Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp761811pxj;
        Thu, 10 Jun 2021 12:03:56 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyw0fmVagWrWd2kDCiwix5zs7lKFi9U5paZHRW+BnLX95+/SYBMe608pgX8tvLhPMX42BSS
X-Received: by 2002:a17:907:2b26:: with SMTP id gc38mr107806ejc.31.1623351836277;
        Thu, 10 Jun 2021 12:03:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1623351836; cv=none;
        d=google.com; s=arc-20160816;
        b=MNRIMNqFtI7lZrTquwVxjDl9S/te5uWHZ1HaPHbi83S9PF/iPMYsVYZm7YV20Gh9nJ
         Iw+ofm+fZgqJnjaGo7SzRm58jC7xnyhXsdPeT968lxylGxVDVPKCkCm6e8tixv3GS+el
         esiWjUA6J/C5M49ufCD2V971yEl7EQfJKI2920eTXkN+Ioh9TIhDyfjoSNrbSyUgZncz
         IKgph/NxZ4y02+R6bZKQpDZaojTcA8siIMYuBn6rlW+yv2GHYZigCkoGCkMPblJ/ZFr2
         G8qxOqXRmDo17BjYeF/S+f5NyH72F8XLejbau5hNOIQxdj08dxmBoVzlK/UziPukLeEb
         WGoA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:subject:mime-version:user-agent:message-id
         :in-reply-to:date:references:cc:to:from;
        bh=XaKIV6+N+8Tl74OY22xTQKMLn1IRH3sQGDB/XdgWjZU=;
        b=R7KY6u7ge3cGHkKgaDeTDPScPA8usmVadQYAcGrkOTRVkaI8hIrvrMBLnEZG9o7uxt
         1ajtYPX//v5B6D/xZ3p7eRdh0pnWiJ7g6lveq6l+mMD40oSYzztJLhEV0tsne+HIgr6Y
         JP9Br28DfxRa4h6lIygM9sfXP0z3BGwUgkgVpIWjA2pRGSe4tlPWQi3raR62b2HIW2tY
         nk2tjGig8h1bTGOTxqJwcEsDU8A7j4PpJE5MOWFv2bBl+opyHlCXJYxReq4W/Dly/Zp4
         g2ss+Bxt6nL+Oijy4DCObrOBW+6GslJ+UnFUBIn3CjCl2kD4KKprsNogc7766bzP2G72
         7uRw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xmission.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id m9si3327715ejj.645.2021.06.10.12.03.29;
        Thu, 10 Jun 2021 12:03:56 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xmission.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230443AbhFJTC5 (ORCPT <rfc822;lyj496332184@gmail.com>
        + 99 others); Thu, 10 Jun 2021 15:02:57 -0400
Received: from out01.mta.xmission.com ([166.70.13.231]:40716 "EHLO
        out01.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230363AbhFJTC4 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 10 Jun 2021 15:02:56 -0400
Received: from in02.mta.xmission.com ([166.70.13.52])
        by out01.mta.xmission.com with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        (Exim 4.93)
        (envelope-from <ebiederm@xmission.com>)
        id 1lrPvG-007Nxt-Ve; Thu, 10 Jun 2021 13:00:59 -0600
Received: from ip68-227-160-95.om.om.cox.net ([68.227.160.95] helo=email.xmission.com)
        by in02.mta.xmission.com with esmtpsa  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        (Exim 4.93)
        (envelope-from <ebiederm@xmission.com>)
        id 1lrPvF-0033vg-Vq; Thu, 10 Jun 2021 13:00:58 -0600
From:   ebiederm@xmission.com (Eric W. Biederman)
To:     Olivier Langlois <olivier@trillion01.com>
Cc:     Linus Torvalds <torvalds@linux-foundation.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        linux-fsdevel <linux-fsdevel@vger.kernel.org>,
        io-uring <io-uring@vger.kernel.org>,
        Alexander Viro <viro@zeniv.linux.org.uk>,
        Jens Axboe <axboe@kernel.dk>,
        "Pavel Begunkov\>" <asml.silence@gmail.com>,
        Oleg Nesterov <oleg@redhat.com>
References: <192c9697e379bf084636a8213108be6c3b948d0b.camel@trillion01.com>
        <9692dbb420eef43a9775f425cb8f6f33c9ba2db9.camel@trillion01.com>
        <87h7i694ij.fsf_-_@disp2133>
        <CAHk-=wjC7GmCHTkoz2_CkgSc_Cgy19qwSQgJGXz+v2f=KT3UOw@mail.gmail.com>
        <198e912402486f66214146d4eabad8cb3f010a8e.camel@trillion01.com>
        <87eeda7nqe.fsf@disp2133>
        <b8434a8987672ab16f9fb755c1fc4d51e0f4004a.camel@trillion01.com>
        <87pmwt6biw.fsf@disp2133>
Date:   Thu, 10 Jun 2021 13:58:50 -0500
In-Reply-To: <87pmwt6biw.fsf@disp2133> (Eric W. Biederman's message of "Thu,
        10 Jun 2021 09:26:47 -0500")
Message-ID: <87czst5yxh.fsf_-_@disp2133>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-XM-SPF: eid=1lrPvF-0033vg-Vq;;;mid=<87czst5yxh.fsf_-_@disp2133>;;;hst=in02.mta.xmission.com;;;ip=68.227.160.95;;;frm=ebiederm@xmission.com;;;spf=neutral
X-XM-AID: U2FsdGVkX1/gjeIt4M0w61GWd6CrpFRIrAIOaWZ7fgc=
X-SA-Exim-Connect-IP: 68.227.160.95
X-SA-Exim-Mail-From: ebiederm@xmission.com
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on sa02.xmission.com
X-Spam-Level: 
X-Spam-Status: No, score=-0.2 required=8.0 tests=ALL_TRUSTED,BAYES_50,
        DCC_CHECK_NEGATIVE,T_TM2_M_HEADER_IN_MSG autolearn=disabled
        version=3.4.2
X-Spam-Virus: No
X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP
        *  0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
        *      [score: 0.5000]
        *  0.0 T_TM2_M_HEADER_IN_MSG BODY: No description available.
        * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC
        *      [sa02 1397; Body=1 Fuz1=1 Fuz2=1]
X-Spam-DCC: XMission; sa02 1397; Body=1 Fuz1=1 Fuz2=1 
X-Spam-Combo: ;Olivier Langlois <olivier@trillion01.com>
X-Spam-Relay-Country: 
X-Spam-Timing: total 420 ms - load_scoreonly_sql: 0.03 (0.0%),
        signal_user_changed: 4.6 (1.1%), b_tie_ro: 3.2 (0.8%), parse: 1.14
        (0.3%), extract_message_metadata: 14 (3.3%), get_uri_detail_list: 2.5
        (0.6%), tests_pri_-1000: 11 (2.7%), tests_pri_-950: 1.08 (0.3%),
        tests_pri_-900: 0.80 (0.2%), tests_pri_-90: 72 (17.2%), check_bayes:
        71 (17.0%), b_tokenize: 6 (1.4%), b_tok_get_all: 8 (1.8%),
        b_comp_prob: 1.97 (0.5%), b_tok_touch_all: 53 (12.6%), b_finish: 0.63
        (0.2%), tests_pri_0: 303 (72.2%), check_dkim_signature: 0.40 (0.1%),
        check_dkim_adsp: 2.0 (0.5%), poll_dns_idle: 0.57 (0.1%), tests_pri_10:
        1.73 (0.4%), tests_pri_500: 7 (1.6%), rewrite_mail: 0.00 (0.0%)
Subject: [CFT}[PATCH] coredump: Limit what can interrupt coredumps
X-SA-Exim-Version: 4.2.1 (built Sat, 08 Feb 2020 21:53:50 +0000)
X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com)
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


Olivier Langlois has been struggling with coredumps written incompletely
in processes using io_uring.

Olivier Langlois <olivier@trillion01.com> writes:
> io_uring is a big user of task_work and any event that io_uring made a
> task waiting for that occurs during the core dump generation will
> generate a TIF_NOTIFY_SIGNAL.
>
> Here are the detailed steps of the problem:
> 1. io_uring calls vfs_poll() to install a task to a file wait queue
>    with io_async_wake() as the wakeup function cb from io_arm_poll_handler()
> 2. wakeup function ends up calling task_work_add() with TWA_SIGNAL
> 3. task_work_add() sets the TIF_NOTIFY_SIGNAL bit by calling
>    set_notify_signal()

The coredump code deliberately supports being interrupted by SIGKILL,
and depends upon prepare_signal to filter out all other signals.   Now
that signal_pending includes wake ups for TIF_NOTIFY_SIGNAL this hack
in dump_emitted by the coredump code no longer works.

Make the coredump code more robust by explicitly testing for all of
the wakeup conditions the coredump code supports.  This prevents
new wakeup conditions from breaking the coredump code, as well
as fixing the current issue.

The filesystem code that the coredump code uses already limits
itself to only aborting on fatal_signal_pending.  So it should
not develop surprising wake-up reasons either.

With dump_interrupted properly testing for the reasons it supports
being interrupted remove the special case from prepare_signal.

Fixes: 12db8b690010 ("entry: Add support for TIF_NOTIFY_SIGNAL")
Reported-by: Olivier Langlois <olivier@trillion01.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---

Olivier can you test this, and confirm this works for you?

 fs/coredump.c   | 2 +-
 kernel/signal.c | 2 --
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/fs/coredump.c b/fs/coredump.c
index 2868e3e171ae..c3d8fc14b993 100644
--- a/fs/coredump.c
+++ b/fs/coredump.c
@@ -519,7 +519,7 @@ static bool dump_interrupted(void)
 	 * but then we need to teach dump_write() to restart and clear
 	 * TIF_SIGPENDING.
 	 */
-	return signal_pending(current);
+	return fatal_signal_pending(current) || freezing(current);
 }
 
 static void wait_for_dump_helpers(struct file *file)
diff --git a/kernel/signal.c b/kernel/signal.c
index f7c6ffcbd044..83d534deeb76 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -943,8 +943,6 @@ static bool prepare_signal(int sig, struct task_struct *p, bool force)
 	sigset_t flush;
 
 	if (signal->flags & (SIGNAL_GROUP_EXIT | SIGNAL_GROUP_COREDUMP)) {
-		if (!(signal->flags & SIGNAL_GROUP_EXIT))
-			return sig == SIGKILL;
 		/*
 		 * The process is in the middle of dying, nothing to do.
 		 */
-- 
2.20.1