Received: by 2002:ab2:68c1:0:b0:1fd:9a81:d0e4 with SMTP id e1csp127803lqp; Sat, 8 Jun 2024 08:50:40 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUzXQS2JmmShG1CDV0V90lfJaxu1+kScz1A9nqNrVGvBrYGD6hvLVUHYIWXCujwUCdj7+6ETBp5q+EkYrWrGBMT5idhbCFWuUvrZaJ16w== X-Google-Smtp-Source: AGHT+IGVAxfKWKA4stcK5fvweoYSb0x+Tk8sd2zhYE+Tz9NVK7H/dZPrPgWDpY1jGIZfpmJhfq6W X-Received: by 2002:a17:903:990:b0:1f6:2fca:361f with SMTP id d9443c01a7336-1f6d01bbdabmr91723915ad.29.1717861840020; Sat, 08 Jun 2024 08:50:40 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1717861840; cv=pass; d=google.com; s=arc-20160816; b=chh3EaBClTuVCvUrhzwMEFFO7fKn6YKs5Vht4FtklO1QiCtNkdisCXcXi6iMVTVrep Pp9oQK9DSTZyFCJoRQYFXcOCOKpFw0T5sDiaV9P8TKAjB8csxGdgdKiwVq0dixY3d5KW iqfzY8caUy1NeL3Qk3ZegY1w6CkvNoKSpsAHKAzvTiofT4vwDMuVVuck/BlRXK6lN8yY ZCLGzbCPIPESF3VwKbVKnzgrzCmmEdgsfpdRN66EtEgyk/ZJeS4jtVwoqIwQjuGzws5J IvrYw+B6jglA0Grgjv/6mzc2DrTSb8iC+XRFFY10y32me0rcp3yrr7eQu+Ro5ktPi2l5 lVoQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=user-agent:in-reply-to:content-disposition:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:references :message-id:subject:cc:to:from:date:dkim-signature; bh=pWtXInkYT7gp35kmZ/vplCyQ6OWaROzH79A+E+0FfKc=; fh=6dvwaQyMqlET7q+BAMDEXw5LoQoPwQ+dSQG88i/8MA8=; b=PR6CdgP/OVto4/xoNTXG51SCg6wl5YwXbbsMM5851n6UIVc7F1F7cBGF7vom7hTzPJ anBgM66NOnKACU1/NeA3C0xwG5NWogixR5IDjJWo1qP+QZHN9YxGtPz70pO/CUjYevXO DaJnUm6VudgIzNJxnqfxIPsGGzxRHhI4P5UfHjiniq958H/tL7WeoOkwt+2iQM8mvTYM B10F/egUXdKZi+TcsS3RvWDhXUFRVvRCwp2jaFOcNNNUutD1q8X/WA2y0tTy+OygQik6 fP1n2f0SyNb8pSWSGeB0wSl90DlFesTiT+BukjPE1vIapIRzO3VtCjwk/PHDHaiiPt/7 uyBg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=QSzEa7kT; arc=pass (i=1 spf=pass spfdomain=redhat.com dkim=pass dkdomain=redhat.com dmarc=pass fromdomain=redhat.com); spf=pass (google.com: domain of linux-kernel+bounces-207104-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-207104-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id d9443c01a7336-1f6bd81df10si26925575ad.535.2024.06.08.08.50.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 08 Jun 2024 08:50:40 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-207104-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=QSzEa7kT; arc=pass (i=1 spf=pass spfdomain=redhat.com dkim=pass dkdomain=redhat.com dmarc=pass fromdomain=redhat.com); spf=pass (google.com: domain of linux-kernel+bounces-207104-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-207104-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id A0970282E36 for ; Sat, 8 Jun 2024 15:50:39 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id B6977179953; Sat, 8 Jun 2024 15:50:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="QSzEa7kT" Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6B78A178379 for ; Sat, 8 Jun 2024 15:50:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717861833; cv=none; b=dUjPAPExJgy1IpGIHNyLw0NasxQZIly0pPmEuWRl2/WAlDmdkMGA4kDQTQVaRs6COrUakQMLqt8+MmlIjYk0IQS0iC/GqQzhjoC+ndf3LJhTk4jxx13C7HI0tPv/ovYFmrghI126A04LajO6bQW33HfoMF+RBq8a0m3u5MpsqDQ= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717861833; c=relaxed/simple; bh=8ancUU9hhNXbB4+x7qua8ta8rsrFFSFgVPiTAjOuNqY=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=UyTSG0Jg0RbU8UDW4JXXbIceLol0EB8fgp4pdi79HUpmkhOD/EsgpfGe8UUbUNqEVcWM4pwAMQKhln32reo3UA/tMVsiUNFjCTz9LCcym2NdZlrZlZ1GkfSMvtL4EHEXfOyGHoiifRULtbBrGleyB9UhmmEpin/eGYeWCmupc0g= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=QSzEa7kT; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717861831; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=pWtXInkYT7gp35kmZ/vplCyQ6OWaROzH79A+E+0FfKc=; b=QSzEa7kTdF8QZFJsCAe+wCu7DaLFOzujJRPePs8cVgSWzTWekifYSFyL5DP3ANewqO/TPY VOhGor6YR3FNrIcNzNsMZQH9RxPadd1TsmCX3d+qQL4LwiyrwRLn++FJ1QshtlA6aUX5R7 tuWFRr3JvnhsiuKtd7PFYCffmPLXank= Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-528-P5c5lBWyPuqwSyGZYzhO9g-1; Sat, 08 Jun 2024 11:50:19 -0400 X-MC-Unique: P5c5lBWyPuqwSyGZYzhO9g-1 Received: from mx-prod-int-04.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-04.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 87BC41956083; Sat, 8 Jun 2024 15:50:14 +0000 (UTC) Received: from dhcp-27-174.brq.redhat.com (unknown [10.45.224.55]) by mx-prod-int-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with SMTP id C6C1A19560AA; Sat, 8 Jun 2024 15:50:06 +0000 (UTC) Received: by dhcp-27-174.brq.redhat.com (nbSMTP-1.00) for uid 1000 oleg@redhat.com; Sat, 8 Jun 2024 17:48:44 +0200 (CEST) Date: Sat, 8 Jun 2024 17:48:35 +0200 From: Oleg Nesterov To: Andrew Morton , Rachel Menge Cc: linux-kernel@vger.kernel.org, rcu@vger.kernel.org, Wei Fu , apais@linux.microsoft.com, Sudhanva Huruli , Jens Axboe , Christian Brauner , Mike Christie , Joel Granados , Mateusz Guzik , "Paul E. McKenney" , Frederic Weisbecker , Neeraj Upadhyay , Joel Fernandes , Josh Triplett , Boqun Feng , Steven Rostedt , Mathieu Desnoyers , Lai Jiangshan , Zqiang Subject: [PATCH] zap_pid_ns_processes: don't send SIGKILL to sub-threads Message-ID: <20240608154835.GD7947@redhat.com> References: <1386cd49-36d0-4a5c-85e9-bc42056a5a38@linux.microsoft.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1386cd49-36d0-4a5c-85e9-bc42056a5a38@linux.microsoft.com> User-Agent: Mutt/1.5.24 (2015-08-30) X-Scanned-By: MIMEDefang 3.0 on 10.30.177.40 The comment above the idr_for_each_entry_continue() loop tries to explain why we have to signal each thread in the namespace, but it is outdated. This code no longer uses kill_proc_info(), we have a target task so we can check thread_group_leader() and avoid the unnecessary group_send_sig_info. Better yet, we can change pid_task() to use PIDTYPE_TGID rather than _PID, this way it returns NULL if this pid is not a group-leader pid. Also, change this code to check SIGNAL_GROUP_EXIT, the exiting process / thread doesn't necessarily has a pending SIGKILL. Either way these checks are racy without siglock, so the patch uses data_race() to shut up KCSAN. Signed-off-by: Oleg Nesterov --- kernel/pid_namespace.c | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c index 25f3cf679b35..0f9bd67c9e75 100644 --- a/kernel/pid_namespace.c +++ b/kernel/pid_namespace.c @@ -191,21 +191,14 @@ void zap_pid_ns_processes(struct pid_namespace *pid_ns) * The last thread in the cgroup-init thread group is terminating. * Find remaining pid_ts in the namespace, signal and wait for them * to exit. - * - * Note: This signals each threads in the namespace - even those that - * belong to the same thread group, To avoid this, we would have - * to walk the entire tasklist looking a processes in this - * namespace, but that could be unnecessarily expensive if the - * pid namespace has just a few processes. Or we need to - * maintain a tasklist for each pid namespace. - * */ rcu_read_lock(); read_lock(&tasklist_lock); nr = 2; idr_for_each_entry_continue(&pid_ns->idr, pid, nr) { - task = pid_task(pid, PIDTYPE_PID); - if (task && !__fatal_signal_pending(task)) + task = pid_task(pid, PIDTYPE_TGID); + /* reading signal->flags is racy without sighand->siglock */ + if (task && !(data_race(task->signal->flags) & SIGNAL_GROUP_EXIT)) group_send_sig_info(SIGKILL, SEND_SIG_PRIV, task, PIDTYPE_MAX); } read_unlock(&tasklist_lock); -- 2.25.1.362.g51ebf55