Re: [RFC][PATCH 11/11] signal: Ignore all but multi-process signals that come in during fork.

Wed, 11 Jul 2018 07:15:22 -0700 

On 07/10, Eric W. Biederman wrote:
>
> @@ -1602,6 +1603,20 @@ static __latent_entropy struct task_struct 
> *copy_process(
>  {
>       int retval;
>       struct task_struct *p;
> +     unsigned seq;
> +
> +     /*
> +      * Signals that are delivered to multiple processes need to be
> +      * delivered to just the parent before the fork or both the
> +      * parent and the child after the fork.  Cache the multiple
> +      * process signal sequence number so we can detect any of
> +      * these signals that happen during the fork.  In the unlikely
> +      * event a signal comes in while fork is starting and restart
> +      * fork to handle the signal.
> +      */
> +     seq = read_seqcount_begin(&current->signal->multi_process_seq);
> +     if (signal_pending(current))
> +             return ERR_PTR(-ERESTARTNOINTR);
>
>       /*
>        * Don't allow sharing the root directory with processes in a different
> @@ -1930,8 +1945,8 @@ static __latent_entropy struct task_struct 
> *copy_process(
>        * A fatal signal pending means that current will exit, so the new
>        * thread can't slip out of an OOM kill (or normal SIGKILL).
>       */
> -     recalc_sigpending();
> -     if (signal_pending(current)) {
> +     if (read_seqcount_retry(&current->signal->multi_process_seq, seq) ||
> +         fatal_signal_pending(current)) {
>               retval = -ERESTARTNOINTR;
>               goto bad_fork_cancel_cgroup;

So once again, I think this is not right, see the discussion on bugzilla.

If signal_pending() == T we simply can't know if copy_process() can succeed or 
not.
I have already mentioned the races with stop/freeze, but I think there are more.

And in fact I think that the fact that signal_wake_up() helps to avoid the races
with fork() is useful. Say, we could add signal_wake_up() into syscall_regfunc()
and kill syscall_tracepoint_update(). Not that I think this particular change 
makes
any sense, but it can work.



That is why I tried to sugest another approach. copy_process() should always 
fail
if signal_pending() == T, just the "real" signal should not disturb the forking
thread unless the signal is fatal or multi-process.

This also makes another difference in multi-threaded case, a signal with a 
handler
sent to a forking process will be re-targeted to another thread which can 
handle it;
with your patch this signal will be "blocked" until fork() finishes or until 
another
thread gets TIF_SIGPENDING. Not that I think this is that important, but still.

Oleg.

Reply via email to