Re: [PATCH] fix de_thread() vs do_coredump() deadlock

> So, de_thread() sets SIGNAL_GROUP_EXEC and sends SIGKILL to other thereads.
> 
> Sub-thread receives the signal, and calls get_signal_to_deliver->do_group_exit.
> do_group_exit() calls zap_other_threads(SIGNAL_GROUP_EXIT) because there is no
> SIGNAL_GROUP_EXIT set. zap_other_threads() notices SIGNAL_GROUP_EXEC, wakes up
> execer, and changes ->signal->flags to SIGNAL_GROUP_EXIT.
> 
> de_thread() re-locks sighand, sees !SIGNAL_GROUP_EXEC and goes to 'dying:'.

That is what I intend.  The exec'ing thread backs out and processes its SIGKILL.
It sounds like you are calling this scenario a problem, but I don't know why.

> Another problem. de_thread() sets '->group_exit_task = current' _only_ if
> 'atomic_read(&sig->count) > count', so wake_up_process(->group_exit_task)
> in zap_other_threads() is unsafe.

Ah, this is indeed a problem when the only other thread is the old leader.
I think it's easy enough just to set it unconditionally and clear it at the
end, after the leader too is gone.  i.e., this on top of the previous patch:

--- a/fs/exec.c
+++ b/fs/exec.c
@@ -659,8 +659,8 @@ static int de_thread(struct task_struct 
 			goto dying;
 		}
 	}
+	sig->group_exit_task = current;
 	while (atomic_read(&sig->count) > count) {
-		sig->group_exit_task = current;
 		sig->notify_count = count;
 		__set_current_state(TASK_UNINTERRUPTIBLE);
 		spin_unlock_irq(lock);
@@ -675,7 +675,6 @@ static int de_thread(struct task_struct 
 			goto dying;
 		}
 	}
-	sig->group_exit_task = NULL;
 	sig->notify_count = 0;
 	spin_unlock_irq(lock);
 
@@ -774,6 +773,7 @@ static int de_thread(struct task_struct 
 	 * but it's safe to stop telling the group to kill themselves.
 	 */
 	sig->flags = 0;
+	sig->group_exit_task = NULL;
 
 no_thread_group:
 	exit_itimers(sig);



Thanks,
Roland
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: [PATCH] fix de_thread() vs do_coredump() deadlock
    • From: Oleg Nesterov <[email protected]>
  • Re: [PATCH] fix de_thread() vs do_coredump() deadlock
    • From: Oleg Nesterov <[email protected]>

• References:
  • Re: [PATCH] fix de_thread() vs do_coredump() deadlock
    • From: Oleg Nesterov <[email protected]>

• Prev by Date: Re: [PATCH] de_thread: Don't confuse users do_each_thread.
• Next by Date: Re: [PATCH] deinline a few large functions in vlan code v2
• Previous by thread: Re: [PATCH] fix de_thread() vs do_coredump() deadlock
• Next by thread: Re: [PATCH] fix de_thread() vs do_coredump() deadlock
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]