Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp436839ybl; Wed, 29 Jan 2020 03:20:24 -0800 (PST) X-Google-Smtp-Source: APXvYqxbOu/AJ/3LPRDdd4ZNHDyomhNskHCXtN2AAFIesKgM9gPn/3AqoSlRbSdgLu0pC6ecTAOe X-Received: by 2002:aca:220c:: with SMTP id b12mr5857429oic.55.1580296824111; Wed, 29 Jan 2020 03:20:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1580296824; cv=none; d=google.com; s=arc-20160816; b=0AuHWG4lufCBtYi9fSkOhIpXqf2zN9tTgOFxMM/w3HKB+e+8gUyg1ib8a23jPPuLr4 SSIN4EiUreJMpRcIRtNO2pl+NGLyfgJavFl6VBFwfLbfAvBitN7gyL7/RaxsXWmfJYbV P3AzlcgHRs2sN82Hpwx3pYhqs4uaq9vg1hBtbVA6PSIAaDtib+3upCKKxmUOdhlCTp4X r1CflfcNOAGJ/eKngqH/jbO1rxOAzVkxSAtReGMQpsw7eA5HHRHOmXo0V10IVogGaSWW cnvNaBnrkrdxy3O31fOkMT6Bl9GdaNLlCoMaZB2AVk0lqkDX/Fz9fk8Ofkcu2awpKNgK MSBA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=AkB/pElvimUjY0kGgdBiN9qo0bv3cSBC2+FXm4QjGbw=; b=OxQ0E+t4WIJiMrVdMzZ5dtYRwebs91ij8j2+JC61AjVO0DWdIUXbPtwpoej7+XD9Xt Tn8MH+F8j0jbFE1FQBrDLiElZ2wG1ZKhF392cDcw0+qbhHuFF9+rtX6ZCJWVLzibM+Or +huzPnuhHFXCwYmTqCdSR04GgXlRumCTzo+QAIsImEN1+omDIxMN4vf5j3zrS5/EcvBV 99hgQE38Z0mRTxqzQJDeNggGKiyIlCVeWbhDAeQqoFRxr55S4DKlQvVmo4vAotp8IX75 A9MwEkE1Hef2etxER3JKOUZmD0ruiD32chUan/VMaXIn/nPex/oHlZ3yR0rnrcCX4Obq sdng== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j2si980797otr.255.2020.01.29.03.20.12; Wed, 29 Jan 2020 03:20:24 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726564AbgA2LSx (ORCPT + 99 others); Wed, 29 Jan 2020 06:18:53 -0500 Received: from er-systems.de ([148.251.68.21]:36454 "EHLO er-systems.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726068AbgA2LSx (ORCPT ); Wed, 29 Jan 2020 06:18:53 -0500 X-Greylist: delayed 481 seconds by postgrey-1.27 at vger.kernel.org; Wed, 29 Jan 2020 06:18:51 EST Received: from localhost.localdomain (localhost [127.0.0.1]) by er-systems.de (Postfix) with ESMTP id 195F0D60074; Wed, 29 Jan 2020 12:10:48 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on er-systems.de X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from localhost (localhost [127.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by er-systems.de (Postfix) with ESMTPS id ECFBAD60071; Wed, 29 Jan 2020 12:10:47 +0100 (CET) Date: Wed, 29 Jan 2020 12:10:47 +0100 (CET) From: Thomas Voegtle X-X-Sender: thomas@er-systems.de To: Greg Kroah-Hartman cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org, ronnie sahlberg , =?ISO-8859-15?Q?Christoph_B=F6hmwalder?= , Steve French , Philipp Reisner , David Laight , "Eric W. Biederman" , Sasha Levin Subject: Re: [PATCH 4.9 183/271] signal: Allow cifs and drbd to receive their terminating signals In-Reply-To: <20200128135906.176803329@linuxfoundation.org> Message-ID: References: <20200128135852.449088278@linuxfoundation.org> <20200128135906.176803329@linuxfoundation.org> User-Agent: Alpine 2.21 (LSU 202 2017-01-01) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="-74181308-696423667-1580296247=:14408" X-Virus-Status: No X-Virus-Checker-Version: clamassassin 1.2.4 with clamdscan / ClamAV 0.102.1/25709/Tue Jan 28 12:49:39 2020 signatures . Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. ---74181308-696423667-1580296247=:14408 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8BIT On Tue, 28 Jan 2020, Greg Kroah-Hartman wrote: > From: Eric W. Biederman > > [ Upstream commit 33da8e7c814f77310250bb54a9db36a44c5de784 ] > > My recent to change to only use force_sig for a synchronous events > wound up breaking signal reception cifs and drbd. I had overlooked > the fact that by default kthreads start out with all signals set to > SIG_IGN. So a change I thought was safe turned out to have made it > impossible for those kernel thread to catch their signals. > > Reverting the work on force_sig is a bad idea because what the code > was doing was very much a misuse of force_sig. As the way force_sig > ultimately allowed the signal to happen was to change the signal > handler to SIG_DFL. Which after the first signal will allow userspace > to send signals to these kernel threads. At least for > wake_ack_receiver in drbd that does not appear actively wrong. > > So correct this problem by adding allow_kernel_signal that will allow > signals whose siginfo reports they were sent by the kernel through, > but will not allow userspace generated signals, and update cifs and > drbd to call allow_kernel_signal in an appropriate place so that their > thread can receive this signal. > > Fixing things this way ensures that userspace won't be able to send > signals and cause problems, that it is clear which signals the > threads are expecting to receive, and it guarantees that nothing > else in the system will be affected. > > This change was partly inspired by similar cifs and drbd patches that > added allow_signal. > > Reported-by: ronnie sahlberg > Reported-by: Christoph Böhmwalder > Tested-by: Christoph Böhmwalder > Cc: Steve French > Cc: Philipp Reisner > Cc: David Laight > Fixes: 247bc9470b1e ("cifs: fix rmmod regression in cifs.ko caused by force_sig changes") > Fixes: 72abe3bcf091 ("signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig") These two commits come with that release, but... > Fixes: fee109901f39 ("signal/drbd: Use send_sig not force_sig") > Fixes: 3cf5d076fb4d ("signal: Remove task parameter from force_sig") ...these two commits not and were never added to 4.9.y. Are these both really not needed? Thomas > Signed-off-by: "Eric W. Biederman" > Signed-off-by: Sasha Levin > --- > drivers/block/drbd/drbd_main.c | 2 ++ > fs/cifs/connect.c | 2 +- > include/linux/signal.h | 15 ++++++++++++++- > kernel/signal.c | 5 +++++ > 4 files changed, 22 insertions(+), 2 deletions(-) > > diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c > index f5c24459fc5c1..daa9cef96ec66 100644 > --- a/drivers/block/drbd/drbd_main.c > +++ b/drivers/block/drbd/drbd_main.c > @@ -332,6 +332,8 @@ static int drbd_thread_setup(void *arg) > thi->name[0], > resource->name); > > + allow_kernel_signal(DRBD_SIGKILL); > + allow_kernel_signal(SIGXCPU); > restart: > retval = thi->function(thi); > > diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c > index 7d46025d5e899..751bdde6515d5 100644 > --- a/fs/cifs/connect.c > +++ b/fs/cifs/connect.c > @@ -885,7 +885,7 @@ cifs_demultiplex_thread(void *p) > mempool_resize(cifs_req_poolp, length + cifs_min_rcv); > > set_freezable(); > - allow_signal(SIGKILL); > + allow_kernel_signal(SIGKILL); > while (server->tcpStatus != CifsExiting) { > if (try_to_freeze()) > continue; > diff --git a/include/linux/signal.h b/include/linux/signal.h > index 5308304993bea..ffa58ff53e225 100644 > --- a/include/linux/signal.h > +++ b/include/linux/signal.h > @@ -313,6 +313,9 @@ extern void signal_setup_done(int failed, struct ksignal *ksig, int stepping); > extern void exit_signals(struct task_struct *tsk); > extern void kernel_sigaction(int, __sighandler_t); > > +#define SIG_KTHREAD ((__force __sighandler_t)2) > +#define SIG_KTHREAD_KERNEL ((__force __sighandler_t)3) > + > static inline void allow_signal(int sig) > { > /* > @@ -320,7 +323,17 @@ static inline void allow_signal(int sig) > * know it'll be handled, so that they don't get converted to > * SIGKILL or just silently dropped. > */ > - kernel_sigaction(sig, (__force __sighandler_t)2); > + kernel_sigaction(sig, SIG_KTHREAD); > +} > + > +static inline void allow_kernel_signal(int sig) > +{ > + /* > + * Kernel threads handle their own signals. Let the signal code > + * know signals sent by the kernel will be handled, so that they > + * don't get silently dropped. > + */ > + kernel_sigaction(sig, SIG_KTHREAD_KERNEL); > } > > static inline void disallow_signal(int sig) > diff --git a/kernel/signal.c b/kernel/signal.c > index 30914b3c76b21..57fadbe69c2e6 100644 > --- a/kernel/signal.c > +++ b/kernel/signal.c > @@ -79,6 +79,11 @@ static int sig_task_ignored(struct task_struct *t, int sig, bool force) > handler == SIG_DFL && !(force && sig_kernel_only(sig))) > return 1; > > + /* Only allow kernel generated signals to this kthread */ > + if (unlikely((t->flags & PF_KTHREAD) && > + (handler == SIG_KTHREAD_KERNEL) && !force)) > + return true; > + > return sig_handler_ignored(handler, sig); > } > > ---74181308-696423667-1580296247=:14408--