Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp3706700imw; Mon, 11 Jul 2022 14:08:11 -0700 (PDT) X-Google-Smtp-Source: AGRyM1uaINf0spzdP3BGp1aZBtxsgp3Hm2S9SuvU6AyKLXIy2dZTrOE+3hohsM6dk8k/vEqLGbsy X-Received: by 2002:a05:6402:2936:b0:43a:711c:7c9b with SMTP id ee54-20020a056402293600b0043a711c7c9bmr27744626edb.144.1657573691675; Mon, 11 Jul 2022 14:08:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1657573691; cv=none; d=google.com; s=arc-20160816; b=Q4CjolaCPo7tAsHQUbuFGss7e/U3KanYhxOZQoJpNR57HYxE2uX8LTu9oVpj6PnaYN B1q3nn2WivFzuthaaaaI3stsAv+QInzU8jLuSbVPwsPOIIhdTeaDp/wjWUi9zZifIr06 pngZc0BIkCbZX7RUVOWXnXxoqbEAKDlhQV2mUBmtLtJX/ET/Fhu3IqypumXeospu2FCG mB3drc2ucjgPTKeBEZWUtIc2plyq2ica0kW2JNTj1jbAX1EOY+JFCjQ3bQdWnTtXCK+w JaU8BajdkFeqfWJO/xDfATzG1vWUBNups+ZZN1U/ZMG9Nqozy4dAMeI8Kj7bz7hPzGxy 6tUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:feedback-id :dkim-signature:dkim-signature; bh=kNzIp30Qm/z7d269z2/7uprxKlfk1b3Xh9kIgnDKL3w=; b=imgDANJJDzi5cgQnIW3VquQAF2+8jqKgoQWFnNOzkKGK3Mu2Nv/UGOQxndegAxlY9Q u0jl+42swiaLXvQr+A1zVvNhpR3Wd/IYuwZvX1XYUmI7vqVG+oG9/DuLY+nh1m+WNtoD NebZPCaLgMwobzMjdGOucZmQOIs+klbU3up1IOzRF7vEu3gt1AqL1EPGnLliefndwO8M K82XpcRWvDZHOgNu5DYy7aiBS4UladWrLuT0f+BeC/uIEf0Kxk4b3lYzXl7KkWqBHqPi jFQCP+bfSzWOs+Qrv4JpscSMQuaRuDeEvngtg1qiU3NEG8Vg70GKlfcF8kBMQq3X5qzn E+ww== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@tycho.pizza header.s=fm2 header.b=jdSmgR3n; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=k5rCBC2I; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i10-20020a05640242ca00b0043ad32fcc93si7722264edc.565.2022.07.11.14.07.46; Mon, 11 Jul 2022 14:08:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@tycho.pizza header.s=fm2 header.b=jdSmgR3n; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=k5rCBC2I; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230350AbiGKU1b (ORCPT + 99 others); Mon, 11 Jul 2022 16:27:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44494 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229979AbiGKUZk (ORCPT ); Mon, 11 Jul 2022 16:25:40 -0400 Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B8A974D812; Mon, 11 Jul 2022 13:25:27 -0700 (PDT) Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 0771B5C0130; Mon, 11 Jul 2022 16:25:25 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Mon, 11 Jul 2022 16:25:25 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tycho.pizza; h= cc:cc:content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm2; t=1657571125; x=1657657525; bh=kNzIp30Qm/ z7d269z2/7uprxKlfk1b3Xh9kIgnDKL3w=; b=jdSmgR3nMHSEZedXM5Yb9S/a66 VWyn4EdjuZc6tTPaLqq1KzPMJQt9mT7jXaIPKzyuDBHBY6lHP3385uKfUG3eRZsA 7qIELLk4Y5sJE87O8iuD9v1dTyPAuUSHkBvorFw63UzEYHCv7HAkvciUKq4c6tKa 6SfOVYVEHu9uCOAMmxkqjJcDMkSQqmnZ7qLMsH2Flrw1ssXzzjjG6tzm4wrBc4p8 PzlFxlxCztZjot7Qnv3Fpxyc6IizHrp7RX6GuBEl/nMvp63pJaby8lN6JAKITDYY kPt7nhnjsOvdL9COeX9wqq08xW+JB1f9J3qfQxfj7EtsRMLJoblB8gCJ2e2A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm3; t=1657571125; x=1657657525; bh=kNzIp30Qm/z7d269z2/7uprxKlfk 1b3Xh9kIgnDKL3w=; b=k5rCBC2IsD779cvf/It1Nxc+98YUYsRPuKokoHQXcS+h 119XRyia2VNbLP+m6impbKEn7Y20/n52qOwE3vYr3ZEoA3kGJRH24QDNbV6Miylt QTDKd9meOrUNyGchCPM4pZEBlJ6L7hS88+ou5zO0bH1AQEsbsQ9BpXE97WCddBpF qu5tCMZWuyvQQxqrnUY/k8urkbZxdv/295w61YNmUTlA1n13JqIdxMUIlIrpVNHd rnWYqBzWT9ZoJOSGaqnKCrn6OQuTlcbgskf9G0MXoumnpgIpwMozDdC3IoX+CWBN dZXJ/o1Evg65WevBCatMrVtpgIMDfWCM415S+Lf3fw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrudejfedgudeglecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpeffhffvvefukfhfgggtuggjsehttdertddttddvnecuhfhrohhmpefvhigt hhhoucetnhguvghrshgvnhcuoehthigthhhosehthigthhhordhpihiiiigrqeenucggtf frrghtthgvrhhnpeeutedttefgjeefffehffffkeejueevieefudelgeejuddtfeffteek lefhleelteenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhroh hmpehthigthhhosehthigthhhordhpihiiiigr X-ME-Proxy: Feedback-ID: i21f147d5:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 11 Jul 2022 16:25:23 -0400 (EDT) Date: Mon, 11 Jul 2022 14:25:21 -0600 From: Tycho Andersen To: Miklos Szeredi , Eric Biederman Cc: Christian Brauner , fuse-devel , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: strange interaction between fuse + pidns Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi all, On Mon, Jul 11, 2022 at 03:59:15PM +0200, Miklos Szeredi wrote: > On Mon, 11 Jul 2022 at 12:35, Miklos Szeredi wrote: > > > > Can you try the attached untested patch? > > Updated patch to avoid use after free on req->args. > > Still mostly untested. Thanks, when I applied your patch, I still ended up with tasks stuck waiting with a SIGKILL pending. So I looked into that and came up with the patch below. With both your patch and mine, my testcase exits cleanly. Eric (or Christian, or anyone), can you comment on the patch below? I have no idea what this will break. Maybe instead a better approach is some additional special case in __send_signal_locked()? Tycho From b7ea26adcf3546be5745063cc86658acb5ed37e9 Mon Sep 17 00:00:00 2001 From: Tycho Andersen Date: Mon, 11 Jul 2022 11:26:58 -0600 Subject: [PATCH] sched: __fatal_signal_pending() should also check shared signals The wait_* code uses signal_pending_state() to test whether a thread has been interrupted, which ultimately uses __fatal_signal_pending() to detect if there is a fatal signal. When a pid ns dies, in zap_pid_ns_processes() it does: group_send_sig_info(SIGKILL, SEND_SIG_PRIV, task, PIDTYPE_MAX); for all the tasks in the pid ns. That calls through: group_send_sig_info() -> do_send_sig_info() -> send_signal_locked() -> __send_signal_locked() which does: pending = (type != PIDTYPE_PID) ? &t->signal->shared_pending : &t->pending; which puts sigkill in the set of shared signals, but not the individual pending ones. If tasks are stuck in a killable wait (e.g. a fuse flush operation), they won't see this shared signal, and will hang forever, since TIF_SIGPENDING is set, but the fatal signal can't be detected. Signed-off-by: Tycho Andersen --- include/linux/sched/signal.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/linux/sched/signal.h b/include/linux/sched/signal.h index cafbe03eed01..a033ccb0a729 100644 --- a/include/linux/sched/signal.h +++ b/include/linux/sched/signal.h @@ -402,7 +402,8 @@ static inline int signal_pending(struct task_struct *p) static inline int __fatal_signal_pending(struct task_struct *p) { - return unlikely(sigismember(&p->pending.signal, SIGKILL)); + return unlikely(sigismember(&p->pending.signal, SIGKILL) || + sigismember(&p->signal->shared_pending.signal, SIGKILL)); } static inline int fatal_signal_pending(struct task_struct *p) base-commit: 32346491ddf24599decca06190ebca03ff9de7f8 -- 2.34.1