Timer_Create for periodic tasks

Timer_Create for periodic tasks

[Marco Barletta]

Hi everyone;
I'm currently running Xenomai 3.1 and I'm facing with an issue. When I want
to create a periodic task using timer_create and consequently sigwait or
sigwaitinfo it works when running in root pid namespace, but when i run the
task in a child pid namespace the thread doesn't receive the ALRM signal (I
don't know if it's the timer create the problem or the sigwait). I also
tried to use a server to translate my pid but the cobalt core rejects the
call since the pid of the currently running thread is different. Is this a
problem related to how xenomai manages the xnthread or is an inherent
problem of posix?
Thanks for helping, best regards

-- 
Marco Barletta

Re: Timer_Create for periodic tasks

[Jan Kiszka]

On 08.05.21 17:13, Marco Barletta via Xenomai wrote:
> Hi everyone;
> I'm currently running Xenomai 3.1 and I'm facing with an issue. When I want
> to create a periodic task using timer_create and consequently sigwait or
> sigwaitinfo it works when running in root pid namespace, but when i run the
> task in a child pid namespace the thread doesn't receive the ALRM signal (I
> don't know if it's the timer create the problem or the sigwait). I also
> tried to use a server to translate my pid but the cobalt core rejects the
> call since the pid of the currently running thread is different. Is this a
> problem related to how xenomai manages the xnthread or is an inherent
> problem of posix?
> Thanks for helping, best regards
> 

There is currently no - or at least no consistently tested - namespace
support in Xenomai, and that may cause such troubles when userspace and
Xenomai kernel are talking about differnt PID values. If you could
provide a simple test case or describe how to reproduce the issue with
an existing test from smokey, we could have a look.

Jan

-- 
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux

Re: Timer_Create for periodic tasks

[Jan Kiszka]

[re-adding the list]

On 09.05.21 13:06, Marco Barletta wrote:
> Yes, of course.
> I attached "test3.c" that is a basic posix period task ripoff i found on
> the web by Marc Le Douarain. I couldn't test with smokey since at the
> best of my knowledge I realized it doesn't handles periodic tasks with
> timers.
> Then I launched Docker with "docker run -itd --name containerName
> --volume=/usr/xenomai:/usr/xenomai --volume=/[folder with
> proggrams]:/home/test --user 1000:1000 --device=/dev/rtdm:/dev/rtdm
> ubuntu /bin/bash" and then I run the periodic task in the container. It
> just blocks on waitsiginfo. Moreover I want to precise that adding
> --pid=host everything is fine, but it can be just a workaround due to
> security issues. I don't think you're also interesed in the server to
> translate pid in different namespaces, the syscall just fail, is a wrong
> way.
> It would be great to add namespace support, and I could contribute to
> it, although my experience limits.

You could already help with adding the information and test case to
https://gitlab.com/Xenomai/xenomai-hacker-space/-/issues/19 that i just
created.

One note, though, to avoid the illusion of security: You cannot confine
Xenomai by putting it into a namespace. It remains a set of privileged
service that can easily be used to lock up the system. Also, its APIs
are not consistently checked /wrt security loopholes that could be used
for privilege escalation. That's also why you need CAP_SYS_NICE as
caller or have to be in the 'allowed_group'.

However, I would still consider namespace support a valid feature in
order to use containers as deployment tool for Xenomai applications.

Jan

-- 
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux