Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp933563imm;
        Wed, 11 Jul 2018 13:45:04 -0700 (PDT)
X-Google-Smtp-Source: AAOMgpf/RMlV567+rq28ccMDOqxVTz98KEcuYkZCoz0ZYdjvtetHG+0OoFffJKHRjFz1jN416oYI
X-Received: by 2002:a62:4bc6:: with SMTP id d67-v6mr151222pfj.175.1531341904370;
        Wed, 11 Jul 2018 13:45:04 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1531341904; cv=none;
        d=google.com; s=arc-20160816;
        b=EEn0MW86TqzBB5PwEeN3ZYAicTRLeBdY8FQxJJv03cKvVQc9NasZjCj1YNQPzxiTHV
         ctxovNq7nemvscg2fJXF7IdoshbI40ARf8KwBkzZFQLZOfTXdYkJZ56NfJnTW9NnR8yI
         vGtdynoF2tvPvwxgkNFx71QuC2/ns5GIf9scyheZ45FrqJ0wKt5pjL0vp2z3foXPSEBt
         k2gnX8K34AtAzK+h8s0AAmo4bwrPA7KS46b/uoooRteUo1V8b83lqbW089MA4v10vOZn
         NEMU93lLJgozYYrrQzJBL8cxHWw7OkDu/vELlAUYzbTVjhWoSa1j23fSVBwriRSdFHgm
         qdTg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:arc-authentication-results;
        bh=T8e/boSDezTkpOjozfT4Jh+YWkhFZW4xuuWDrf2msVg=;
        b=chtIkqsWs9Gp7PF/dxHHedta6BBQCeQMefBT7RqL1nj7qJdwxowEuAsdyhfdAkCs79
         23tgjNBkQRo23+gDulCv82mdvO3MxnqeyRDRPl6fqOAUZQvg1WvkLaTTo0uYnzjkU6D4
         yCMPRjevROGbrcs8OcYy4Xs+f1+pfSgp96eL+rQ0uKG3H4k0doOlE1SwLdu6UIvzahjL
         hFTPybOR7bXkX2elK9hI+vcfB9gtmSBSSmSpazIcKG/o6PbUioQ2hbvoDTqt9TGSJlUI
         4PTVaLsnlnjD7PpQhz3MucghltuCS2oFF8YGOlTbtxK5a4+LvBRqHTyg+vhVidMeAi/L
         KpIg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id k185-v6si19526411pgd.15.2018.07.11.13.44.49;
        Wed, 11 Jul 2018 13:45:04 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2388130AbeGKOTd (ORCPT <rfc822;jimmypw@gmail.com> + 99 others);
        Wed, 11 Jul 2018 10:19:33 -0400
Received: from mx3-rdu2.redhat.com ([66.187.233.73]:39656 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1726639AbeGKOTd (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 11 Jul 2018 10:19:33 -0400
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mx1.redhat.com (Postfix) with ESMTPS id D55E980D2F6B;
        Wed, 11 Jul 2018 14:14:58 +0000 (UTC)
Received: from dhcp-27-174.brq.redhat.com (unknown [10.34.27.30])
        by smtp.corp.redhat.com (Postfix) with SMTP id 482792026D6B;
        Wed, 11 Jul 2018 14:14:57 +0000 (UTC)
Received: by dhcp-27-174.brq.redhat.com (nbSMTP-1.00) for uid 1000
        oleg@redhat.com; Wed, 11 Jul 2018 16:14:58 +0200 (CEST)
Date:   Wed, 11 Jul 2018 16:14:56 +0200
From:   Oleg Nesterov <oleg@redhat.com>
To:     "Eric W. Biederman" <ebiederm@xmission.com>
Cc:     Linus Torvalds <torvalds@linux-foundation.org>,
        Andrew Morton <akpm@linux-foundation.org>,
        linux-kernel@vger.kernel.org, Wen Yang <wen.yang99@zte.com.cn>,
        majiang <ma.jiang@zte.com.cn>
Subject: Re: [RFC][PATCH 11/11] signal: Ignore all but multi-process signals
 that come in during fork.
Message-ID: <20180711141456.GA6636@redhat.com>
References: <877em2jxyr.fsf_-_@xmission.com>
 <20180711024459.10654-11-ebiederm@xmission.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20180711024459.10654-11-ebiederm@xmission.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.8]); Wed, 11 Jul 2018 14:14:58 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.8]); Wed, 11 Jul 2018 14:14:58 +0000 (UTC) for IP:'10.11.54.4' DOMAIN:'int-mx04.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'oleg@redhat.com' RCPT:''
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 07/10, Eric W. Biederman wrote:
>
> @@ -1602,6 +1603,20 @@ static __latent_entropy struct task_struct *copy_process(
>  {
>  	int retval;
>  	struct task_struct *p;
> +	unsigned seq;
> +
> +	/*
> +	 * Signals that are delivered to multiple processes need to be
> +	 * delivered to just the parent before the fork or both the
> +	 * parent and the child after the fork.  Cache the multiple
> +	 * process signal sequence number so we can detect any of
> +	 * these signals that happen during the fork.  In the unlikely
> +	 * event a signal comes in while fork is starting and restart
> +	 * fork to handle the signal.
> +	 */
> +	seq = read_seqcount_begin(&current->signal->multi_process_seq);
> +	if (signal_pending(current))
> +		return ERR_PTR(-ERESTARTNOINTR);
>
>  	/*
>  	 * Don't allow sharing the root directory with processes in a different
> @@ -1930,8 +1945,8 @@ static __latent_entropy struct task_struct *copy_process(
>  	 * A fatal signal pending means that current will exit, so the new
>  	 * thread can't slip out of an OOM kill (or normal SIGKILL).
>  	*/
> -	recalc_sigpending();
> -	if (signal_pending(current)) {
> +	if (read_seqcount_retry(&current->signal->multi_process_seq, seq) ||
> +	    fatal_signal_pending(current)) {
>  		retval = -ERESTARTNOINTR;
>  		goto bad_fork_cancel_cgroup;

So once again, I think this is not right, see the discussion on bugzilla.

If signal_pending() == T we simply can't know if copy_process() can succeed or not.
I have already mentioned the races with stop/freeze, but I think there are more.

And in fact I think that the fact that signal_wake_up() helps to avoid the races
with fork() is useful. Say, we could add signal_wake_up() into syscall_regfunc()
and kill syscall_tracepoint_update(). Not that I think this particular change makes
any sense, but it can work.



That is why I tried to sugest another approach. copy_process() should always fail
if signal_pending() == T, just the "real" signal should not disturb the forking
thread unless the signal is fatal or multi-process.

This also makes another difference in multi-threaded case, a signal with a handler
sent to a forking process will be re-targeted to another thread which can handle it;
with your patch this signal will be "blocked" until fork() finishes or until another
thread gets TIF_SIGPENDING. Not that I think this is that important, but still.

Oleg.