From: "Eric W. Biederman" <ebiederm@xmission.com>
To: Olivier Langlois <olivier@trillion01.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Heiko Carstens <hca@linux.ibm.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
"<linux-arch@vger.kernel.org>" <linux-arch@vger.kernel.org>,
Linux API <linux-api@vger.kernel.org>,
Alexey Gladkov <legion@kernel.org>, Kyle Huey <me@kylehuey.com>,
Oleg Nesterov <oleg@redhat.com>,
Kees Cook <keescook@chromium.org>,
Al Viro <viro@zeniv.linux.org.uk>, Jens Axboe <axboe@kernel.dk>,
Pavel Begunkov <asml.silence@gmail.com>
Subject: Re: [PATCH 1/8] signal: Make SIGKILL during coredumps an explicit special case
Date: Mon, 17 Jan 2022 10:09:28 -0600 [thread overview]
Message-ID: <87ee56e43r.fsf@email.froward.int.ebiederm.org> (raw)
In-Reply-To: <991211d94c6dc0ad3501cd9f830cdee916b982b3.camel@trillion01.com> (Olivier Langlois's message of "Sat, 15 Jan 2022 14:23:34 -0500")
Olivier Langlois <olivier@trillion01.com> writes:
> On Fri, 2022-01-14 at 18:12 -0600, Eric W. Biederman wrote:
>> Linus Torvalds <torvalds@linux-foundation.org> writes:
>>
>> > On Tue, Jan 11, 2022 at 10:51 AM Eric W. Biederman
>> > <ebiederm@xmission.com> wrote:
>> > >
>> > > + while ((n == -ERESTARTSYS) &&
>> > > test_thread_flag(TIF_NOTIFY_SIGNAL)) {
>> > > + tracehook_notify_signal();
>> > > + n = __kernel_write(file, addr, nr, &pos);
>> > > + }
>> >
>> > This reads horribly wrongly to me.
>> >
>> > That "tracehook_notify_signal()" thing *has* to be renamed before
>> > we
>> > have anything like this that otherwise looks like "this will just
>> > loop
>> > forever".
>> >
>> > I'm pretty sure we've discussed that "tracehook" thing before - the
>> > whole header file is misnamed, and most of the functions in theer
>> > are
>> > too.
>> >
>> > As an ugly alternative, open-code it, so that it's clear that "yup,
>> > that clears the TIF_NOTIFY_SIGNAL flag".
>>
>> A cleaner alternative looks like to modify the pipe code to use
>> wake_up_XXX instead of wake_up_interruptible_XXX and then have code
>> that does pipe_write_killable instead of pipe_write_interruptible.
>
> Do not forget that the problem might not be limited to the pipe FS as
> Oleg Nesterov pointed out here:
>
> https://lore.kernel.org/io-uring/20210614141032.GA13677@redhat.com/
>
> This is why I did like your patch fixing __dump_emit. If the only
> problem is the tracehook_notify_signal() function unclear name, that
> should be addressed instead of trying to fix the problem in a different
> way.
It might be that the fix is to run a portion of the exit_to_userspace
loop that does:
if (ti_work & (_TIF_SIGPENDING | _TIF_NOTIFY_SIGNAL))
handle_signal_work(regs, ti_work);
I am deep in brainstorm mode trying to find something that comes out
clean.
Oleg is right that while to be POSIX compliant and otherwise compatible
with traditional unix behavior sleeps in filesystems need to be
uninterruptible. NFS has not always provided that compatibility.
>> There is also a question of how all of this should interact with the
>> freezer, as I think changing from interruptible to killable means
>> that
>> the coredumps became unfreezable.
>>
>> I am busily simmering this on my back burner and I hope I can come up
>> with something sensible.
>
> IMHO, fixing the problem on the emit function side has the merit of
> being future proof if something else than io_uring in the future would
> raise the TIF_NOTIFY_SIGNAL flag
>
> but I am wondering why no one commented anything about my proposal of
> cancelling io_uring before generating the core dump therefore stopping
> it to flip TIF_NOTIFY_SIGNAL while the core dump is generated.
>
> Is there something wrong with my proposed approach?
> https://lore.kernel.org/lkml/cover.1629655338.git.olivier@trillion01.com/
>
> It did flawlessly created many dozens of io_uring app core dumps in the
> last months for me...
From my perspective I am not at all convinced that io_uring is the only
culprit.
Beyond that the purpose of a coredump is to snapshot the process as it
is, before anything is shutdown so that someone can examine the coredump
and figure out what failed. Running around changing the state of the
process has a very real chance of hiding what is going wrong.
Further your change requires that there be a place for io_uring to clean
things up. Given that fundamentally that seems like the wrong thing to
me I am not interested in making it easy to what looks like the wrong
thing.
All of this may be perfection being the enemy of the good (especially as
your io_uring magic happens as a special case in do_coredump). My work
in this area is to remove hacks so I can be convinced the code works
100% of the time so unfortunately I am not interested in pick up a
change that is only good enough. Someone else like Andrew Morton might
be.
None of that changes the fact that tracehook_notify_signal needs to be
renamed. That effects your approach and my proof of concept approach.
So renaming tracehook_notify_signal just needs to be done.
Eric
next prev parent reply other threads:[~2022-01-17 16:09 UTC|newest]
Thread overview: 137+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-08 20:17 [PATCH 00/10] Removal of most do_exit calls Eric W. Biederman
2021-12-08 20:25 ` [PATCH 01/10] exit/s390: Remove dead reference to do_exit from copy_thread Eric W. Biederman
2021-12-12 17:48 ` Heiko Carstens
2021-12-13 14:50 ` Eric W. Biederman
2022-01-05 4:25 ` Al Viro
2021-12-08 20:25 ` [PATCH 02/10] exit: Add and use make_task_dead Eric W. Biederman
2022-01-05 5:01 ` Al Viro
2022-01-05 20:46 ` Eric W. Biederman
2022-01-05 21:53 ` Al Viro
2022-01-05 22:51 ` Linus Torvalds
2022-01-05 23:34 ` Al Viro
2021-12-08 20:25 ` [PATCH 03/10] exit: Move oops specific logic from do_exit into make_task_dead Eric W. Biederman
2022-01-05 5:48 ` Al Viro
2022-01-06 7:08 ` Al Viro
2022-01-07 3:42 ` Al Viro
2022-01-07 19:02 ` Eric W. Biederman
2022-01-07 18:59 ` Eric W. Biederman
2022-01-17 8:05 ` Christoph Hellwig
2022-01-17 12:15 ` Heiko Carstens
2022-01-17 13:17 ` Christoph Hellwig
2022-01-17 13:24 ` Arnd Bergmann
2022-01-17 13:27 ` [PATCH] microblaze: remove CONFIG_SET_FS Arnd Bergmann
2022-02-09 13:50 ` Michal Simek
2022-02-09 13:52 ` Christoph Hellwig
2022-02-09 14:03 ` Michal Simek
2022-02-09 14:40 ` Arnd Bergmann
2022-02-09 14:44 ` Michal Simek
2022-02-09 14:54 ` Arnd Bergmann
2022-02-09 23:31 ` Stafford Horne
2022-02-11 0:17 ` Stafford Horne
2022-02-11 16:59 ` Arnd Bergmann
2022-02-11 17:46 ` Linus Torvalds
2022-02-11 20:57 ` Arnd Bergmann
2022-02-11 21:10 ` Eric W. Biederman
2022-02-11 22:21 ` Stafford Horne
2022-02-14 7:41 ` Christoph Hellwig
2022-02-14 7:50 ` Christoph Hellwig
2022-02-14 16:20 ` Arnd Bergmann
2021-12-08 20:25 ` [PATCH 04/10] exit: Stop poorly open coding do_task_dead in make_task_dead Eric W. Biederman
2022-01-05 5:58 ` Al Viro
2022-01-05 22:33 ` Eric W. Biederman
2021-12-08 20:25 ` [PATCH 05/10] exit: Stop exporting do_exit Eric W. Biederman
2022-01-05 6:02 ` Al Viro
2022-01-05 22:36 ` Eric W. Biederman
2021-12-08 20:25 ` [PATCH 06/10] exit: Implement kthread_exit Eric W. Biederman
2022-01-07 2:27 ` Al Viro
2022-01-08 18:35 ` Eric W. Biederman
2022-01-08 22:44 ` David Laight
2022-01-10 15:00 ` Eric W. Biederman
2022-01-09 3:27 ` Al Viro
2022-01-10 15:05 ` Eric W. Biederman
2021-12-08 20:25 ` [PATCH 07/10] exit: Rename module_put_and_exit to module_put_and_kthread_exit Eric W. Biederman
2021-12-08 20:25 ` [PATCH 08/10] exit: Rename complete_and_exit to kthread_complete_and_exit Eric W. Biederman
2021-12-08 20:25 ` [PATCH 09/10] kthread: Ensure struct kthread is present for all kthreads Eric W. Biederman
2021-12-22 18:19 ` Nathan Chancellor
2021-12-22 18:30 ` Eric W. Biederman
2021-12-22 18:46 ` Nathan Chancellor
2021-12-22 23:22 ` Eric W. Biederman
2021-12-23 0:37 ` Nathan Chancellor
2021-12-23 1:44 ` Linus Torvalds
2021-12-23 3:34 ` Eric W. Biederman
2021-12-23 5:19 ` [PATCH] kthread: Generalize pf_io_worker so it can point to struct kthread Eric W. Biederman
2021-12-23 17:20 ` Linus Torvalds
2022-01-07 3:59 ` [PATCH 09/10] kthread: Ensure struct kthread is present for all kthreads Al Viro
2022-01-08 18:20 ` Eric W. Biederman
2021-12-08 20:25 ` [PATCH 10/10] exit/kthread: Move the exit code for kernel threads into struct kthread Eric W. Biederman
2022-01-07 3:22 ` Al Viro
2021-12-13 22:50 ` [PATCH 0/8] signal: Cleanup of the signal->flags Eric W. Biederman
2022-01-03 21:30 ` [PATCH 00/17] exit: Making task exiting a first class concept Eric W. Biederman
2022-01-03 21:32 ` [PATCH 01/17] exit: Remove profile_task_exit & profile_munmap Eric W. Biederman
2022-01-04 7:38 ` Christoph Hellwig
2022-01-07 3:48 ` Al Viro
2022-01-08 16:10 ` Eric W. Biederman
2022-01-03 21:32 ` [PATCH 02/17] exit: Coredumps reach do_group_exit Eric W. Biederman
2022-01-03 21:32 ` [PATCH 03/17] exit: Fix the exit_code for wait_task_zombie Eric W. Biederman
2022-01-03 21:32 ` [PATCH 04/17] exit: Use the correct exit_code in /proc/<pid>/stat Eric W. Biederman
2022-01-03 21:33 ` [PATCH 05/17] taskstats: Cleanup the use of task->exit_code Eric W. Biederman
2022-01-03 21:33 ` [PATCH 06/17] ptrace: Remove second setting of PT_SEIZED in ptrace_attach Eric W. Biederman
2022-01-03 21:33 ` [PATCH 07/17] ptrace: Remove unused regs argument from ptrace_report_syscall Eric W. Biederman
2022-01-03 21:33 ` [PATCH 08/17] ptrace/m68k: Stop open coding ptrace_report_syscall Eric W. Biederman
2022-01-10 15:26 ` Geert Uytterhoeven
2022-01-10 16:20 ` Al Viro
2022-01-10 16:25 ` Al Viro
2022-01-10 17:54 ` Geert Uytterhoeven
2022-01-10 20:37 ` Al Viro
2022-01-10 21:18 ` Eric W. Biederman
2022-01-11 1:33 ` Michael Schmitz
2022-01-11 22:42 ` Finn Thain
2022-01-12 0:20 ` Michael Schmitz
2022-01-12 3:32 ` Finn Thain
2022-01-12 7:54 ` Michael Schmitz
2022-01-12 7:55 ` Geert Uytterhoeven
2022-01-12 8:05 ` Michael Schmitz
2022-01-03 21:33 ` [PATCH 09/17] ptrace: Move setting/clearing ptrace_message into ptrace_stop Eric W. Biederman
2022-01-03 21:33 ` [PATCH 10/17] ptrace: Return the signal to continue with from ptrace_stop Eric W. Biederman
2022-01-03 21:33 ` [PATCH 11/17] ptrace: Separate task->ptrace_code out from task->exit_code Eric W. Biederman
2022-01-03 21:33 ` [PATCH 12/17] signal: Compute the process exit_code in get_signal Eric W. Biederman
2022-01-03 21:33 ` [PATCH 13/17] signal: Make individual tasks exiting a first class concept Eric W. Biederman
2022-01-03 21:33 ` [PATCH 14/17] signal: Remove zap_other_threads Eric W. Biederman
2022-01-03 21:33 ` [PATCH 15/17] signal: Add JOBCTL_WILL_EXIT to mark exiting tasks Eric W. Biederman
2022-01-03 21:33 ` [PATCH 16/17] signal: Record the exit_code when an exit is scheduled Eric W. Biederman
2022-01-03 21:33 ` [PATCH 17/17] signal: Always set SIGNAL_GROUP_EXIT on process exit Eric W. Biederman
2022-03-09 0:15 ` [PATCH 00/13] Removing tracehook.h Eric W. Biederman
2022-03-09 20:58 ` Linus Torvalds
2021-12-13 22:53 ` [PATCH 1/8] signal: Make SIGKILL during coredumps an explicit special case Eric W. Biederman
2022-01-04 6:30 ` Dmitry Osipenko
2022-01-04 16:18 ` Eric W. Biederman
2022-01-05 19:58 ` Eric W. Biederman
2022-01-05 21:39 ` Dmitry Osipenko
2022-01-08 18:13 ` Eric W. Biederman
2022-01-08 18:15 ` [PATCH 1/2] signal: Have prepare_signal detect coredumps using signal->core_state Eric W. Biederman
2022-01-08 18:15 ` [PATCH 2/2] signal: Make coredump handling explicit in complete_signal Eric W. Biederman
2022-01-11 8:59 ` [PATCH 1/8] signal: Make SIGKILL during coredumps an explicit special case Dmitry Osipenko
2022-01-11 17:20 ` Eric W. Biederman
2022-01-18 17:30 ` Dmitry Osipenko
2022-01-18 17:52 ` Eric W. Biederman
2022-01-18 18:01 ` Dmitry Osipenko
2022-01-04 18:44 ` Linus Torvalds
2022-01-04 19:47 ` Eric W. Biederman
2022-01-08 19:13 ` Heiko Carstens
[not found] ` <87ilurwjju.fsf@email.froward.int.ebiederm.org>
[not found] ` <87o84juwhg.fsf@email.froward.int.ebiederm.org>
2022-01-10 23:00 ` Olivier Langlois
2022-01-11 17:28 ` Eric W. Biederman
2022-01-11 18:51 ` Eric W. Biederman
2022-01-11 19:19 ` Linus Torvalds
2022-01-15 0:12 ` Eric W. Biederman
2022-01-15 19:23 ` Olivier Langlois
2022-01-17 16:09 ` Eric W. Biederman [this message]
2022-01-17 18:46 ` io_uring truncating coredumps Eric W. Biederman
2022-01-18 4:23 ` Linus Torvalds
2022-01-26 15:06 ` [PATCH 1/8] signal: Make SIGKILL during coredumps an explicit special case Olivier Langlois
2021-12-13 22:53 ` [PATCH 2/8] signal: Drop signals received after a fatal signal has been processed Eric W. Biederman
2021-12-13 22:53 ` [PATCH 3/8] signal: Have the oom killer detect coredumps using signal->core_state Eric W. Biederman
2021-12-13 22:53 ` [PATCH 4/8] signal: During coredumps set SIGNAL_GROUP_EXIT in zap_process Eric W. Biederman
2021-12-13 22:53 ` [PATCH 5/8] signal: Remove SIGNAL_GROUP_COREDUMP Eric W. Biederman
2021-12-13 22:53 ` [PATCH 6/8] coredump: Stop setting signal->group_exit_task Eric W. Biederman
2021-12-13 22:53 ` [PATCH 7/8] signal: Rename group_exit_task group_exec_task Eric W. Biederman
2021-12-13 22:53 ` [PATCH 8/8] signal: Remove the helper signal_group_exit Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ee56e43r.fsf@email.froward.int.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=asml.silence@gmail.com \
--cc=axboe@kernel.dk \
--cc=hca@linux.ibm.com \
--cc=keescook@chromium.org \
--cc=legion@kernel.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=me@kylehuey.com \
--cc=oleg@redhat.com \
--cc=olivier@trillion01.com \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).