From: Oleg Nesterov <oleg@redhat.com>
To: Al Viro <viro@ZenIV.linux.org.uk>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [RFC] TIF_NOTIFY_RESUME, arch/*/*/*signal*.c and all such
Date: Sun, 29 Apr 2012 18:18:18 +0200 [thread overview]
Message-ID: <20120429161818.GA15792@redhat.com> (raw)
In-Reply-To: <20120428024208.GS6871@ZenIV.linux.org.uk>
First of all, let me repeat I am useless when it comes to the low-level
or asm code. I can be easily wrong, and I am going to ask the questions.
On 04/28, Al Viro wrote:
>
> It's actually worse than I thought - we can't just lift that check
> to do_notify_resume() and be done with that. Suppose do_signal() does
> get called on e.g. i386 or arm with !user_mode(regs). What'll happen next?
>
> We have TIF_SIGPENDING set in thread flags - otherwise we wouldn't get
> there at all. OK, do_signal() doesn't do anything and returns. So does
> do_notify_resume(). And we are back into the loop in asm glue, rereading
> the thread flags (still unchanged), checking if anything is to be done
> (yes, it is - TIF_SIGPENDING is still set), calling do_notify_resume(),
> ad infinitum.
>
> Lifting the check into do_notify_resume() will not help at all, obviously.
>
> AFAICS we can get hit by that.
Please look at 29a2e2836ff9ea65a603c89df217f4198973a74f
x86-32: Fix endless loop when processing signals for kernel tasks
> At least i386, arm and mips have
> ret_from_fork going straight to "return from syscall" path, no checks for
> return to user mode done. And process created by kernel_thread() will
> go there.
Looks like, the patch above fixes that.
But, we call do_notify_resume() first, it would be nice to avoid this
and remove the user_mode() check in do_signal() or lift into
do_notify_resume().
> It's a narrow race, but AFAICS it's not impossible to hit -
> guess the PID of kernel thread to be launched, send it a signal and hit
> the moment before it gets to executing the payload.
Yes. But note that the kernel threads run with all signals ignored.
This is still possible, but a kernel thread should do allow_signal()
and then call kernel_thread() (not kthread_create).
Question. So far I know that on x86 do_notify_resume() && !user_mode()
is only possible on 32bit system, and the possible callers are
ret_from_fork or kernel_execve (if it fails).
Plus, perhaps CONFIG_VM86 makes a difference?
Could you please clarify?
Oleg.
next prev parent reply other threads:[~2012-04-29 16:19 UTC|newest]
Thread overview: 105+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-18 13:04 [PULL REQUEST] : ima-appraisal patches Mimi Zohar
2012-04-18 15:02 ` James Morris
2012-04-18 18:07 ` Mimi Zohar
2012-04-18 18:39 ` Al Viro
2012-04-18 20:56 ` Mimi Zohar
2012-04-19 19:57 ` Mimi Zohar
2012-04-20 0:43 ` [RFC] situation with fput() locking (was Re: [PULL REQUEST] : ima-appraisal patches) Al Viro
2012-04-20 2:31 ` Linus Torvalds
2012-04-20 2:31 ` Linus Torvalds
2012-04-20 2:54 ` Al Viro
2012-04-20 2:58 ` Linus Torvalds
2012-04-20 2:58 ` Linus Torvalds
2012-04-20 8:09 ` Al Viro
2012-04-20 15:56 ` Linus Torvalds
2012-04-20 15:56 ` Linus Torvalds
2012-04-20 16:08 ` Al Viro
2012-04-20 16:42 ` Al Viro
2012-04-20 17:21 ` Linus Torvalds
2012-04-20 17:21 ` Linus Torvalds
2012-04-20 18:07 ` Al Viro
2012-04-23 18:01 ` [RFC] TIF_NOTIFY_RESUME, arch/*/*/*signal*.c and all such Al Viro
2012-04-23 18:37 ` Oleg Nesterov
2012-04-24 7:26 ` Al Viro
2012-04-25 3:06 ` Al Viro
2012-04-25 12:37 ` Oleg Nesterov
2012-04-25 12:50 ` Al Viro
2012-04-25 13:03 ` Oleg Nesterov
2012-04-25 13:32 ` Oleg Nesterov
2012-04-25 13:32 ` Al Viro
2012-04-25 14:52 ` Oleg Nesterov
2012-04-25 15:46 ` Oleg Nesterov
2012-04-25 16:10 ` Al Viro
2012-04-25 17:02 ` Oleg Nesterov
2012-04-25 17:51 ` Al Viro
2012-04-26 7:15 ` Martin Schwidefsky
2012-04-26 7:25 ` David Miller
2012-04-26 13:52 ` Oleg Nesterov
2012-04-26 14:31 ` Martin Schwidefsky
2012-04-26 13:22 ` Oleg Nesterov
2012-04-26 18:37 ` Oleg Nesterov
2012-04-26 23:19 ` Al Viro
2012-04-27 17:24 ` Oleg Nesterov
2012-04-27 17:54 ` Oleg Nesterov
2012-05-02 10:37 ` Matt Fleming
2012-05-02 14:14 ` Al Viro
2012-04-27 18:45 ` Al Viro
2012-04-27 19:14 ` Geert Uytterhoeven
2012-04-27 19:34 ` Al Viro
2012-04-29 22:51 ` Al Viro
2012-04-30 6:39 ` Greg Ungerer
2012-04-30 6:39 ` Greg Ungerer
2012-04-27 19:42 ` Al Viro
2012-04-27 20:20 ` Roland McGrath
2012-04-27 21:12 ` Al Viro
2012-04-27 21:27 ` Roland McGrath
2012-04-27 23:15 ` Al Viro
2012-04-27 23:32 ` Al Viro
2012-04-29 4:12 ` Al Viro
2012-04-30 8:06 ` Martin Schwidefsky
2012-04-27 23:50 ` Al Viro
2012-04-28 18:51 ` [PATCH] arch/tile: avoid calling do_signal() after fork from a kernel thread Chris Metcalf
2012-04-28 18:51 ` Chris Metcalf
2012-04-28 20:55 ` Al Viro
2012-04-28 21:46 ` Chris Metcalf
2012-04-28 21:46 ` Chris Metcalf
2012-04-29 0:55 ` Al Viro
2012-04-28 18:51 ` [PATCH v2] arch/tile: fix up some issues in calling do_work_pending() Chris Metcalf
2012-04-28 18:51 ` Chris Metcalf
2012-04-29 3:49 ` [PATCH] arch/tile: avoid calling do_signal() after fork from a kernel thread Chris Metcalf
2012-04-29 3:49 ` Chris Metcalf
2012-04-28 2:42 ` [RFC] TIF_NOTIFY_RESUME, arch/*/*/*signal*.c and all such Al Viro
2012-04-28 3:32 ` Al Viro
2012-04-28 3:36 ` Al Viro
2012-04-29 16:33 ` Oleg Nesterov
2012-04-29 16:18 ` Oleg Nesterov [this message]
2012-04-29 18:05 ` Al Viro
2012-05-01 4:31 ` Al Viro
2012-05-01 5:06 ` Mike Frysinger
2012-05-01 5:52 ` Al Viro
2012-05-02 17:24 ` Al Viro
2012-05-02 18:30 ` Oleg Nesterov
2012-04-29 16:41 ` Oleg Nesterov
2012-04-29 18:09 ` Al Viro
2012-04-29 18:25 ` Oleg Nesterov
2012-04-20 3:15 ` [RFC] situation with fput() locking (was Re: [PULL REQUEST] : ima-appraisal patches) Al Viro
2012-04-20 18:54 ` Hugh Dickins
2012-04-20 19:04 ` Al Viro
2012-04-20 19:18 ` Linus Torvalds
2012-04-20 19:32 ` Hugh Dickins
2012-04-20 19:58 ` Al Viro
2012-04-20 21:12 ` Linus Torvalds
2012-04-20 21:12 ` Linus Torvalds
2012-04-20 22:13 ` Al Viro
2012-04-20 22:35 ` Linus Torvalds
2012-04-20 22:35 ` Linus Torvalds
2012-04-27 7:35 ` Kasatkin, Dmitry
2012-04-27 17:34 ` Al Viro
2012-04-27 18:52 ` Kasatkin, Dmitry
2012-04-27 18:52 ` Kasatkin, Dmitry
2012-04-27 19:15 ` Kasatkin, Dmitry
2012-04-30 14:32 ` Mimi Zohar
2012-04-30 14:32 ` Mimi Zohar
2012-05-03 4:23 ` James Morris
2012-05-03 4:23 ` James Morris
2012-04-20 19:37 ` Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120429161818.GA15792@redhat.com \
--to=oleg@redhat.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.