From: Oleg Nesterov <oleg@redhat.com>
To: Roman Gushchin <guro@fb.com>
Cc: Tejun Heo <tj@kernel.org>, Alex Xu <alex_y_xu@yahoo.ca>,
kernel-team@fb.com, cgroups@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] signal: don't always leave task frozen after ptrace_stop()
Date: Tue, 14 May 2019 18:01:59 +0200 [thread overview]
Message-ID: <20190514160158.GB32459@redhat.com> (raw)
In-Reply-To: <20190513195517.2289671-1-guro@fb.com>
Roman,
Sorry, I can't agree with this patch. And even the changelog doesn't
look right.
On 05/13, Roman Gushchin wrote:
>
> The ptrace_stop() function contains the cgroup_enter_frozen() call,
> but no cgroup_leave_frozen(). When ptrace_stop() is called from the
> do_jobctl_trap() path, it's correct, because corresponding
> cgroup_leave_frozen() calls in get_signal() will guarantee that
> the task won't leave the signal handler loop frozen.
>
> However, if ptrace_stop() is called from ptrace_signal() or
> ptrace_notify(), there is no such guarantee, and the task may leave
> with the frozen bit set.
ptrace_signal() looks fine in that the task can't return to user-mode,
get_signal() will be called again exactly because ->frozen == 1 means
TIF_SIGPENDING. So I an not surre I understand why ptrace_signal() does
ptrace_stop(false) with your patch. But this is minor.
> It leads to the regression, reported by Alex Xu. Write system call
> gets mistakenly interrupted by fake TIF_SIGPENDING, which is set
> by recalc_sigpending_tsk() because of the set frozen bit.
IMHO, the real problem is not that syscall was interrupted. The problem
is that a frozen task must never start the syscall.
---------------------------------------------------------------------------
Can't we add the unconditional leave_frozen() into ptrace_stop() for now ?
Sure, this is not what we want. Debugger can disturb CGRP_FROZEN.
But. The "may_remain_frozen" argument uglifies this code too much (imo) and
at the same time it doesn't solve the problem above: CGRP_FROZEN can be cleared
"for no reason".
Say, why ptrace_event_pid() should do leave_frozen(true) ? And if there is any
reason, then why wait_for_vfork_done() can do leave_frozen(false) ?
Or syscall-exit path. It can't miss get_signal(), it doesn't need leave_frozen().
In short, I believe that compared to the unconditional leave_frozen() in ptrace_stop()
this patch buys almost nothing, but makes the code and the whole logic much uglier.
Oleg.
next prev parent reply other threads:[~2019-05-14 16:01 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-13 19:55 [PATCH] signal: don't always leave task frozen after ptrace_stop() Roman Gushchin
2019-05-13 19:55 ` Roman Gushchin
2019-05-14 16:01 ` Oleg Nesterov [this message]
2019-05-14 17:46 ` Roman Gushchin
2019-05-15 14:43 ` Oleg Nesterov
2019-05-15 17:03 ` Roman Gushchin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190514160158.GB32459@redhat.com \
--to=oleg@redhat.com \
--cc=alex_y_xu@yahoo.ca \
--cc=cgroups@vger.kernel.org \
--cc=guro@fb.com \
--cc=kernel-team@fb.com \
--cc=linux-kernel@vger.kernel.org \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.