Re: [RFC] Add critical process prctl

From: Andy Lutomirski
Date: Tue Sep 10 2019 - 12:57:08 EST

Next message: Mike Travis: "Re: [PATCH 0/8] x86/platform/UV: Update UV Hubless System Support"
Previous message: Robin Murphy: "Re: [PATCH v2 1/2] iommu: add support for drivers that manage iommu explicitly"
Next in thread: Daniel Colascione: "Re: [RFC] Add critical process prctl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Sep 4, 2019 at 5:53 PM Daniel Colascione <dancol@xxxxxxxxxx> wrote:
>
> A task with CAP_SYS_ADMIN can mark itself PR_SET_TASK_CRITICAL,
> meaning that if the task ever exits, the kernel panics. This facility
> is intended for use by low-level core system processes that cannot
> gracefully restart without a reboot. This prctl allows these processes
> to ensure that the system restarts when they die regardless of whether
> the rest of userspace is operational.

The kind of panic produced by init crashing is awful -- logs don't get
written, etc. I'm wondering if you would be better off with a new
watchdog-like device that, when closed, kills the system in a
configurable way (e.g. after a certain amount of time, while still
logging something and having a decent chance of getting the logs
written out.) This could plausibly even be an extension to the
existing /dev/watchdog API.

--Andy

Next message: Mike Travis: "Re: [PATCH 0/8] x86/platform/UV: Update UV Hubless System Support"
Previous message: Robin Murphy: "Re: [PATCH v2 1/2] iommu: add support for drivers that manage iommu explicitly"
Next in thread: Daniel Colascione: "Re: [RFC] Add critical process prctl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]