On Thu, 29 Jan 2026 17:17:48 -0500 Aristeu Rozanski <[email protected]> wrote:
> In order to synchronize new processes to test inheritance of > memfd_noexec sysctl, memfd_test sets up the sysctl with a value before > creating the new process. The new process then sends itself a SIGSTOP > in order to wait for the parent to flip the sysctl value and send a > SIGCONT signal. > > This would work as intended if it wasn't the fact that the new process > is being created with CLONE_NEWPID, which creates a new PID namespace and > the new process has PID 1 in this namespace. There're restrictions on > sending signals to PID 1 and, although it's relaxed for other than root > PID namespace, it's biting us here. In this specific case the SIGSTOP sent > by the new process is ignored (no error to kill() is returned) and it never > stops its execution. This is usually not noticiable as the parent usually > manages to set the new sysctl value before the child has a chance to run > and the test succeeds. But if you run the test in a loop, it eventually > reproduces: > > while [ 1 ]; do ./memfd_test >log 2>&1 || break; done; cat log > > So this patch replaces the SIGSTOP/SIGCONT synchronization with IPC > semaphore. > > Fixes: 6469b66e3f5a3 (selftests: improve vm.memfd_noexec sysctl tests, > 2023-08-14) Thanks. Could you please resend this sometime, with a cc:[email protected] and also cc'ing the 6469b66e3f5a3 author Aleksa Sarai <[email protected]>? > +union semun { > + int val; > + struct semid_ds *buf; > + unsigned short int *array; > + struct seminfo *__buf; > +}; > + > +/* > + * we use semaphores on nested wait tasks due the use of CLONE_NEWPID: the > + * children will be PID 1 and can't send SIGSTOP to itself due special s/children/child/, or s/itself/themselves/
