From: "Eric W. Biederman" <ebiederm@xmission.com>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: Zhang Qiao <zhangqiao22@huawei.com>,
lkml <linux-kernel@vger.kernel.org>,
keescook@chromium.org, Peter Zijlstra <peterz@infradead.org>,
elver@google.com, legion@kernel.org, oleg@redhat.com,
brauner@kernel.org
Subject: Re: Question about kill a process group
Date: Wed, 11 May 2022 13:33:21 -0500 [thread overview]
Message-ID: <87a6bnudfy.fsf@email.froward.int.ebiederm.org> (raw)
In-Reply-To: <87zgk5v148.ffs@tglx> (Thomas Gleixner's message of "Thu, 28 Apr 2022 14:33:27 +0200")
Thomas Gleixner <tglx@linutronix.de> writes:
> On Thu, Apr 21 2022 at 11:12, Eric W. Biederman wrote:
>> Zhang Qiao <zhangqiao22@huawei.com> writes:
>>>> How many children are being created in this test? Several million?
>>>
>>> There are about 300,000+ processes.
>>
>> Not as many as I was guessing, but still enough to cause a huge
>> wait on locks.
>
> Indeed. It's about 4-5us per process to send the signal on a 2GHz
> SKL-X. So with 20000k processes tasklist lock is read held for 1 second.
>
>> I do agree over 1 second for holding a spin lock is ridiculous and a
>> denial of service attack.
>
> Exactly. Even holding it for 100ms (20k forks) is daft.
>
> So unless the number of PIDs for a user is limited this _is_ an
> unpriviledged DoS vector.
After having slept on this a bit it finally occurred to me the
semi-obvious solution to this issue is to convert tasklist_lock
from a rw-spinlock to rw-semaphore. The challenge is finding
the users (tty layer?) that generate signals from interrupt
context and redirect that signal generation.
Once signals holding tasklist_lock are no longer generated from
interrupt context irqs no longer need to be disabled and
after verifying tasklist_lock isn't held under any other spinlocks
it can be converted to a semaphore.
It won't help the signal delivery times, but it should reduce
the effect on the rest of the system, and prevent watchdogs from
firing.
I don't know if I have time to do any of that now, but it does seem a
reasonable direction to move the code in.
Eric
next prev parent reply other threads:[~2022-05-11 18:33 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-29 8:07 Question about kill a process group Zhang Qiao
2022-04-02 2:22 ` Zhang Qiao
2022-04-13 1:56 ` Zhang Qiao
2022-04-13 15:47 ` Eric W. Biederman
2022-04-14 11:40 ` Zhang Qiao
2022-04-21 16:12 ` Eric W. Biederman
2022-04-28 2:05 ` Zhang Qiao
2022-04-28 12:33 ` Thomas Gleixner
2022-05-11 18:33 ` Eric W. Biederman [this message]
2022-05-11 22:53 ` Thomas Gleixner
2022-05-12 18:23 ` Eric W. Biederman
2022-09-26 7:32 ` Zhang Qiao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87a6bnudfy.fsf@email.froward.int.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=brauner@kernel.org \
--cc=elver@google.com \
--cc=keescook@chromium.org \
--cc=legion@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=oleg@redhat.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=zhangqiao22@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).