From: Josh Triplett <josh@joshtriplett.org>
To: Oleg Nesterov <oleg@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>,
Andrew Morton <akpm@linux-foundation.org>,
Andy Lutomirski <luto@amacapital.net>,
Ingo Molnar <mingo@redhat.com>, Kees Cook <keescook@chromium.org>,
"Paul E. McKenney" <paulmck@linux.vnet.ibm.com>,
"H. Peter Anvin" <hpa@zytor.com>, Rik van Riel <riel@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>,
Thiago Macieira <thiago.macieira@intel.com>,
Michael Kerrisk <mtk.manpages@gmail.com>,
linux-kernel@vger.kernel.org, linux-api@vger.kernel.org,
linux-fsdevel@vger.kernel.org, x86@kernel.org
Subject: Re: [PATCH 6/6] clone4: Introduce new CLONE_FD flag to get task exit notification via fd
Date: Sat, 14 Mar 2015 12:48:17 -0700 [thread overview]
Message-ID: <20150314194817.GF22130@thin> (raw)
In-Reply-To: <20150314192456.GA8707@redhat.com>
On Sat, Mar 14, 2015 at 08:24:56PM +0100, Oleg Nesterov wrote:
> On 03/14, Josh Triplett wrote:
> >
> > On Sat, Mar 14, 2015 at 03:35:58PM +0100, Oleg Nesterov wrote:
> > > On 03/12, Josh Triplett wrote:
> > > >
> > > > @@ -598,7 +600,9 @@ static void exit_notify(struct task_struct *tsk, int group_dead)
> > > > if (group_dead)
> > > > kill_orphaned_pgrp(tsk->group_leader, NULL);
> > > >
> > > > - if (unlikely(tsk->ptrace)) {
> > > > + if (tsk->autoreap) {
> > > > + autoreap = true;
> > > > + } else if (unlikely(tsk->ptrace)) {
> > > > int sig = thread_group_leader(tsk) &&
> > > > thread_group_empty(tsk) &&
> > > > !ptrace_reparented(tsk) ?
> > > > @@ -612,8 +616,10 @@ static void exit_notify(struct task_struct *tsk, int group_dead)
> > > > }
> > > >
> > > > tsk->exit_state = autoreap ? EXIT_DEAD : EXIT_ZOMBIE;
> > > > - if (tsk->exit_state == EXIT_DEAD)
> > > > + if (tsk->exit_state == EXIT_DEAD) {
> > > > list_add(&tsk->ptrace_entry, &dead);
> > > > + clonefd_do_notify(tsk);
> > > > + }
> > >
> > > And even ignoring semantics issues, this change looks simply buggy anyway ;)
> > >
> > > How can we do list_add(&tsk->ptrace_entry) if it is traced by _another_ task?
> > > ->ptrace_entry is used by debugger.
> >
> > That list_add was there before; I didn't change that.
>
> But this doesn't matter,
>
> > I just added a
> > second line inside the EXIT_DEAD case, to call clonefd_do_notify (which
> > wakes up potential callers of poll/read).
>
> No. Please read this code before and after your patch. You also added
>
> if (tsk->autoreap)
> autoreap = true;
>
> at the start. At this can trigger the _wrong_ list_add(&tsk->ptrace_entry),
> when the task is traced by another thread.
>
> The current code can only use ->ptrace_entry if it was untraced (by us).
Ugh. I finally realized just how magic the logic is there; thanks for
catching this. The call to forget_original_parent at the top of
exit_notify can potentially add the process to the list "dead" here,
either in exit_ptrace() or in reparent_leader() (the latter of which has
its own duplicate of part of exit_notify's logic, including
do_notify_parent and setting exit_state). Then exit_notify can add the
task to "dead" itself under some conditions that clearly depend on the
exact nature of the existing three-way conditional above. And finally
exit_notify loops over "dead" and releases all the tasks there.
I'll investigate this further and make sure the ptrace case gets
handled correctly.
- Josh Triplett
WARNING: multiple messages have this Message-ID (diff)
From: Josh Triplett <josh-iaAMLnmF4UmaiuxdJuQwMA@public.gmane.org>
To: Oleg Nesterov <oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Cc: Al Viro <viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org>,
Andrew Morton
<akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>,
Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>,
Ingo Molnar <mingo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Kees Cook <keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>,
"Paul E. McKenney"
<paulmck-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>,
"H. Peter Anvin" <hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>,
Rik van Riel <riel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Thomas Gleixner <tglx-hfZtesqFncYOwBW4kG4KsQ@public.gmane.org>,
Thiago Macieira
<thiago.macieira-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
Michael Kerrisk
<mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
x86-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org
Subject: Re: [PATCH 6/6] clone4: Introduce new CLONE_FD flag to get task exit notification via fd
Date: Sat, 14 Mar 2015 12:48:17 -0700 [thread overview]
Message-ID: <20150314194817.GF22130@thin> (raw)
In-Reply-To: <20150314192456.GA8707-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
On Sat, Mar 14, 2015 at 08:24:56PM +0100, Oleg Nesterov wrote:
> On 03/14, Josh Triplett wrote:
> >
> > On Sat, Mar 14, 2015 at 03:35:58PM +0100, Oleg Nesterov wrote:
> > > On 03/12, Josh Triplett wrote:
> > > >
> > > > @@ -598,7 +600,9 @@ static void exit_notify(struct task_struct *tsk, int group_dead)
> > > > if (group_dead)
> > > > kill_orphaned_pgrp(tsk->group_leader, NULL);
> > > >
> > > > - if (unlikely(tsk->ptrace)) {
> > > > + if (tsk->autoreap) {
> > > > + autoreap = true;
> > > > + } else if (unlikely(tsk->ptrace)) {
> > > > int sig = thread_group_leader(tsk) &&
> > > > thread_group_empty(tsk) &&
> > > > !ptrace_reparented(tsk) ?
> > > > @@ -612,8 +616,10 @@ static void exit_notify(struct task_struct *tsk, int group_dead)
> > > > }
> > > >
> > > > tsk->exit_state = autoreap ? EXIT_DEAD : EXIT_ZOMBIE;
> > > > - if (tsk->exit_state == EXIT_DEAD)
> > > > + if (tsk->exit_state == EXIT_DEAD) {
> > > > list_add(&tsk->ptrace_entry, &dead);
> > > > + clonefd_do_notify(tsk);
> > > > + }
> > >
> > > And even ignoring semantics issues, this change looks simply buggy anyway ;)
> > >
> > > How can we do list_add(&tsk->ptrace_entry) if it is traced by _another_ task?
> > > ->ptrace_entry is used by debugger.
> >
> > That list_add was there before; I didn't change that.
>
> But this doesn't matter,
>
> > I just added a
> > second line inside the EXIT_DEAD case, to call clonefd_do_notify (which
> > wakes up potential callers of poll/read).
>
> No. Please read this code before and after your patch. You also added
>
> if (tsk->autoreap)
> autoreap = true;
>
> at the start. At this can trigger the _wrong_ list_add(&tsk->ptrace_entry),
> when the task is traced by another thread.
>
> The current code can only use ->ptrace_entry if it was untraced (by us).
Ugh. I finally realized just how magic the logic is there; thanks for
catching this. The call to forget_original_parent at the top of
exit_notify can potentially add the process to the list "dead" here,
either in exit_ptrace() or in reparent_leader() (the latter of which has
its own duplicate of part of exit_notify's logic, including
do_notify_parent and setting exit_state). Then exit_notify can add the
task to "dead" itself under some conditions that clearly depend on the
exact nature of the existing three-way conditional above. And finally
exit_notify loops over "dead" and releases all the tasks there.
I'll investigate this further and make sure the ptrace case gets
handled correctly.
- Josh Triplett
next prev parent reply other threads:[~2015-03-14 19:48 UTC|newest]
Thread overview: 83+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-13 1:40 [PATCH 0/6] CLONE_FD: Task exit notification via file descriptor Josh Triplett
2015-03-13 1:40 ` Josh Triplett
2015-03-13 1:40 ` [PATCH 1/6] clone: Support passing tls argument via C rather than pt_regs magic Josh Triplett
2015-03-13 1:40 ` [PATCH 2/6] x86: Opt into HAVE_COPY_THREAD_TLS, for both 32-bit and 64-bit Josh Triplett
2015-03-13 1:40 ` Josh Triplett
2015-03-13 22:01 ` Andy Lutomirski
2015-03-13 22:01 ` Andy Lutomirski
2015-03-13 22:31 ` josh
2015-03-13 22:38 ` Andy Lutomirski
2015-03-13 22:43 ` josh
2015-03-13 22:43 ` josh-iaAMLnmF4UmaiuxdJuQwMA
2015-03-13 22:45 ` Andy Lutomirski
2015-03-13 22:45 ` Andy Lutomirski
2015-03-13 23:01 ` josh
2015-03-13 23:01 ` josh-iaAMLnmF4UmaiuxdJuQwMA
2015-03-13 1:40 ` [PATCH 3/6] Introduce a new clone4 syscall with more flag bits and extensible arguments Josh Triplett
2015-03-13 1:40 ` [PATCH 4/6] signal: Factor out a helper function to process task_struct exit_code Josh Triplett
2015-03-13 1:40 ` [PATCH 5/6] fs: Make alloc_fd non-private Josh Triplett
2015-03-13 1:40 ` Josh Triplett
2015-03-13 1:41 ` [PATCH 6/6] clone4: Introduce new CLONE_FD flag to get task exit notification via fd Josh Triplett
2015-03-13 16:21 ` Oleg Nesterov
2015-03-13 19:57 ` josh
2015-03-13 21:34 ` Andy Lutomirski
2015-03-13 21:34 ` Andy Lutomirski
2015-03-13 22:20 ` josh
2015-03-13 22:28 ` Andy Lutomirski
2015-03-13 22:28 ` Andy Lutomirski
2015-03-13 22:34 ` josh
2015-03-13 22:34 ` josh-iaAMLnmF4UmaiuxdJuQwMA
2015-03-13 22:38 ` Andy Lutomirski
2015-03-14 14:14 ` Oleg Nesterov
2015-03-14 14:14 ` Oleg Nesterov
2015-03-14 14:32 ` Oleg Nesterov
2015-03-14 14:32 ` Oleg Nesterov
2015-03-14 18:38 ` Thiago Macieira
2015-03-14 18:54 ` Oleg Nesterov
2015-03-14 22:03 ` Josh Triplett
2015-03-14 22:03 ` Josh Triplett
2015-03-14 22:26 ` Thiago Macieira
2015-03-14 19:01 ` Josh Triplett
2015-03-14 19:18 ` Oleg Nesterov
2015-03-14 19:18 ` Oleg Nesterov
2015-03-14 19:47 ` Oleg Nesterov
2015-03-14 19:47 ` Oleg Nesterov
2015-03-14 20:14 ` Josh Triplett
2015-03-14 20:14 ` Josh Triplett
2015-03-14 20:30 ` Oleg Nesterov
2015-03-14 22:14 ` Josh Triplett
2015-03-14 22:14 ` Josh Triplett
2015-03-14 20:03 ` Josh Triplett
2015-03-14 20:03 ` Josh Triplett
2015-03-14 20:20 ` Oleg Nesterov
2015-03-14 22:09 ` Josh Triplett
2015-03-14 14:35 ` Oleg Nesterov
2015-03-14 14:35 ` Oleg Nesterov
2015-03-14 19:15 ` Josh Triplett
2015-03-14 19:15 ` Josh Triplett
2015-03-14 19:24 ` Oleg Nesterov
2015-03-14 19:48 ` Josh Triplett [this message]
2015-03-14 19:48 ` Josh Triplett
2015-03-13 1:41 ` [PATCH] clone4.2: New manpage documenting clone4(2) Josh Triplett
2015-03-13 2:07 ` [PATCH 0/6] CLONE_FD: Task exit notification via file descriptor Thiago Macieira
2015-03-13 2:07 ` Thiago Macieira
2015-03-13 16:05 ` David Drysdale
2015-03-13 16:05 ` David Drysdale
2015-03-13 19:42 ` Josh Triplett
2015-03-13 21:16 ` Thiago Macieira
2015-03-13 21:44 ` josh
2015-03-13 21:33 ` Andy Lutomirski
2015-03-13 21:45 ` josh
2015-03-13 21:45 ` josh-iaAMLnmF4UmaiuxdJuQwMA
2015-03-13 21:51 ` Andy Lutomirski
2015-03-13 21:51 ` Andy Lutomirski
2015-03-14 1:11 ` Thiago Macieira
2015-03-14 1:11 ` Thiago Macieira
2015-03-14 19:03 ` Thiago Macieira
2015-03-14 19:29 ` Josh Triplett
2015-03-14 19:29 ` Josh Triplett
2015-03-15 10:18 ` David Drysdale
2015-03-15 10:18 ` David Drysdale
2015-03-15 10:59 ` Josh Triplett
2015-03-15 8:55 ` David Drysdale
2015-03-15 8:55 ` David Drysdale
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150314194817.GF22130@thin \
--to=josh@joshtriplett.org \
--cc=akpm@linux-foundation.org \
--cc=hpa@zytor.com \
--cc=keescook@chromium.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mingo@redhat.com \
--cc=mtk.manpages@gmail.com \
--cc=oleg@redhat.com \
--cc=paulmck@linux.vnet.ibm.com \
--cc=riel@redhat.com \
--cc=tglx@linutronix.de \
--cc=thiago.macieira@intel.com \
--cc=viro@zeniv.linux.org.uk \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.