Frederic, before anything else, your patches look good to me, it is not that I tried to argue! On 12/07, Frederic Weisbecker wrote: > > On Tue, Dec 06, 2022 at 05:49:28PM +0100, Oleg Nesterov wrote: > > > > At least I think it should not wait for the tasks injected into this ns. > > > > Because this looks like a kernel bug even if we forget about this deadlock. > > > I think this was made that way on purpose, Well maybe. But to me we have this behaviour only because we (me at least) do not know how to avoid the "hang" in this case. > see the comment in zap_pid_ns_processes(): Heh ;) I wrote this comment in a53b83154914 ("exit: pidns: fix/update the comments in zap_pid_ns_processes()") exactly because I didn't like this behaviour, but I thought it must be documented. > I can't say I like the fact that a parent not belonging to a new namespace > can create more than one child within that namespace not sure I understand but this looks fine and useful to me, > but anyway this all look like an ABI that can't be reverted now. perhaps... But you know, I wrote my previous email because 2 weeks ago I had to investigate a bug report which blamed the kernel, while the problem (unkillable process sleeping in zap_pid_ns_processes) was caused by the dangling zombie injected into that process's namespace. And I am still trying to convince the customer they need to fix userspace. Thanks, Oleg.