Received: by 2002:ab2:784b:0:b0:1fd:adc2:8405 with SMTP id m11csp482032lqp; Mon, 10 Jun 2024 09:42:23 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWqUl77Y/ldkVx+Rd+2smmZsYJHqMsM4ToLDQ8Q63f+loFUEarjjmBgkxsMPCSJVmJsDHk1LymLeDr2p9DI9LMV5LLwEpAnJkX1BSDt9w== X-Google-Smtp-Source: AGHT+IG32qM+gZlwY18L0I+ZkYIvNtNbpjx5EW/mhO340yoHXjvtM6Cf89Ayc8qjlCvbX30BDMvM X-Received: by 2002:a2e:351a:0:b0:2eb:d620:88d9 with SMTP id 38308e7fff4ca-2ebd6208a5cmr30465001fa.30.1718037743796; Mon, 10 Jun 2024 09:42:23 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1718037743; cv=pass; d=google.com; s=arc-20160816; b=KrWx64VBoFuNtOo/MDKP9pQM93LPhxELAXDRS8y7k6Jr4Fl13NBrCa9f2erg9nSUxd 7Uvx8QO/uCpyBTD28LnJ1gtl1VwLFVRV9bVnF8idK49d1DKARRQr13tCjo52BFDGa3sx p6mexrti4FDoyC2zdcUBgIy08c2bxCntWoymeO0OdAItAGKm5KSuXNNJ6w796TaXbBT3 4brx5d++DcfQuDB5Z3kxn1WkdseXc2FprliKo+7iSJ0fRloweKSqLguouQ1NjdOrTCLO mGs9rqNqFttFbytpAH1KdZCTadnDNZ+c2UV4H8Z5RAH3oIxuv7cDf5ZRvwHtzR+1UH6J 8Wbw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-id:precedence:date:subject:cc :to:from:dkim-signature:dkim-signature:message-id; bh=Y97X1hCIqC8tCID3Mbb1xLXKzP4tAr21aS9yht0Py/w=; fh=joBs/8L+orz77ylyCy6wqNwwi35f7sYhLR+/TQjQjhI=; b=vXrEFErhz0cMk6I4H0fz918KZk9w22TGXghQ0TPOczjafLX301Jto+UMYHPCNu7+s+ SBg6lsBZ6PBX8B1wdXXylR17Jen+M9eiaNwaKCX3A0aqn+eQIf6WtuMHy9FAGvYr9xUX pYaC/LfjmiLCp53Ce0sp8hkH+k0x0khl6MNiTh9dF/969sGu+pnKkjQnB9nQPp36ut9i 2ZW15jyT9VFK2zwIaQg+a7d4+7TwjVn8ovdBgGC6MPJ1tPV9tsJIXJyO2e/Z4O9ZGwbT 6Y2UNeEXce24rOmiB1eUjLpQH+nJYulz3kFfi8g1OuvPp6bO1gu38fykhBx5melIsf1Q CJxA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=3pYnDC9b; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e; arc=pass (i=1 spf=pass spfdomain=linutronix.de dkim=pass dkdomain=linutronix.de dmarc=pass fromdomain=linutronix.de); spf=pass (google.com: domain of linux-kernel+bounces-208564-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-208564-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id 4fb4d7f45d1cf-57aae266352si4778045a12.577.2024.06.10.09.42.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 10 Jun 2024 09:42:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-208564-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=3pYnDC9b; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e; arc=pass (i=1 spf=pass spfdomain=linutronix.de dkim=pass dkdomain=linutronix.de dmarc=pass fromdomain=linutronix.de); spf=pass (google.com: domain of linux-kernel+bounces-208564-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-208564-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 8045A1F22115 for ; Mon, 10 Jun 2024 16:42:23 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id BFAAA14532C; Mon, 10 Jun 2024 16:42:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="3pYnDC9b"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="0nmL/j+H" Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1EE4882495 for ; Mon, 10 Jun 2024 16:42:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718037735; cv=none; b=lewS/gKkaepREHbcUcVr2OaH1rZVKIFzYmQdDNKAzhZAcMT+XN5evNbd9gSk0UyZAYB9S0Wi7r4w/klVuF5ZGJwHZlNm/4p/Sds6zsyDFqfVxtbVPwHNBkduY0FvOIXMC8MWOZ7MOe12uuFdbJ5qUIbrcJ8DX/vCfuXEjZn8HaY= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718037735; c=relaxed/simple; bh=kOyQKqvT3Z+ID3zjeYJmanjnBaO0QBFUsSriS/X/r/Q=; h=Message-ID:From:To:Cc:Subject:Date; b=jjFPZ4bXA3hpW2NTwJddYiQwLPhUNTNuMQSZYHWeCiXrt7ulVTw/+5aFS319dsxmuemGdBjp8CQF6PNO6y1HO5QfhEZYV0NxBx+aK3+0geAsM/pwEHYh6hqZ9l757P5AGCSFJ7GgpRj6kJjpOQ51Xvw7HqrrK12CHEBXSJMuJ6k= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=3pYnDC9b; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=0nmL/j+H; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Message-ID: <20240610163452.591699700@linutronix.de> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1718037725; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc; bh=Y97X1hCIqC8tCID3Mbb1xLXKzP4tAr21aS9yht0Py/w=; b=3pYnDC9br0KkuibQGvUlMwdZvnUFL2/fAh7Eo/jQPtdYVKZbCDMwqZTog8GJp3IsO8GhCj 3j1xwIUQPPEhov7ATbOegR+LRjhV4zdLWFc4rjHbBId8N1TmtFilpA1D/5WgyB1pjLRXDW eHNujGnIVEi/agVAyJCl3A7N1Yvyb8p4sNTdnxBOQR78i7dw5ZW3+u3pitocux9wBZnWRg w7A48h5MQbfonznVWiHK8B/wwUOYBg3byXJaS1FmYEBcrDLMpApnh6JMP37cgdlbElCDbq 5L2O651JDc7wIUek3+A8KDFJAIEcc4uU97EOLEGhMDQdgD1KfwArCs+78Tpb3A== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1718037725; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc; bh=Y97X1hCIqC8tCID3Mbb1xLXKzP4tAr21aS9yht0Py/w=; b=0nmL/j+Hyx/bsgdEo7IgAqb16gMo25S+2MgW61pCf4pIW3hEdRQGuauxtLTrXdnLvxZg7x FJ1EEYRZ05Z0uPAA== From: Thomas Gleixner To: LKML Cc: Anna-Maria Behnsen , Frederic Weisbecker , John Stultz , Peter Zijlstra , Ingo Molnar , Stephen Boyd , Eric Biederman , Oleg Nesterov Subject: [patch V3 00/51] posix-timers: Cure inconsistencies and the SIG_IGN mess Date: Mon, 10 Jun 2024 18:42:05 +0200 (CEST) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: This is the third attempt of cleaning this up. Version 2 can be found here: https://lore.kernel.org/lkml/20240410164558.316665885@linutronix.de Last year I reread a 15 years old comment about the SIG_IGN problem: "FIXME: What we really want, is to stop this timer completely and restart it in case the SIG_IGN is removed. This is a non trivial change which involves sighand locking (sigh !), which we don't want to do late in the release cycle. ... A more complex fix which solves also another related inconsistency is already in the pipeline." The embarrasing part was that I put that comment in back then. So I went back and rumaged through old notes as I completely had forgotten why our attempts to fix this back then failed. It turned out that the comment is about right: sighand locking and life time issues. So I sat down with the old notes and started to wrap my head around this again. The problem to solve: Posix interval timers are not rearmed automatically by the kernel for various reasons: 1) To prevent DoS by extremly short intervals. 2) To avoid timer overhead when a signal is pending and has not yet been delivered. This is achieved by queueing the signal at timer expiry and rearming the timer at signal delivery to user space. This puts the rearming basically under scheduler control and the work happens in context of the task which asked for the signal. There is a problem with that vs. SIG_IGN. If a signal has SIG_IGN installed as handler the related signals are discarded. So in case of posix interval timers this means that such a timer is never rearmed even when SIG_IGN is replaced later with a real handler (including SIG_DFL). To work around that the kernel self rearms those timers and throttles them when the interval is smaller than a tick to prevent a DoS. That just keeps timers ticking, which obviously has effects on power and just creates work for nothing. So ideally these timers should be stopped and rearmed when SIG_IGN is replaced, which aligns with the regular handling of posix timers. Sounds trivial, but isn't: 1) Lock ordering. The timer lock cannot be taken with sighand lock held which is problematic vs. the atomicity of sigaction(). 2) Life time rules The timer and the sigqueue are separate entities which requires a lookup of the timer ID in the signal rearm code. This can be handled, but the separate life time rules are not necessarily robust. 3) Finding the relevant timers Obviosly it is possible to walk the posix timer list under sighand lock and handle it from there. That can be expensive especially in the case that there are no affected timers as the walk would just end up doing nothing. The following series is a new and this time actually working attempt to solve this. It addresses it by: 1) Embedding the preallocated sigqueue into struct k_itimer, which makes the life time rules way simpler and just needs a trivial reference count. 2) Having a separate list in task::signal on which ignored timers are queued. This avoids walking a potentially large timer list for nothing on a SIG_IGN to handler transition. 3) Requeueing the timers signal in the relevant signal queue so the timer is rearmed when the signal is actually delivered That turned out to be the least complicated way to address the sighand lock vs. timer lock ordering issue. With that timers which have their signal ignored are not longer self rearmed and the relevant workarounds including throttling for DoS prevention are removed. Aside of the SIG_IGN issues it also addresses a few inconsistencies in posix CPU timers and the general inconsistency of signal handling vs. disarmed, reprogrammed and deleted timers. To actually validate the fixes the posix timer self test has been expanded with tests which cover not only the simple SIG IGN case but also more complex scenarios which have never been handled correctly by the current self rearming work around. The series is based on: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git timers/urgent and is also available from git: git://git.kernel.org/pub/scm/linux/kernel/git/tglx/devel.git posixt-v3 Changes vs. V2: - Handle the SI_TIMER related issues correctly - Oleg - Addressed various minor review comments - Picked up Reviewed-by tags where appropriate Thanks, tglx --- arch/x86/kernel/signal_32.c | 2 arch/x86/kernel/signal_64.c | 2 drivers/power/supply/charger-manager.c | 3 fs/proc/base.c | 10 fs/signalfd.c | 4 fs/timerfd.c | 4 include/linux/alarmtimer.h | 10 include/linux/posix-timers.h | 69 ++- include/linux/sched/signal.h | 11 include/uapi/asm-generic/siginfo.h | 2 init/init_task.c | 5 kernel/fork.c | 3 kernel/signal.c | 496 +++++++++++++---------- kernel/time/alarmtimer.c | 82 --- kernel/time/itimer.c | 22 - kernel/time/posix-cpu-timers.c | 231 ++++------ kernel/time/posix-timers.c | 276 ++++++------- kernel/time/posix-timers.h | 9 net/netfilter/xt_IDLETIMER.c | 4 tools/testing/selftests/timers/posix_timers.c | 550 +++++++++++++++++++++----- 20 files changed, 1102 insertions(+), 693 deletions(-)