediately to get a > + * useable coredump. > + */ > + if (unlikely(is_global_init(tsk) && > + (group_dead || (tsk->signal->flags & SIGNAL_GROUP_EXIT)))) { > + panic("Attempted to kill init! exitcode=0x%08x\n", > + tsk->signal->group_exit_code ?: (int)code); > + } > if (group_dead) { > - /* > - * If the last thread of global init has exited, panic > - * immediately to get a useable coredump. > - */ > - if (unlikely(is_global_init(tsk))) > - panic("Attempted to kill init! exitcode=0x%08x\n", > - tsk->signal->group_exit_code ?: (int)code); > - > #ifdef CONFIG_POSIX_TIMERS > hrtimer_cancel(&tsk->signal->real_timer); > exit_itimers(tsk->signal); > Sorry,i missed this discussion,we needs use group_dead to replace thread_group_empty(). > There is still a race that could lead to the BUG in zap_pid_ns_processes. > We still have a case where the last two threads of a process call > pthread_exit (aka do_exit not do_group_exit in the kernel). > > Thread A Thread B > do_exit() do_exit() > > exit_signals() > tsk->flags |= PF_EXITING; > group_dead = false; > exit_signals() > tsk->flags |= PF_EXITING; > exit_notify() > forget_original_parent > find_child_reaper > reaper = find_alive_thread() > zap_pid_ns_processes() > BUG() > group_dead = true; > if (is_global_init()) > panic("Attemted to kill init"); > My patch moves panic to before setting PF_EXITING,it can avoid this case. What if we move atomic_dec_and_test() to before exit_signals()? Such as: validate_creds_for_do_exit(tsk); + group_dead = atomic_dec_and_test(&tsk->signal->live); + /* + * If global init has exited, + * panic immediately to get a useable coredump. + */ + if (unlikely(is_global_init(tsk) && + (group_dead || (tsk->signal->flags & SIGNAL_GROUP_EXIT)))) { + panic("Attempted to kill init! exitcode=0x%08x\n", + tsk->signal->group_exit_code ?: (int)code); + } ... exit_signals(tsk); /* sets PF_EXITING */ ... acct_update_integrals(tsk); - group_dead = atomic_dec_and_test(&tsk->signal->live); if (group_dead) { - /* - * If the last thread of global init has exited, panic - * immediately to get a useable coredump. - */ - if (unlikely(is_global_init(tsk))) - panic("Attempted to kill init! exitcode=0x%08x\n", - tsk->signal->group_exit_code ?: (int)code); Thanks