Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1031104AbbKEBV1 (ORCPT ); Wed, 4 Nov 2015 20:21:27 -0500 Received: from mail.linuxfoundation.org ([140.211.169.12]:47782 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750727AbbKEBVZ (ORCPT ); Wed, 4 Nov 2015 20:21:25 -0500 Date: Wed, 4 Nov 2015 17:21:23 -0800 From: Andrew Morton To: Oleg Nesterov Cc: Dmitry Vyukov , Roland McGrath , amanieu@gmail.com, pmoore@redhat.com, Ingo Molnar , vdavydov@parallels.com, qiaowei.ren@intel.com, dave@stgolabs.net, palmer@dabbelt.com, LKML , syzkaller , Kostya Serebryany , Alexander Potapenko , Sasha Levin Subject: Re: [PATCH 1/1] signal: kill the obsolete SIGNAL_UNKILLABLE check in complete_signal() Message-Id: <20151104172123.590fcbf0e8904911eeab3e3d@linux-foundation.org> In-Reply-To: <20151104191912.GB20578@redhat.com> References: <20151102151333.GA17152@redhat.com> <20151102163654.GA18804@redhat.com> <20151102180624.GA24361@redhat.com> <20151104191804.GA20578@redhat.com> <20151104191912.GB20578@redhat.com> X-Mailer: Sylpheed 3.4.1 (GTK+ 2.24.23; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2358 Lines: 68 On Wed, 4 Nov 2015 20:19:12 +0100 Oleg Nesterov wrote: > complete_signal() checks SIGNAL_UNKILLABLE before it starts to destroy the > thread group, today this is unnecessary and even not 100% correct. > > After the commit f008faff0e27 ("signals: protect init from unwanted signals > more") we rely on sig_task_ignored(), complete_signal(SIGKILL) can only see > a SIGNAL_UNKILLABLE task if we actually want to kill it. And note that after > the commit b3bfa0cba867 ("signals: protect cinit from blocked fatal signals") > we do not drop SIGKILL dequeued by /sbin/init. > > And it does not look right. fatal_signal_pending() should always imply that > the whole thread group (except ->group_exit_task if it is not NULL) is killed, > this check breaks the rule. > > This explains WARN_ON(!JOBCTL_STOP_PENDING) in task_participate_group_stop() > triggered by the test-case from Dmitry: > > int main() > { > int pid = 1; > ptrace(PTRACE_ATTACH, pid, 0, 0); > ptrace(PTRACE_SETOPTIONS, pid, 0, PTRACE_O_EXITKILL); > sleep(1); > return 0; > } > > do_signal_stop()->signal_group_exit() returns false because SIGNAL_GROUP_EXIT > is not set, but task_set_jobctl_pending() checks fatal_signal_pending() and > does not set JOBCTL_STOP_PENDING. > > The test-case above needs root and (correctly) crashes the kernel, but we can > trigger the same warning inside the container or using another test-case: > > static int init(void *arg) > { > for (;;) > pause(); > } > > int main(void) > { > char stack[16 * 1024]; > > for (;;) { > int pid = clone(init, stack + sizeof(stack)/2, > CLONE_NEWPID | SIGCHLD, NULL); > assert(pid > 0); > > assert(ptrace(PTRACE_ATTACH, pid, 0, 0) == 0); > assert(waitpid(-1, NULL, WSTOPPED) == pid); > > assert(ptrace(PTRACE_DETACH, pid, 0, SIGSTOP) == 0); > assert(syscall(__NR_tkill, pid, SIGKILL) == 0); > assert(pid == wait(NULL)); > } > } I'm thinking this should be backported into -stable due to WARN_ONs and kernel crashes. And as f008faff0e27 is from 2009, that means all kernels. Your thoughts on this? -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/