[PATCH 3/3] coredump: sanitize the setting of signal->group_exit_code

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Oleg Nesterov <oleg@redhat.com>
To: Andrew Morton <akpm@linux-foundation.org>,
	Linus Torvalds <torvalds@linux-foundation.org>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>,
	Ingo Molnar <mingo@redhat.com>,
	Mandeep Singh Baines <msb@chromium.org>,
	Neil Horman <nhorman@redhat.com>,
	"Rafael J. Wysocki" <rjw@sisk.pl>,
	Roland McGrath <roland@hack.frob.com>, Tejun Heo <tj@kernel.org>,
	linux-kernel@vger.kernel.org
Subject: [PATCH 3/3] coredump: sanitize the setting of signal->group_exit_code
Date: Sun, 17 Feb 2013 20:19:05 +0100	[thread overview]
Message-ID: <20130217191905.GA21820@redhat.com> (raw)
In-Reply-To: <20130217191819.GA21778@redhat.com>

Now that the coredumping process can be SIGKILL'ed, the setting of
->group_exit_code in do_coredump() can race with complete_signal()
and SIGKILL or 0x80 can be "lost", or wait(status) can report
status == SIGKILL | 0x80.

But the main problem is that it is not clear to me what should we
do if binfmt->core_dump() succeeds but SIGKILL was sent, that is
why this patch comes as a separate change.

This patch adds 0x80 if ->core_dump() succeeds and the process was
not killed. But perhaps we can (should?) re-set ->group_exit_code
changed by SIGKILL back to "siginfo->si_signo |= 0x80" in case when
core_dumped == T.

Signed-off-by: Oleg Nesterov <oleg@redhat.com>
---
 fs/coredump.c |   12 +++++++-----
 1 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/fs/coredump.c b/fs/coredump.c
index 835d731..5503d94 100644
--- a/fs/coredump.c
+++ b/fs/coredump.c
@@ -390,12 +390,14 @@ static int coredump_wait(int exit_code, struct core_state *core_state)
 	return core_waiters;
 }
 
-static void coredump_finish(struct mm_struct *mm)
+static void coredump_finish(struct mm_struct *mm, bool core_dumped)
 {
 	struct core_thread *curr, *next;
 	struct task_struct *task;
 
 	spin_lock_irq(&current->sighand->siglock);
+	if (core_dumped && !__fatal_signal_pending(current))
+		current->signal->group_exit_code |= 0x80;
 	current->signal->group_exit_task = NULL;
 	current->signal->flags = SIGNAL_GROUP_EXIT;
 	spin_unlock_irq(&current->sighand->siglock);
@@ -480,6 +482,7 @@ void do_coredump(siginfo_t *siginfo)
 	int ispipe;
 	struct files_struct *displaced;
 	bool need_nonrelative = false;
+	bool core_dumped = false;
 	static atomic_t core_dump_count = ATOMIC_INIT(0);
 	struct coredump_params cprm = {
 		.siginfo = siginfo,
@@ -632,9 +635,8 @@ void do_coredump(siginfo_t *siginfo)
 		goto close_fail;
 	if (displaced)
 		put_files_struct(displaced);
-	retval = binfmt->core_dump(&cprm);
-	if (retval)
-		current->signal->group_exit_code |= 0x80;
+
+	core_dumped = binfmt->core_dump(&cprm);
 
 	if (ispipe && core_pipe_limit)
 		wait_for_dump_helpers(cprm.file);
@@ -647,7 +649,7 @@ fail_dropcount:
 fail_unlock:
 	kfree(cn.corename);
 fail_corename:
-	coredump_finish(mm);
+	coredump_finish(mm, core_dumped);
 	revert_creds(old_cred);
 fail_creds:
 	put_cred(cred);
-- 
1.5.5.1

next prev parent reply	other threads:[~2013-02-17 19:20 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-02-17 19:18 [PATCH 0/3] coredump: fix the ancient signal problems Oleg Nesterov
2013-02-17 19:18 ` [PATCH 1/3] coredump: only SIGKILL should interrupt the coredumping task Oleg Nesterov
2013-02-17 19:19 ` [PATCH 2/3] coredump: ensure that SIGKILL always kills the dumping thread Oleg Nesterov
2013-02-17 19:19 ` Oleg Nesterov [this message]
2013-02-17 19:34 ` [PATCH 0/3] coredump: fix the ancient signal problems Linus Torvalds
2013-02-17 19:50   ` Oleg Nesterov
2013-02-17 20:01     ` Oleg Nesterov
2013-02-20  1:29 ` Mandeep Singh Baines
2013-02-20 22:32   ` Oleg Nesterov
2013-02-20 23:14     ` Andrew Morton
2013-02-23 20:21       ` Oleg Nesterov

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:835d731 dfblob:5503d94 )
 OR (
bs:"[PATCH 3/3] coredump: sanitize the setting of signal->group_exit_code" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20130217191905.GA21820@redhat.com \
    --to=oleg@redhat.com \
    --cc=akpm@linux-foundation.org \
    --cc=alan@lxorguk.ukuu.org.uk \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=msb@chromium.org \
    --cc=nhorman@redhat.com \
    --cc=rjw@sisk.pl \
    --cc=roland@hack.frob.com \
    --cc=tj@kernel.org \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.