Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754037AbcCIV0z (ORCPT <rfc822;w@1wt.eu>);
	Wed, 9 Mar 2016 16:26:55 -0500
Received: from mail-ig0-f171.google.com ([209.85.213.171]:38059 "EHLO
	mail-ig0-f171.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752040AbcCIV0q (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Wed, 9 Mar 2016 16:26:46 -0500
MIME-Version: 1.0
In-Reply-To: <CALCETrXXx36buZyOhnYu-N3boRrCdK0a8p8yPHD+te1k3zYY=Q@mail.gmail.com>
References: <06079088639eddd756e2092b735ce4a682081308.1457486598.git.luto@kernel.org>
	<20160309085631.GA3247@gmail.com>
	<20160309113449.GZ29662@port70.net>
	<CA+55aFzOcxbhXCm01+NMgY9=THYgjojvDGeYsnxe-vWfiX4X0g@mail.gmail.com>
	<CALCETrXXx36buZyOhnYu-N3boRrCdK0a8p8yPHD+te1k3zYY=Q@mail.gmail.com>
Date: Wed, 9 Mar 2016 13:26:44 -0800
X-Google-Sender-Auth: i5K-9Ir5MCVBNCcDrh66tTe_GV4
Message-ID: <CA+55aFxHyKwu4RnP2AU5YDtzmNGvQZvywYZg1iJWQsJt4VvJqA@mail.gmail.com>
Subject: Re: [musl] Re: [RFC PATCH] x86/vdso/32: Add AT_SYSINFO cancellation helpers
From: Linus Torvalds <torvalds@linux-foundation.org>
To: Andy Lutomirski <luto@amacapital.net>
Cc: Ingo Molnar <mingo@kernel.org>, Andy Lutomirski <luto@kernel.org>,
        "the arch/x86 maintainers" <x86@kernel.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Borislav Petkov <bp@alien8.de>,
        "musl@lists.openwall.com" <musl@lists.openwall.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Peter Zijlstra <a.p.zijlstra@chello.nl>
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1388
Lines: 30

On Wed, Mar 9, 2016 at 12:57 PM, Andy Lutomirski <luto@amacapital.net> wrote:
>
> How safe would this be in a multithreaded process?  For example, if
> open() gets canceled in the "killable" sense, is it guaranteed that no
> file descriptor will be allocated?

Not all system calls can be killed, we only do the usual cases. A
system call has to have the proper EINTR logic in place, so it's not
like we kill system calls at any random point.

> Let me try to summarize my understanding of the semantics.
>
> Thread A sends thread B a signal.  Thread B wants to ignore the signal
> and defer handling unless it's either in a particular syscall and
> returns -EINTR or unless the thread is about to do the syscall.

Note that for the kernel, we don't actually have to use a signal for
this at all. Our existing "cancel system calls" code only works for
fatal signals, but that's just a trivial implementation issue.

We could add a system call that just sets a cancel flag in another
thread, and we'd just use that cancel flag to say "abort the currently
executing system call with EINTR" - in all the same places we
currently dot hat "fatal_signal_pending()" thing.

You'd still have to have all the user-space logic to do the
cancellation cleanup etc. But now you could actually cancel a write()
system call in the *middle*, which is currently just not an option.

                Linus