LKML Archive on lore.kernel.org
 help / color / Atom feed
From: Christof Meerwald <cmeerw@cmeerw.org>
To: linux-kernel@vger.kernel.org
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Subject: SIGCHLD signal sometimes sent with si_pid==0 (Linux 5.6.5)
Date: Sun, 19 Apr 2020 22:13:36 +0200
Message-ID: <20200419201336.GI22017@edge.cmeerw.net> (raw)

Hi,

this is probably related to commit
7a0cf094944e2540758b7f957eb6846d5126f535 (signal: Correct namespace
fixups of si_pid and si_uid).

With a 5.6.5 kernel I am seeing SIGCHLD signals that don't include a
properly set si_pid field - this seems to happen for multi-threaded
child processes.

A simple test program (based on the sample from the signalfd man page):

#include <sys/signalfd.h>
#include <signal.h>
#include <unistd.h>
#include <spawn.h>
#include <stdlib.h>
#include <stdio.h>

#define handle_error(msg) \
    do { perror(msg); exit(EXIT_FAILURE); } while (0)

int main(int argc, char *argv[])
{
  sigset_t mask;
  int sfd;
  struct signalfd_siginfo fdsi;
  ssize_t s;

  sigemptyset(&mask);
  sigaddset(&mask, SIGCHLD);

  if (sigprocmask(SIG_BLOCK, &mask, NULL) == -1)
    handle_error("sigprocmask");

  pid_t chldpid;
  char *chldargv[] = { "./sfdclient", NULL };
  posix_spawn(&chldpid, "./sfdclient", NULL, NULL, chldargv, NULL);

  sfd = signalfd(-1, &mask, 0);
  if (sfd == -1)
    handle_error("signalfd");

  for (;;) {
    s = read(sfd, &fdsi, sizeof(struct signalfd_siginfo));
    if (s != sizeof(struct signalfd_siginfo))
      handle_error("read");

    if (fdsi.ssi_signo == SIGCHLD) {
      printf("Got SIGCHLD %d %d %d %d\n",
          fdsi.ssi_status, fdsi.ssi_code,
          fdsi.ssi_uid, fdsi.ssi_pid);
      return 0;
    } else {
      printf("Read unexpected signal\n");
    }
  }
}


and a multi-threaded client to test with:

#include <unistd.h>
#include <pthread.h>

void *f(void *arg)
{
  sleep(100);
}

int main()
{
  pthread_t t[8];

  for (int i = 0; i != 8; ++i)
  {
    pthread_create(&t[i], NULL, f, NULL);
  }
}


I tried to do a bit of debugging and what seems to be happening is
that

		/* From an ancestor pid namespace? */
		if (!task_pid_nr_ns(current, task_active_pid_ns(t))) {

fails inside task_pid_nr_ns because the check for "pid_alive" fails.

This code seems to be called from do_notify_parent and there we
actually have "tsk != current" (I am assuming both are threads of the
current process?)


Christof

-- 

http://cmeerw.org                              sip:cmeerw at cmeerw.org
mailto:cmeerw at cmeerw.org                   xmpp:cmeerw at cmeerw.org

             reply index

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-04-19 20:13 Christof Meerwald [this message]
2020-04-20 17:05 ` [PATCH] signal: Avoid corrupting si_pid and si_uid in do_notify_parent Eric W. Biederman
2020-04-21  8:30   ` Christian Brauner
2020-04-21  9:28     ` Oleg Nesterov
2020-04-21 10:21       ` Christian Brauner
2020-04-21 11:11         ` Oleg Nesterov
2020-04-21 11:26           ` Christian Brauner
2020-04-21 12:17             ` Oleg Nesterov
2020-04-21 12:59               ` Christian Brauner
2020-04-21 13:42                 ` Eric W. Biederman
2020-04-21 11:28           ` Oleg Nesterov
2020-04-21 11:38             ` Christian Brauner
2020-04-21 10:28     ` Christian Brauner
2020-04-21 14:57     ` Eric W. Biederman
2020-04-21 15:08       ` Christian Brauner
2020-04-21  9:04   ` Oleg Nesterov
2020-04-21 10:19     ` [PATCH] remove the no longer needed pid_alive() check in __task_pid_nr_ns() Oleg Nesterov
2020-04-21 10:50       ` Christian Brauner
2020-04-21 15:05       ` Eric W. Biederman
2020-04-24 18:05         ` Oleg Nesterov
2020-04-24 19:54           ` Eric W. Biederman
2020-04-21 14:59 ` SIGCHLD signal sometimes sent with si_pid==0 (Linux 5.6.5) Eric W. Biederman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200419201336.GI22017@edge.cmeerw.net \
    --to=cmeerw@cmeerw.org \
    --cc=ebiederm@xmission.com \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

LKML Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/lkml/0 lkml/git/0.git
	git clone --mirror https://lore.kernel.org/lkml/1 lkml/git/1.git
	git clone --mirror https://lore.kernel.org/lkml/2 lkml/git/2.git
	git clone --mirror https://lore.kernel.org/lkml/3 lkml/git/3.git
	git clone --mirror https://lore.kernel.org/lkml/4 lkml/git/4.git
	git clone --mirror https://lore.kernel.org/lkml/5 lkml/git/5.git
	git clone --mirror https://lore.kernel.org/lkml/6 lkml/git/6.git
	git clone --mirror https://lore.kernel.org/lkml/7 lkml/git/7.git
	git clone --mirror https://lore.kernel.org/lkml/8 lkml/git/8.git
	git clone --mirror https://lore.kernel.org/lkml/9 lkml/git/9.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 lkml lkml/ https://lore.kernel.org/lkml \
		linux-kernel@vger.kernel.org
	public-inbox-index lkml

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-kernel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git