From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202512 header.b=ZR4/gDQ2;
	dkim-atps=neutral
Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76])
	by passt.top (Postfix) with ESMTPS id 2E8335A0625
	for <passt-dev@passt.top>; Thu, 11 Dec 2025 09:46:08 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202512; t=1765442765;
	bh=vAggBbR5uXwtMaw7BOT2ePU/2hEW+i5TRH9Ju/1PfPw=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=ZR4/gDQ2HA1vGVKEZm1Xqvh0LMPBl0plq4BSt/YO7sUi4YvcxPPyJDEAGVcg+WQXi
	 2x1ZB9plJiD3VzWiNcPlfEB+ZLFp2QskRwhVdwiyXVgwEQ6ohy62rJ65eTcEuHcvQz
	 a3rrfuS+qVpeNDcQZwAwBxWob0CSFTd0lYQDZDe0SxTI1hGjMq/xfpvadb1e54xqwU
	 VJTqYzTogUa66WgNqrqDM+yXbpw2qKzIw8drIPk7TIS7vgMmmUCir36uzH+sq2dKvX
	 gPhFgqfRqUgbvMJV6QR4cJBZiey6m0rhvvJXSU6JaHO9ygCwlyj0hvy9IghSQF2bIS
	 wA4VmVUSTiyAg==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4dRmQP3ZlLz4wDl; Thu, 11 Dec 2025 19:46:05 +1100 (AEDT)
Date: Thu, 11 Dec 2025 19:45:01 +1100
From: David Gibson <david@gibson.dropbear.id.au>
To: Stefano Brivio <sbrivio@redhat.com>
Subject: Re: [PATCH v2 3/3] pasta: Clean up waiting pasta child on failures
Message-ID: <aTqEjSbiAaMp1SDD@zatzit>
References: <20251211035436.2844623-1-david@gibson.dropbear.id.au>
 <20251211035436.2844623-4-david@gibson.dropbear.id.au>
 <20251211081645.2ee7b04a@elisabeth>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="mKTgC71aaXMe5Oxf"
Content-Disposition: inline
In-Reply-To: <20251211081645.2ee7b04a@elisabeth>
Message-ID-Hash: EHBLLD4DIFM4Q7WZNW2ESAIYEJOBUVQX
X-Message-ID-Hash: EHBLLD4DIFM4Q7WZNW2ESAIYEJOBUVQX
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top, Paul Holzinger <pholzing@redhat.com>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/aTqEjSbiAaMp1SDD@zatzit/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/EHBLLD4DIFM4Q7WZNW2ESAIYEJOBUVQX/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--mKTgC71aaXMe5Oxf
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Dec 11, 2025 at 08:16:45AM +0100, Stefano Brivio wrote:
> On Thu, 11 Dec 2025 14:54:36 +1100
> David Gibson <david@gibson.dropbear.id.au> wrote:
>=20
> > When pasta is invoked with a command rather than an existing namespace =
to
> > attach to, it spawns a child process to run a shell or other command.  =
We
> > create that process during conf(), since we need the namespace to exist=
 for
> > much of our setup.  However, we don't want the specified command to run
> > until the pasta network interface is ready for use.  Therefore,
> > pasta_spawn_cmd() executing in the child waits before exec()ing.  main()
> > signals the child to continue with SIGUSR1 shortly before entering the
> > main forwarding loop.
> >=20
> > This has the downside that if we exit due to any kind of failure between
> > conf() and the SIGUSR1, the child process will be around waiting
> > indefinitely.  The user must manually clean this up.
> >=20
> > Make this cleaner, by having the child use PR_SET_PDEATHSIG to have
> > itself killed if the parent dies during this window.  Technically
> > speaking this is racy: if the parent dies before the child can call
> > the prctl() it will be left zombie-like as before.  However, as long
> > as the parent completes pasta_wait_for_ns() before dying, I wasn't
> > able to trigger the race.  Since the consequences of this going wrong
> > are merely a bit ugly, I think that's good enough.
> >=20
> > Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
>=20
> Is this:
>=20
> Suggested-by: Paul Holzinger <pholzing@redhat.com>
>=20
> ? In any case, Cc'ing him with full quote to be sure he doesn't miss v2.

It is, yes.  Sorry, forgot to include that.

> > ---
> >  pasta.c | 11 +++++++++++
> >  util.c  |  1 +
> >  2 files changed, 12 insertions(+)
> >=20
> > diff --git a/pasta.c b/pasta.c
> > index 5c693de1..c307b8a8 100644
> > --- a/pasta.c
> > +++ b/pasta.c
> > @@ -40,6 +40,7 @@
> >  #include <arpa/inet.h>
> >  #include <netinet/in.h>
> >  #include <net/ethernet.h>
> > +#include <sys/prctl.h>
> >  #include <sys/syscall.h>
> >  #include <linux/magic.h>
> > =20
> > @@ -189,6 +190,10 @@ static int pasta_spawn_cmd(void *arg)
> >  	size_t conf_hostname_len;
> >  	sigset_t set;
> > =20
> > +	/* If the parent dies with an error, so should we */
> > +	if (prctl(PR_SET_PDEATHSIG, SIGKILL))
> > +		die_perror("Couldn't set PR_SET_PDEATHSIG");
> > +
> >  	/* We run in a detached PID and mount namespace: mount /proc over */
> >  	if (mount("", "/proc", "proc", 0, NULL))
> >  		warn_perror("Couldn't mount /proc");
> > @@ -215,6 +220,12 @@ static int pasta_spawn_cmd(void *arg)
> >  	sigaddset(&set, SIGUSR1);
> >  	sigwaitinfo(&set, NULL);
> > =20
> > +	/* Once exec()ed this process is more valuable, and easier to see and
> > +	 * clean up.  Let us outlive our parent now.
> > +	 */
> > +	if (prctl(PR_SET_PDEATHSIG, 0))
> > +		die_perror("Couldn't clear PR_SET_PDEATHSIG");
> > +
> >  	execvp(a->exe, a->argv);
> > =20
> >  	die_perror("Failed to start command or shell");
> > diff --git a/util.c b/util.c
> > index da12c962..27303950 100644
> > --- a/util.c
> > +++ b/util.c
> > @@ -35,6 +35,7 @@
> >  #include "log.h"
> >  #include "pcap.h"
> >  #include "epoll_ctl.h"
> > +#include "pasta.h"
> >  #ifdef HAS_GETRANDOM
> >  #include <sys/random.h>
> >  #endif
>=20
> --=20
> Stefano
>=20

--=20
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson

--mKTgC71aaXMe5Oxf
Content-Type: application/pgp-signature; name=signature.asc

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmk6hIMACgkQzQJF27ox
2Gddrg/+I+3RJqw1nIfUcz3j2Z/y6NRA6F45MPavjpUUlrX2C4y27YDg2MoqV3Hp
KDh2m/2SqVXu1I9uYVKraWWF59Jl4Ef8NGbLbQZFKc45GwoQVfhUd7voB7ZdcyvG
vtU31osw/ONxH9tm4wpzw/nM6khkgTqVNiGCLqWzBKEcBebLExgdaC/l3PwvKOgt
04hvBUcQ21bav1xzoOZrT6jS3QPLCm/swWZPz1X36ftoppFoVCDCI/wxHDBLm7Je
9HcL449DVAFbYrOLtzw9QU2nsEpBKCCuZJbmv8N/Znckma9qpHnylrOK5+7wXMke
LU8kTVnrB0AMVdbt2MxvMTed4otfx6yKpag4uoi6RjcVprLPTB+M+/UWC2WQ06Tc
WUv+Epjm3aTMrSvLaccQ/pb6+J6VjQgfKMigP5U+ufRaNf7JftPFgS/FerXPzL8T
ADpsIdZN8zKTupVm7F/tvDJORdQ+a3Ts3/hU8oFLICySxU1MNKRMTLkI24wTbOXh
UYeiC2FgKktrvmrU+QD2QOyvp/gDTSui2+5CyjSuHApJJHZZ2sgEq64z0TR8PQKN
deym1FUhLaqdz4OnkjHEv4c/fMX9d7vhrE8XuZfYm1l1S0rgp7Bhq581R2tJLc0z
UGyYPaiceI8CoR0jVTD06lIVoXmFGcusAJeF2eHs3EEFpNj77Po=
=tG2N
-----END PGP SIGNATURE-----

--mKTgC71aaXMe5Oxf--