From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from gnu.wildebeest.org (gnu.wildebeest.org [45.83.234.184]) by sourceware.org (Postfix) with ESMTPS id 6A48F3858D1E for ; Tue, 20 Jun 2023 11:59:20 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 6A48F3858D1E Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=klomp.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=klomp.org Received: from r6.localdomain (82-217-174-174.cable.dynamic.v4.ziggo.nl [82.217.174.174]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gnu.wildebeest.org (Postfix) with ESMTPSA id 21BC9313AC85; Tue, 20 Jun 2023 13:59:18 +0200 (CEST) Received: by r6.localdomain (Postfix, from userid 1000) id D937F3402E6; Tue, 20 Jun 2023 13:59:16 +0200 (CEST) Message-ID: <676777625dd5cfd42c915fd753f24a6fe007d6a5.camel@klomp.org> Subject: Re: Re: Performance issue with systemd-coredump and container process linking 2000 shared libraries. From: Mark Wielaard To: Luca Boccassi , elfutils-devel@sourceware.org Date: Tue, 20 Jun 2023 13:59:16 +0200 In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.48.3 (3.48.3-1.fc38) MIME-Version: 1.0 X-Spam-Status: No, score=-3028.2 required=5.0 tests=BAYES_00,JMQ_SPF_NEUTRAL,KAM_DMARC_STATUS,KAM_SHORT,RCVD_IN_BARRACUDACENTRAL,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Hi Luca, On Mon, 2023-06-19 at 21:54 +0100, Luca Boccassi wrote: > > > Which does bring up the question why systemd-coredump isn't running > > in > > > the same mount space as the crashing program. Then it would simply > > find > > > the files that the crashing program is using. > >=20 > > On this point that systemd-coredump might not run in the same mount > > namespace, don=E2=80=99t blindly believe me. I think I saw this while > > reviewing the > > systemd code, but it was the first time I looked at it to investigate > > this issue, > > so may be wrong. >=20 > This is correct, in case of containers sd-coredump will run on the host > and collect from all the guests, so they are going to be in different > namespaces. And even when they are not, the original binary might be > long gone by the time it has a chance to run. Since sd-coredump is run on the host it could transition into the mount namespace of the process it is capturing the coredump for. This makes sense if it is then going to do some path based lookups. Alternatively we could look into making the path based lookups look under /proc/PID/root/ Since sd-coredump is run as special kernel helper through /proc/sys/kernel/core_pattern the original executable is still there (it cannot be reaped till sd-coredump has done its thing). The core (5) manpage states: * The process runs in the initial namespaces (PID, mount, user, and so on) and not in the namespaces of the crashing process. One can utilize specifiers such as %P to find the right /proc/[pid] directory and probe/enter the crashing process's namespaces if needed. https://man7.org/linux/man-pages/man5/core.5.html Cheers, Mark