Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp2089690pxb;
        Fri, 25 Mar 2022 10:54:28 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJz6iqQGEk1t0Rvcc8mtskIvyhJE1LOwnFOyY72PwBAzlgl5oBUHlpOEt0j1lftZUbI+/s1K
X-Received: by 2002:a63:1b5c:0:b0:382:76f4:c76b with SMTP id b28-20020a631b5c000000b0038276f4c76bmr596921pgm.424.1648230867967;
        Fri, 25 Mar 2022 10:54:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1648230867; cv=none;
        d=google.com; s=arc-20160816;
        b=MFJ/Hs08TXVuxIu2utr/yKjQTGeFiMhM5Rf45P3YRE6SNdJBn7zW8Z1lq/KONeGvua
         HBFVsHrbO4CI6rmIG7kEia4ODSXcVaiLUIGgtIjVh9GhAvO7DZv88x+JoAAcNF8sF+3g
         B5z3rMCNRH05cX2RXU/GS530geLQEt93Rf9IlP1vzT2oOpF6o2j+/1yGP0dER08K/k4A
         57/DwInc+HTx8xaxqPjtKk8kDX29fzPUTdCtKFnQkCEXmrK86QQa6Y0I8EGKR5DGAwqz
         mLVZd9+FbIT+HEzRED6A0ydWIXUouY/WVMGPYS8d01+L/H3bpUgZXowbCmhMLc75iisx
         PWRA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=AEPKdfQLbwPTzKqThQDGwgj7kWss99Dn8po4pyO255s=;
        b=gdimkae0ax+kGYER4F1pQ6MvWb/fAFDnhsO8Vz5kSidwF/IAuLW+KRuyM2iGLbVfhl
         rc+sn9WUTRTtHo5YtvPy4bsah4W/9bdetYGpIxVIvJfQOnKX/wmBQSQy9+KrsgPmzv5/
         MLPh90WarafTg8HShDDjmpGHp3/m/6q1kUsvxireNCT3wjYAzEZd+dQQCN9T9JNUjMwH
         Kf0vKxYkzqSjtEeviPE5cZzMnelvnWPonPZIh5dfqSEvVN7H8PP2XkkcvBArpB7ZMsIx
         8WaLU0p/urnT0wH6b4Cf8obWN6ypHiAxXWJnJqK5Wm6aVLAycEMP9HeHMLHblwiWJJoz
         D5Vw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20210112 header.b=ddWplO2l;
       spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19])
        by mx.google.com with ESMTPS id l20-20020a17090ac59400b001bed912d3c4si2973888pjt.174.2022.03.25.10.54.27
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 25 Mar 2022 10:54:27 -0700 (PDT)
Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20210112 header.b=ddWplO2l;
       spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by lindbergh.monkeyblade.net (Postfix) with ESMTP id 3760E9F39C;
	Fri, 25 Mar 2022 10:34:28 -0700 (PDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S239236AbiCVQqi (ORCPT <rfc822;0xff07.lkml@gmail.com>
        + 99 others); Tue, 22 Mar 2022 12:46:38 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59878 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S239231AbiCVQqh (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 22 Mar 2022 12:46:37 -0400
Received: from mail-yb1-xb31.google.com (mail-yb1-xb31.google.com [IPv6:2607:f8b0:4864:20::b31])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1D924B873
        for <linux-kernel@vger.kernel.org>; Tue, 22 Mar 2022 09:45:09 -0700 (PDT)
Received: by mail-yb1-xb31.google.com with SMTP id u103so34675062ybi.9
        for <linux-kernel@vger.kernel.org>; Tue, 22 Mar 2022 09:45:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=AEPKdfQLbwPTzKqThQDGwgj7kWss99Dn8po4pyO255s=;
        b=ddWplO2lvUqvqxO14GRhtJiIcIil6ImSCV0lQvOyB6RhwfseAeO/f3MbwjXg0gB2AI
         Y6wK6Z1zurAf8hSxxYyh5aO+O+vxAaoemeucwVmcGyYcyPCo1ko+7oQaiVttX2jLA/Gl
         uABWSRhRigugKLHpvjeYnO1NzwOnJZJmZabgbd9pBfOzTCWhBhUMXEkS8wkosbIx40wn
         7LaVEhfF7lNrRyEifBQcWvpUCYdPxhbyh0kHyJO/LVgH8nw7leDhZUbS8WB52AsELMI5
         P3YeBG8ZJY0h4acRiqBgl5+sR7snJPYaA8UFnAo131KEGnUFAPbVlyKVonkYIZI+09Ie
         Uqug==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=AEPKdfQLbwPTzKqThQDGwgj7kWss99Dn8po4pyO255s=;
        b=SbFa8SnBsU+MnJm9+oVkB0DptOanX4eKmzwgTZaBYU8O73+w2WKAjw+NQIKJgy3HVM
         eT4WFKNt3Yc5e2o5/FXUqIF3P8gT5lEQBWhgODv1oGYd5AfuiF41q7+KMttAhjFNDCht
         iaoHaD8lIg7+izAfUEi5gesC/lzWBwmdjZp58BevHeyVeSls6co007kLs1LH0P1lZyfW
         XvG2BoBRRiaSDf7oHX97Ar6TaIMLFpnsy0cJY3KntKun8oWCKBBXqkeqOkRbT5M3TuqL
         u7O1DDRMOhfvnAPfK14MlC8QgFl7VVVhoFHFf71GVdkbALheGqPSn9wDjTmnaMFaYL4T
         EdqA==
X-Gm-Message-State: AOAM533ad/Lz2pPyYsiuC8lsZM2nYi4c72//HRtgZ6N7kn1mQgIGdXqL
        e1NiMRiJVaw94Bs6qAuE05lQejGyK7EdK2yW3t+j5A==
X-Received: by 2002:a05:6902:203:b0:628:7b6f:2845 with SMTP id
 j3-20020a056902020300b006287b6f2845mr28163313ybs.533.1647967508132; Tue, 22
 Mar 2022 09:45:08 -0700 (PDT)
MIME-Version: 1.0
References: <Yjmn/kVblV3TdoAq@elver.google.com> <87ee2uyr4z.fsf@email.froward.int.ebiederm.org>
In-Reply-To: <87ee2uyr4z.fsf@email.froward.int.ebiederm.org>
From:   Marco Elver <elver@google.com>
Date:   Tue, 22 Mar 2022 17:44:31 +0100
Message-ID: <CANpmjNN4UjUTB5x6-2T-+b7MY=oAYn37MKvQy-4jYh6JDeJuKg@mail.gmail.com>
Subject: Re: RFC: Use of user space handler vs. SIG_DFL on forced signals
To:     "Eric W. Biederman" <ebiederm@xmission.com>
Cc:     Peter Zijlstra <peterz@infradead.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>,
        Dmitry Vyukov <dvyukov@google.com>,
        linux-perf-users@vger.kernel.org, linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-9.5 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE,
	USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, 22 Mar 2022 at 15:54, Eric W. Biederman <ebiederm@xmission.com> wrote:
> Marco Elver <elver@google.com> writes:
>
> > Hello,
> >
> > Currently force_sig_info_to_task() will always unblock a blocked signal
> > but deliver the signal to SIG_DFL:
> >
> >       [...]
> >        * Note: If we unblock the signal, we always reset it to SIG_DFL,
> >        * since we do not want to have a signal handler that was blocked
> >        * be invoked when user space had explicitly blocked it.
> >       [...]
> >
> > Is this requirement part of the POSIX spec? Or is the intent simply to
> > attempt to do the least-bad thing?
>
> I have not found any POSIX language about this.
>
> The options are either we terminate the application, or the application
> spins forever re-triggering the trap.

Is this in case of things like SEGV? I think this doesn't quite apply
to us. The cause of the signal (perf event) is rather benign, and the
signal handler can deal with recursion.

[...]
> > For SIGTRAP on perf events we found this makes the situation worse,
> > since the cause of the signal wasn't an error condition, but explicitly
> > requested monitoring. In this case, we do in fact want delivery of the
> > signal to user space even if the signal is blocked, i.e.
> > force_sig_perf() should be an unblockable forced synchronous signal to
> > user space!
>
> Which is exactly what we have.  If you block it you get terminated.

Right, however, in this case we want to monitor/trace memory accesses
etc, and some 3rd party code such as a library being traced isn't
under our control.

What we can do instead is to intercept sigprocmask() and work around
the issue, but libc interception is brittle. :-/
We do just want to receive the signal, all the time.

[...]
> I think HANDLER_UNBLOCK is pretty much nonsense.
>
> A block signal very much means that userspace is not prepared to handle
> the signal.  So calling something that is not ready to be called can't
> work.  That is common sense, and I expect in POSIX as well.

The fundamental question is, if we have a valid signal handler, but
sigprocmask() is called, how do we still keep receiving signals for
SIGTRAP despite sigprocmask()?

Perhaps this is impossible without intercepting sigprocmask() in user
space, in which we'll need to find a different solution.

> I expect that either you are looking for something like what ptrace does
> with signal interruptions where another process is notified, and
> userspace does not need to be involved, or that this is a don't do that
> then.
>
> Or possibly you have some weird asynchronous signal thing happening and
> you are calling it synchronous.

Not quite. We need it to be synchronous, because we need to know the
precise instruction and potentially do some other stuff _before_
subsequent instructions.

A compromise might be to deliver synchronously normally, but when
blocked deliver asynchronously. But if the signal was delivered
asynchronously, we need to let the signal handler know delivery was
asynchronous, so that our tracing logic can recover and give up at
that point.

To do this indication if it was asynchronous, we probably need to
extend siginfo_t once more. Would that be reasonable?

Thanks,
-- Marco