diff options
| author | Andrei Vagin <avagin@google.com> | 2019-10-22 14:55:54 -0700 |
|---|---|---|
| committer | gVisor bot <gvisor-bot@google.com> | 2019-10-22 14:57:23 -0700 |
| commit | e63ff6d923bb7ec74b837e6b00df41e4d805e70a (patch) | |
| tree | ab8924e87b6f7c840fcb2401a8ad406ec96f02d5 /pkg/sentry/platform | |
| parent | 515e0558d4f8f7c890e72bdaf4c8b41b31cd270c (diff) | |
platform/ptrace: exit without panic if a stub process has been killed by SIGKILL
SIGKILL can be sent only by an user or OOM-killer. In both cases, we don't
need to panic.
PiperOrigin-RevId: 276150120
Diffstat (limited to 'pkg/sentry/platform')
| -rw-r--r-- | pkg/sentry/platform/ptrace/subprocess.go | 16 | ||||
| -rw-r--r-- | pkg/sentry/platform/ptrace/subprocess_linux.go | 3 |
2 files changed, 17 insertions, 2 deletions
diff --git a/pkg/sentry/platform/ptrace/subprocess.go b/pkg/sentry/platform/ptrace/subprocess.go index 9f0ecfbe4..b699b057d 100644 --- a/pkg/sentry/platform/ptrace/subprocess.go +++ b/pkg/sentry/platform/ptrace/subprocess.go @@ -327,6 +327,19 @@ func (t *thread) dumpAndPanic(message string) { panic(message) } +func (t *thread) unexpectedStubExit() { + msg, err := t.getEventMessage() + status := syscall.WaitStatus(msg) + if status.Signaled() && status.Signal() == syscall.SIGKILL { + // SIGKILL can be only sent by an user or OOM-killer. In both + // these cases, we don't need to panic. There is no reasons to + // think that something wrong in gVisor. + log.Warningf("The ptrace stub process %v has been killed by SIGKILL.", t.tgid) + syscall.Kill(os.Getpid(), syscall.SIGKILL) + } + t.dumpAndPanic(fmt.Sprintf("wait failed: the process %d:%d exited: %x (err %v)", t.tgid, t.tid, msg, err)) +} + // wait waits for a stop event. // // Precondition: outcome is a valid waitOutcome. @@ -355,8 +368,7 @@ func (t *thread) wait(outcome waitOutcome) syscall.Signal { } if stopSig == syscall.SIGTRAP { if status.TrapCause() == syscall.PTRACE_EVENT_EXIT { - msg, err := t.getEventMessage() - t.dumpAndPanic(fmt.Sprintf("wait failed: the process %d:%d exited: %x (err %v)", t.tgid, t.tid, msg, err)) + t.unexpectedStubExit() } // Re-encode the trap cause the way it's expected. return stopSig | syscall.Signal(status.TrapCause()<<8) diff --git a/pkg/sentry/platform/ptrace/subprocess_linux.go b/pkg/sentry/platform/ptrace/subprocess_linux.go index c075b5f91..3782d4332 100644 --- a/pkg/sentry/platform/ptrace/subprocess_linux.go +++ b/pkg/sentry/platform/ptrace/subprocess_linux.go @@ -129,6 +129,9 @@ func createStub() (*thread, error) { // transitively) will be killed as well. It's simply not possible to // safely handle a single stub getting killed: the exact state of // execution is unknown and not recoverable. + // + // In addition, we set the PTRACE_O_TRACEEXIT option to log more + // information about a stub process when it receives a fatal signal. return attachedThread(uintptr(syscall.SIGKILL)|syscall.CLONE_FILES, defaultAction) } |