On Mon, Nov 6, 2017 at 3:31 PM, Oleg Nesterov <o...@redhat.com> wrote: > On 11/06, Jamie Iles wrote: >> >> I'm unable to reproduce the warning in qemu with SMP (on a 32 CPU VM). > > Neither me. Perhaps because I tried this test-case on the minimal system > with /bin/sh running as init process. > >> Instead I get the following instant traceback which is different to what >> you report when run as root: >> >> [ 45.018469] Kernel panic - not syncing: Attempted to kill init! >> exitcode=0x00000013 >> [ 45.018469] >> [ 45.019669] CPU: 19 PID: 1 Comm: systemd Not tainted 4.14.0-rc8 #7 >> [ 45.021094] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS >> 1.10.1-1ubuntu1 04/01/2014 >> [ 45.022768] Call Trace: >> [ 45.023076] dump_stack+0x12e/0x188 >> [ 45.023481] panic+0x1e4/0x417 > > This is fine and hopefully confirms the theory. let me quote my previous > email: > > line 111 r[8] = syscall(__NR_ptrace, 0x10ul, r[7]); > > this is PTRACE_ATTACH > > line 115 syscall(__NR_ptrace, 0x4200ul, r[7], > 0x40000012ul, 0x100012ul); > > this is PTRACE_SETOPTIONS and "data" includes PTRACE_O_EXITKILL. > > r[7] is initialized at > > line 110 r[7] = *(uint32_t*)0x20f9cffc; > > so if it is eq to 1 then it can attach to init and in this case the > problem > can be explained by the wrong SIGNAL_UNKILLABLE/SIGKILL logic. > > So, if it is eq to 1 then init will be killed after the child process created > by loop() function exits (see PTRACE_O_EXITKILL above). > > This is correct, only the warning is not. > > For example, this command does ptrace(PTRACE_SEIZE, 1,0, PTRACE_O_EXITKILL) > > # perl -e 'syscall 101, 0x4206, 1, 0, 0x100000' > > and crashes the kernel the same way, this is correct.
Oleg, I've tested the patch and I don't see the WARNING with it. Only attempt to kill init, which is fine, we test inside of pid namespace and test process is not able to reach init. Tested-by: Dmitry Vyukov <dvyu...@google.com>
