Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp3355797rdg;
        Tue, 17 Oct 2023 12:01:03 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IGeaQv/1+O4uoxELj+ohCh/L0OtBLLG+qtXKkun89pUyswrmq9SmeVe3xOHXW+Mu9SujM2c
X-Received: by 2002:a05:6a00:228f:b0:6bd:a7ea:5c7e with SMTP id f15-20020a056a00228f00b006bda7ea5c7emr3863398pfe.11.1697569263380;
        Tue, 17 Oct 2023 12:01:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1697569263; cv=none;
        d=google.com; s=arc-20160816;
        b=JhGV18YX2VqR5/uCXq4yFoPIe5vd7iJkfK45xBoGFkRv9XxXWFw7lE6lwgnQanA92D
         WYjlxjmAFI3qo709xmzcaKyiq720Cq10XxPc8l1V3WY69ztmrhRPEX/wkrCCsAnzxDyA
         g7dd7CXHz6TSNnI1WomN189NlCubwFh9s7D27EfGSZWLvuOKALdRtg3jvoJoQZrnAJTa
         m3txssIt3z9k1tCA3UCM2Dh2JLoKL0WYAIjBmMmR+qCFbMiqkFbzJ1+pzm3vtabRxFIA
         Wqkz7xEwdi+lmk0qWBx7wQoelnV3gzcJRxUl9EmihSZAI/a1Q+ncxgqqBB1vBIBoy/bg
         h5Qw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:cc:to:subject
         :message-id:date:from:in-reply-to:references:mime-version
         :dkim-signature;
        bh=j6zU+/G0fP23qafLVgXPYoabYVzueZ80T6KGT9Ff4Tw=;
        fh=kOLq8NalGSHZoEQ73KjPkH10z92YvNfFpYpK+89+yp4=;
        b=Rhe9B+qqwbmcMKD0t5z+zIZ/ydOiyvj6yHy2rNhcNme+SAwruwfbImGxgm2VeOivLi
         HbeUteNKdokmXuzqYmVSAGNXjStL5wkt7X/PQCKbz0EGaJe974M0KnvFpx91NJQoPwxR
         b/7LkVvs9foY/2qSv3EF7nxhE7QmxMlI2z3xejhe2ohNyQCmfjdWrYSELVv9EqCBWCJi
         HOhOvgR8c+PLgX+FtW9x6P5+fl8cbZjbcRPtytFCSqRA8dLw95rnFO1voqAk3K33p87N
         Jp3AoiTA+lQu5U0lpPDBLh3rVsBrV72A3db0hD+ZdTJUrwBykE+X5H52ip99j6g93+pS
         SdhA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20230601 header.b=4EbBp11t;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from howler.vger.email (howler.vger.email. [2620:137:e000::3:4])
        by mx.google.com with ESMTPS id r4-20020a632b04000000b005a073e0cca1si364119pgr.512.2023.10.17.12.01.02
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 17 Oct 2023 12:01:03 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) client-ip=2620:137:e000::3:4;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20230601 header.b=4EbBp11t;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by howler.vger.email (Postfix) with ESMTP id EDB7E809A81B;
	Tue, 17 Oct 2023 12:00:49 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1343938AbjJQTAm (ORCPT <rfc822;tarbal@gmail.com> + 99 others);
        Tue, 17 Oct 2023 15:00:42 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37732 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232228AbjJQTAk (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 17 Oct 2023 15:00:40 -0400
Received: from mail-pg1-x532.google.com (mail-pg1-x532.google.com [IPv6:2607:f8b0:4864:20::532])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9D63FF0
        for <linux-kernel@vger.kernel.org>; Tue, 17 Oct 2023 12:00:38 -0700 (PDT)
Received: by mail-pg1-x532.google.com with SMTP id 41be03b00d2f7-53fbf2c42bfso4509090a12.3
        for <linux-kernel@vger.kernel.org>; Tue, 17 Oct 2023 12:00:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1697569238; x=1698174038; darn=vger.kernel.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=j6zU+/G0fP23qafLVgXPYoabYVzueZ80T6KGT9Ff4Tw=;
        b=4EbBp11tu/sJtaJ6ulBe28ZGLwETZgRLzlSqe35gIwtfb/nZhTJZQ2Fux/AsxL6w0e
         IJDrIP1LEPWyuzt38E0Hfp4Mq9s8bqnYy+mk0biJbcdaFsz6q/o2v6lGtlAxvGC6JJdc
         YV11vxovIHmLHkPC6Rm4jHjKCDk08WMQDCRGFVrE5Gdny1/pVGrBUpz4uvx7nXMYu210
         yst1dYXgwvixGMoNJtOzIwldJ871ydVHOt04qJ0ldVwXv/jslpOzegOhKSIpK3Sjtwtx
         J8q7LYX+tk9drxeZPXPiGgALli30WAiXM1M2HtSFTGzAScXDknzq4lDb0hxwGIjH5tDJ
         cy/A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1697569238; x=1698174038;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=j6zU+/G0fP23qafLVgXPYoabYVzueZ80T6KGT9Ff4Tw=;
        b=mu39yh9qL4GhJvH5AsYrcnv1YWImXyDzYo/MoZlwsYzQCmTE8JGfFHT2YxmtDBKf+x
         VhwoMkCmJqFQZXlYi5rxT96pz4DNiJbOrAuR4+g5I7zdnYXDcxZ6ILuQiQIlfyw+CNl8
         DgTH7ztJ94KSSEC9xB+xeTvpcXWAM2T2wi1kUh4fr7N1jrYxcc0/NHIDwk7SwqI1F8Im
         79gNzSqx7huMqyKnNukVXjvtZy3BCUrAJ4dw0wVMdCZa0XEYugfY+C36/YkNeCu2J+12
         hgR1VDYJRZgg7EK9k0BCF9D6JujfBadhKCEtoPStQtNWBbYKnFbeScxT5cJntoaPYFW5
         L5Dw==
X-Gm-Message-State: AOJu0YxXhCayHz97U6WI22omLRe0P4pl3ub8N5KrCrOkIOidVeaadnwh
        CdHjn0dMScQ9SxyRhnP9WJI/B4pxKmSQOPrT0Om76Q==
X-Received: by 2002:a05:6a21:a108:b0:154:a1e4:b676 with SMTP id
 aq8-20020a056a21a10800b00154a1e4b676mr2923899pzc.4.1697569237902; Tue, 17 Oct
 2023 12:00:37 -0700 (PDT)
MIME-Version: 1.0
References: <20230929174442.1635558-1-bgeffon@google.com> <CAJZ5v0g6160NYtRQun0D_qS-R6NfoXrX47muWt+sTN3wnNyHeA@mail.gmail.com>
In-Reply-To: <CAJZ5v0g6160NYtRQun0D_qS-R6NfoXrX47muWt+sTN3wnNyHeA@mail.gmail.com>
From:   Brian Geffon <bgeffon@google.com>
Date:   Tue, 17 Oct 2023 15:00:01 -0400
Message-ID: <CADyq12y3dy3G2mhwTq2NDozpCJ6MCe4jzH66M7PysPNmhZGLQw@mail.gmail.com>
Subject: Re: [PATCH] pid: Allow frozen userspace to reboot from non-init pid ns
To:     "Rafael J. Wysocki" <rafael@kernel.org>
Cc:     Christian Brauner <brauner@kernel.org>,
        Kees Cook <keescook@chromium.org>,
        Matthias Kaehlcke <mka@chromium.org>,
        Luis Chamberlain <mcgrof@kernel.org>,
        Frederic Weisbecker <frederic@kernel.org>,
        linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-8.4 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL
	autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on howler.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Tue, 17 Oct 2023 12:00:50 -0700 (PDT)

On Thu, Oct 12, 2023 at 5:48=E2=80=AFAM Rafael J. Wysocki <rafael@kernel.or=
g> wrote:
>
> On Fri, Sep 29, 2023 at 7:45=E2=80=AFPM Brian Geffon <bgeffon@google.com>=
 wrote:
> >
> > When the system has a frozen userspace, for example, during hibernation
> > the child reaper task will also be frozen. Attmepting to deliver a
> > signal to it to handle the reboot(2) will ultimately lead to the system
> > hanging unless userspace is thawed.
> >
> > This change checks if the current task is the suspending task and if so
> > it will allow it to proceed with a reboot from the non-init pid ns.
> >
> > Signed-off-by: Brian Geffon <bgeffon@google.com>
> > Reported-by: Matthias Kaehlcke <mka@chromium.org>
> > Tested-by: Matthias Kaehlcke <mka@chromium.org>
>
> If the report is public, which I think is the case, having a Link: tag
> pointing to it here would be nice.
>
> > ---
> >  kernel/pid_namespace.c | 9 +++++++++
> >  1 file changed, 9 insertions(+)
> >
> > diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c
> > index 0bf44afe04dd..4a93a5063eda 100644
> > --- a/kernel/pid_namespace.c
> > +++ b/kernel/pid_namespace.c
> > @@ -321,6 +321,15 @@ int reboot_pid_ns(struct pid_namespace *pid_ns, in=
t cmd)
> >         if (pid_ns =3D=3D &init_pid_ns)
> >                 return 0;
> >
> > +       if (current->flags & PF_SUSPEND_TASK) {
> > +               /*
> > +                * Attempting to signal the child_reaper won't work if =
it's
> > +                * frozen. In this case we shutdown the system as if we=
 were in
> > +                * the init_pid_ns.
> > +                */
>
> Is the system guaranteed to be in the right state for a shutdown at this =
point?
>
> There is a system-wide suspend-resume or hibernation in progress, so
> system_transition_mutex should be held and that should cause reboot()
> to block anyway.  Do you know why it doesn't block and why the suspend
> task has any reason to call it?
>

Sorry for the delay in responding to these questions, I'm going to do
another pass through this code and respond with a more detailed
explanation in the next few days.

> > +               return 0;
> > +       }
> > +
> >         switch (cmd) {
> >         case LINUX_REBOOT_CMD_RESTART2:
> >         case LINUX_REBOOT_CMD_RESTART:
> > --
> > 2.42.0.582.g8ccd20d70d-goog
> >