On 06/25, Sukadev Bhattiprolu wrote:
>
> Oleg Nesterov [oleg@xxxxxxxxxx] wrote:
> | On 06/25, Sukadev Bhattiprolu wrote:
> | >
> | > Louis Rilling [Louis.Rilling@xxxxxxxxxxx] wrote:
> | > | - proc_pid_readdir():
> | > | Needs similar check and protection to proc_pid_lookup(), but there is another
> | > | issue: next_tgid() can find a dying task:
> | >
> | > Hmm, I thought proc_pid_readdir() would be a problem too but convinced myself
> | > that it would not - since a process running proc_pid_readdir() would have
> | > a reference to the pid namespace,
> |
> | Where does this reference comes from ?
>
> Caller of proc_pid_readdir() would be living in the same pid namespace right ?
Afaics, in general not.
Suppose that we do something like
if (!clone(CLONE_NEWPID)) {
mount("none", "/SUB_PROC", "proc", 0, NULL);
exit();
}
After that /SUB_PROC/ still exists, one can do "ls /SUB_PROC/".
This particular case is fine, ns->child_reaper was already cleared.
But, as Louis pointed out, ls can race with the exiting init.
> | But I won't be surprised if I am wrong again ;)
Yes ;)
Oleg.
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/containers
