Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp2052962pxb; Sun, 16 Jan 2022 08:22:37 -0800 (PST) X-Google-Smtp-Source: ABdhPJxoaFGBpd7smJz3TVDDhmp2j0xY7DHTZMBR62l6Ge9H7GCqJ2D0QY0p2pmFM68pjR12ncdm X-Received: by 2002:a63:798a:: with SMTP id u132mr15433643pgc.561.1642350156988; Sun, 16 Jan 2022 08:22:36 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1642350156; cv=none; d=google.com; s=arc-20160816; b=AECrBybNp1/SIxQq9qKd0noguUuBB5xP7s2ArHAKVICWV+6dEVoBP5V+Jttulb7wjY lObvP5VnaH5t7zXCz3DRYttmMW5n4AEdDFa9oBSM11quVm15V6k2F5WhcYsOI2Zv/q+3 tvi1KwyUgEUdwmKOEfGZUs8jaFwVdWcT/9qRh6OijrwxdZ5tY1q57T84bvj3cQqTy5wO 5PmUj6UUv3BFZFVEvCKxG6F/f0dZmH/flkfqhZtNUnf9y0Zhl1s8a4hQtiRDyZPBDkZA eBX3nUN14Sq+6yG6h80SERtOZ6Qc/Dy85UaQn5v7mo210e64ZJoGBmpltRVAPSN2aV/e tTKg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:organization:references:in-reply-to:date:cc:to:from :subject:message-id; bh=52zQtTYwgO70lkXCHJ1uZzq7X1b/CrgNbSwbJvtbEwo=; b=BGEjcTldXn8HXjytB2Bs/abtS3SS4lR7fx4b9K+b4t7WHCnte3FpHYFKMOuND4NxLZ 76+VhzTqpQ97kzf8qkYAHlhngBf1/iEtHTJ8Yso66QRJ83xC4DiSJQh961G9yBKmytcG l8Mc/JyFX8JyZWispzBqLCanmFF7x5EsiE1a/YqJpQmpYPp8V/lKkvOB31LlN6ScEmTh ibN3E1sfje74TwDkEXHzN7//BajMXsTlILiWlosxiZX1QsVBhEsPpgRuv9sBDaWLjQOn QxUL6eQlg2Ybd6C9KfqPoGePIrivNki332vpskV6u483YsBOJQu2mTsD/YXiGc2zIETG jQ1w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q8si11926320pgq.806.2022.01.16.08.22.25; Sun, 16 Jan 2022 08:22:36 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232628AbiAOTXo (ORCPT + 99 others); Sat, 15 Jan 2022 14:23:44 -0500 Received: from cloud48395.mywhc.ca ([173.209.37.211]:48568 "EHLO cloud48395.mywhc.ca" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230216AbiAOTXn (ORCPT ); Sat, 15 Jan 2022 14:23:43 -0500 Received: from modemcable064.203-130-66.mc.videotron.ca ([66.130.203.64]:43386 helo=[192.168.1.179]) by cloud48395.mywhc.ca with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1n8oeG-0005wd-FD; Sat, 15 Jan 2022 14:23:36 -0500 Message-ID: <991211d94c6dc0ad3501cd9f830cdee916b982b3.camel@trillion01.com> Subject: Re: [PATCH 1/8] signal: Make SIGKILL during coredumps an explicit special case From: Olivier Langlois To: "Eric W. Biederman" , Linus Torvalds Cc: Heiko Carstens , Linux Kernel Mailing List , "" , Linux API , Alexey Gladkov , Kyle Huey , Oleg Nesterov , Kees Cook , Al Viro , Jens Axboe , Pavel Begunkov Date: Sat, 15 Jan 2022 14:23:34 -0500 In-Reply-To: <87h7a5kgan.fsf@email.froward.int.ebiederm.org> References: <87a6ha4zsd.fsf@email.froward.int.ebiederm.org> <20211213225350.27481-1-ebiederm@xmission.com> <87sfu3b7wm.fsf@email.froward.int.ebiederm.org> <87ilurwjju.fsf@email.froward.int.ebiederm.org> <87o84juwhg.fsf@email.froward.int.ebiederm.org> <57dfc87c7dd5a2f9f9841bba1185336016595ef7.camel@trillion01.com> <87lezmrxlq.fsf@email.froward.int.ebiederm.org> <87mtk2qf5s.fsf@email.froward.int.ebiederm.org> <87h7a5kgan.fsf@email.froward.int.ebiederm.org> Organization: Trillion01 Inc Content-Type: text/plain; charset="ISO-8859-1" User-Agent: Evolution 3.42.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - cloud48395.mywhc.ca X-AntiAbuse: Original Domain - vger.kernel.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - trillion01.com X-Get-Message-Sender-Via: cloud48395.mywhc.ca: authenticated_id: olivier@trillion01.com X-Authenticated-Sender: cloud48395.mywhc.ca: olivier@trillion01.com X-Source: X-Source-Args: X-Source-Dir: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 2022-01-14 at 18:12 -0600, Eric W. Biederman wrote: > Linus Torvalds writes: > > > On Tue, Jan 11, 2022 at 10:51 AM Eric W. Biederman > > wrote: > > > > > > +?????? while ((n == -ERESTARTSYS) && > > > test_thread_flag(TIF_NOTIFY_SIGNAL)) { > > > +?????????????? tracehook_notify_signal(); > > > +?????????????? n = __kernel_write(file, addr, nr, &pos); > > > +?????? } > > > > This reads horribly wrongly to me. > > > > That "tracehook_notify_signal()" thing *has* to be renamed before > > we > > have anything like this that otherwise looks like "this will just > > loop > > forever". > > > > I'm pretty sure we've discussed that "tracehook" thing before - the > > whole header file is misnamed, and most of the functions in theer > > are > > too. > > > > As an ugly alternative, open-code it, so that it's clear that "yup, > > that clears the TIF_NOTIFY_SIGNAL flag". > > A cleaner alternative looks like to modify the pipe code to use > wake_up_XXX instead of wake_up_interruptible_XXX and then have code > that does pipe_write_killable instead of pipe_write_interruptible. Do not forget that the problem might not be limited to the pipe FS as Oleg Nesterov pointed out here: https://lore.kernel.org/io-uring/20210614141032.GA13677@redhat.com/ This is why I did like your patch fixing __dump_emit. If the only problem is the tracehook_notify_signal() function unclear name, that should be addressed instead of trying to fix the problem in a different way. > > There is also a question of how all of this should interact with the > freezer, as I think changing from interruptible to killable means > that > the coredumps became unfreezable. > > I am busily simmering this on my back burner and I hope I can come up > with something sensible. IMHO, fixing the problem on the emit function side has the merit of being future proof if something else than io_uring in the future would raise the TIF_NOTIFY_SIGNAL flag but I am wondering why no one commented anything about my proposal of cancelling io_uring before generating the core dump therefore stopping it to flip TIF_NOTIFY_SIGNAL while the core dump is generated. Is there something wrong with my proposed approach? https://lore.kernel.org/lkml/cover.1629655338.git.olivier@trillion01.com/ It did flawlessly created many dozens of io_uring app core dumps in the last months for me... Olivier