From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=HSKmzmM/; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by passt.top (Postfix) with ESMTPS id 82A415A0625 for ; Thu, 11 Dec 2025 08:16:51 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1765437410; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=9tsRy7gWSNejz2eNbQtJdGcKpBI9LoDCg7rM54Uk2ls=; b=HSKmzmM/wG0AnLTZq3EVDez3zIqL/Fyz1EAKvnEySGfOLP8t6QWQHD5PDb8TNrkM3o4E2t V6tzxqj0FeT4zp/BJvbZpdiOiSd4SGZ7I/ucRKu9FPPcwhmmp/ZNDqhH/KlknRX631iv1s t1CNDQDM+h/WBN1MJxiwYkUjZlugGTk= Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-152-6MWuYIOtNDqhLyiHtfCufg-1; Thu, 11 Dec 2025 02:16:49 -0500 X-MC-Unique: 6MWuYIOtNDqhLyiHtfCufg-1 X-Mimecast-MFC-AGG-ID: 6MWuYIOtNDqhLyiHtfCufg_1765437408 Received: by mail-wr1-f70.google.com with SMTP id ffacd0b85a97d-42f9ed47dd8so237850f8f.3 for ; Wed, 10 Dec 2025 23:16:48 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1765437408; x=1766042208; h=content-transfer-encoding:mime-version:organization:references :in-reply-to:message-id:subject:cc:to:from:date:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=9tsRy7gWSNejz2eNbQtJdGcKpBI9LoDCg7rM54Uk2ls=; b=guOPNZKvb4TpTnbHJ6MI3sg6ICO9twDBPfCuw7/YdvTiL1xLU21FmHC0/lHmLQY0HY Beh4HSRmHFwEZHw91BdBDR2xSdJtbVd9yXQQh3AXKVOBLyI29XE51v7B7YuwhwS4fmsJ 6wQe0KS8MQ3ufu/IcoAg/KwKsmedeEFVCfBeJfk/atVYGghmMSrvRMvXG8m0utl8XOnq YDrvMjq3XSKp7dmMow/vyjfRmaa/0KYezOxJHcEoTkD1iPuwGGEyuBM9lO2fdsaRIFl0 KGxL51fZpzxpAqvevJnKAXozAjFlDBt2P7gngLIjto2gEMngQHv9alfyYkVUYcSMvw6o Pg7g== X-Gm-Message-State: AOJu0YyWIa11o5AxXbpWfVzZpgcOI8En4Sh0kPNQz9kFFBKWfzaYh92Y tcfGhX2MlP8MrdAr1LGLn/T0DU1qjEh4jpyBVtRifrnrpgmBCa6UQZwr+x4vvjOkbLDWsnjiVr/ sSJRlZ2fSTLrP2PGu/QWDcMCmxe4Myvt4ebE6ny+JuIERs9Wl8oWp8Q== X-Gm-Gg: AY/fxX6tJ2pWV3aQiNwKSP7GaKCf3NuSJlZmns5WO1vb2R0dCDgJbm9NFT4dGzVarMq Ev9Y4CFbmRDIt5RnTNwstTrdSwCff2szWn3zajmgb/sFsTxF63W0KWe9A35UXQJ+IATEwuLUgWN wT37U+LZs+ohlaJcIRqGKFNs5IhV3PFqrfpU+veiCdBezGdOQ0qzPQinOuZc0KyVBJ4pXVW8PRx Ye1/2d9uWyLEFB/fuFsKoxF8VIPRFCQaEfrY+P6Tyaw6U+oombwUC1rnv2LHlEwb+7Q1nPRiy39 euypDy93obKutDg8sD1o0HkV9odWo8nXfbFsAGIQvmi1+ckxMTHLylwPLW1t3FSiR2pbKMFPFvi xq2rSq4OITAllksmh8k2VdtEy6gfOcQVm0Swc7g== X-Received: by 2002:adf:fd02:0:b0:42b:2c53:3aba with SMTP id ffacd0b85a97d-42fa39d9417mr3907849f8f.10.1765437407717; Wed, 10 Dec 2025 23:16:47 -0800 (PST) X-Google-Smtp-Source: AGHT+IFrLH1fWiaeW7a3j6PuYt/uYvtw4IEFlAduTA5pB0RaKeT7qTNxCEyhMx/YqlteIV/PbU/xOg== X-Received: by 2002:adf:fd02:0:b0:42b:2c53:3aba with SMTP id ffacd0b85a97d-42fa39d9417mr3907825f8f.10.1765437407199; Wed, 10 Dec 2025 23:16:47 -0800 (PST) Received: from maya.myfinge.rs (ifcgrfdd.trafficplex.cloud. [176.103.220.4]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-42fa8b9b750sm3616658f8f.42.2025.12.10.23.16.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 10 Dec 2025 23:16:46 -0800 (PST) Date: Thu, 11 Dec 2025 08:16:45 +0100 From: Stefano Brivio To: David Gibson Subject: Re: [PATCH v2 3/3] pasta: Clean up waiting pasta child on failures Message-ID: <20251211081645.2ee7b04a@elisabeth> In-Reply-To: <20251211035436.2844623-4-david@gibson.dropbear.id.au> References: <20251211035436.2844623-1-david@gibson.dropbear.id.au> <20251211035436.2844623-4-david@gibson.dropbear.id.au> Organization: Red Hat X-Mailer: Claws Mail 4.2.0 (GTK 3.24.49; x86_64-pc-linux-gnu) MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: Se3Aqt765dMXH9iq0fJ7P7H35JMe_lTv8PWhHcAFI7s_1765437408 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-ID-Hash: PFMO6K6HIJ2HPJY5Z353KGZ56AQJBR75 X-Message-ID-Hash: PFMO6K6HIJ2HPJY5Z353KGZ56AQJBR75 X-MailFrom: sbrivio@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top, Paul Holzinger X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On Thu, 11 Dec 2025 14:54:36 +1100 David Gibson wrote: > When pasta is invoked with a command rather than an existing namespace to > attach to, it spawns a child process to run a shell or other command. We > create that process during conf(), since we need the namespace to exist for > much of our setup. However, we don't want the specified command to run > until the pasta network interface is ready for use. Therefore, > pasta_spawn_cmd() executing in the child waits before exec()ing. main() > signals the child to continue with SIGUSR1 shortly before entering the > main forwarding loop. > > This has the downside that if we exit due to any kind of failure between > conf() and the SIGUSR1, the child process will be around waiting > indefinitely. The user must manually clean this up. > > Make this cleaner, by having the child use PR_SET_PDEATHSIG to have > itself killed if the parent dies during this window. Technically > speaking this is racy: if the parent dies before the child can call > the prctl() it will be left zombie-like as before. However, as long > as the parent completes pasta_wait_for_ns() before dying, I wasn't > able to trigger the race. Since the consequences of this going wrong > are merely a bit ugly, I think that's good enough. > > Signed-off-by: David Gibson Is this: Suggested-by: Paul Holzinger ? In any case, Cc'ing him with full quote to be sure he doesn't miss v2. > --- > pasta.c | 11 +++++++++++ > util.c | 1 + > 2 files changed, 12 insertions(+) > > diff --git a/pasta.c b/pasta.c > index 5c693de1..c307b8a8 100644 > --- a/pasta.c > +++ b/pasta.c > @@ -40,6 +40,7 @@ > #include > #include > #include > +#include > #include > #include > > @@ -189,6 +190,10 @@ static int pasta_spawn_cmd(void *arg) > size_t conf_hostname_len; > sigset_t set; > > + /* If the parent dies with an error, so should we */ > + if (prctl(PR_SET_PDEATHSIG, SIGKILL)) > + die_perror("Couldn't set PR_SET_PDEATHSIG"); > + > /* We run in a detached PID and mount namespace: mount /proc over */ > if (mount("", "/proc", "proc", 0, NULL)) > warn_perror("Couldn't mount /proc"); > @@ -215,6 +220,12 @@ static int pasta_spawn_cmd(void *arg) > sigaddset(&set, SIGUSR1); > sigwaitinfo(&set, NULL); > > + /* Once exec()ed this process is more valuable, and easier to see and > + * clean up. Let us outlive our parent now. > + */ > + if (prctl(PR_SET_PDEATHSIG, 0)) > + die_perror("Couldn't clear PR_SET_PDEATHSIG"); > + > execvp(a->exe, a->argv); > > die_perror("Failed to start command or shell"); > diff --git a/util.c b/util.c > index da12c962..27303950 100644 > --- a/util.c > +++ b/util.c > @@ -35,6 +35,7 @@ > #include "log.h" > #include "pcap.h" > #include "epoll_ctl.h" > +#include "pasta.h" > #ifdef HAS_GETRANDOM > #include > #endif -- Stefano