From: ebiederm@xmission.com (Eric W. Biederman)
To: Oleg Nesterov <oleg@redhat.com>
Cc: Enke Chen <enkechen@cisco.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
"H. Peter Anvin" <hpa@zytor.com>,
x86@kernel.org, Peter Zijlstra <peterz@infradead.org>,
Arnd Bergmann <arnd@arndb.de>,
Khalid Aziz <khalid.aziz@oracle.com>,
Kate Stewart <kstewart@linuxfoundation.org>,
Helge Deller <deller@gmx.de>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Al Viro <viro@zeniv.linux.org.uk>,
Andrew Morton <akpm@linux-foundation.org>,
Christian Brauner <christian@brauner.io>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will.deacon@arm.com>,
Dave Martin <Dave.Martin@arm.com>,
Mauro Carvalho Chehab <mchehab+samsung@kernel.org>,
Michal Hocko <mhocko@kernel.org>, Rik van Riel <rie>
Subject: Re: [PATCH] kernel/signal: Signal-based pre-coredump notification
Date: Tue, 16 Oct 2018 10:09:34 -0500 [thread overview]
Message-ID: <87bm7ukjwx.fsf@xmission.com> (raw)
In-Reply-To: <20181016141405.GA22045@redhat.com> (Oleg Nesterov's message of "Tue, 16 Oct 2018 16:14:06 +0200")
Oleg Nesterov <oleg@redhat.com> writes:
> On 10/15, Enke Chen wrote:
>>
>> > I don't understand why we need valid_predump_signal() at all.
>>
>> Most of the signals have well-defined semantics, and would not be appropriate
>> for this purpose.
>
> you are going to change the rules anyway.
I will just add that CLD_XXX is only valid with SIGCHLD as they are
signal specific si_codes. In conjunction with another signal like
SIGUSR it will have another meaning. I would really appreciate it
if new code does not further complicate siginfo_layout.
>> That is why it is limited to only SIGCHLD, SIGUSR1, SIGUSR2.
>
> Which do not queue. So the parent won't get the 2nd signal if 2 children
> crash at the same time.
We do best effort queueing but we don't guarantee anything. So yes
this makes signals a very louzy interface for sending this kind of
information.
>> >> if (sig_kernel_coredump(signr)) {
>> >> + /*
>> >> + * Notify the parent prior to the coredump if the
>> >> + * parent is interested in such a notificaiton.
>> >> + */
>> >> + int p_sig = current->real_parent->predump_signal;
>> >> +
>> >> + if (valid_predump_signal(p_sig)) {
>> >> + read_lock(&tasklist_lock);
>> >> + do_notify_parent_predump(current);
>> >> + read_unlock(&tasklist_lock);
>> >> + cond_resched();
>> >
>> > perhaps this should be called by do_coredump() after coredump_wait() kills
>> > all the sub-threads?
>>
>> proc_coredump_connector(current) is located here, they should stay together.
>
> Why?
>
> Once again, other threads are still alive. So if the parent restarts the service
> after it recieves -predump_signal, the new process can "race" with the old thread.
Yes. It isn't until do_coredump calls coredump_wait that all of the
threads are killed.
Eric
WARNING: multiple messages have this Message-ID (diff)
From: ebiederm@xmission.com (Eric W. Biederman)
To: Oleg Nesterov <oleg@redhat.com>
Cc: Enke Chen <enkechen@cisco.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
"H. Peter Anvin" <hpa@zytor.com>,
x86@kernel.org, Peter Zijlstra <peterz@infradead.org>,
Arnd Bergmann <arnd@arndb.de>,
Khalid Aziz <khalid.aziz@oracle.com>,
Kate Stewart <kstewart@linuxfoundation.org>,
Helge Deller <deller@gmx.de>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Al Viro <viro@zeniv.linux.org.uk>,
Andrew Morton <akpm@linux-foundation.org>,
Christian Brauner <christian@brauner.io>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will.deacon@arm.com>,
Dave Martin <Dave.Martin@arm.com>,
Mauro Carvalho Chehab <mchehab+samsung@kernel.org>,
Michal Hocko <mhocko@kernel.org>, Rik van Riel <riel@surriel.com>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
Roman Gushchin <guro@fb.com>,
Marcos Paulo de Souza <marcos.souza.org@gmail.com>,
Dominik Brodowski <linux@dominikbrodowski.net>,
Cyrill Gorcunov <gorcunov@openvz.org>,
Yang Shi <yang.shi@linux.alibaba.com>,
Jann Horn <jannh@google.com>, Kees Cook <keescook@chromium.org>,
linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org,
"Victor Kamensky (kamensky)" <kamensky@cisco.com>,
xe-linux-external@cisco.com, Stefan Strogin <sstrogin@cisco.com>,
Eugene Syromiatnikov <esyr@redhat.com>
Subject: Re: [PATCH] kernel/signal: Signal-based pre-coredump notification
Date: Tue, 16 Oct 2018 10:09:34 -0500 [thread overview]
Message-ID: <87bm7ukjwx.fsf@xmission.com> (raw)
Message-ID: <20181016150934.AaoBQW8koBM1dGdkaA1cQRcY3zrI9oMYnPmKfPsng7k@z> (raw)
In-Reply-To: <20181016141405.GA22045@redhat.com> (Oleg Nesterov's message of "Tue, 16 Oct 2018 16:14:06 +0200")
Oleg Nesterov <oleg@redhat.com> writes:
> On 10/15, Enke Chen wrote:
>>
>> > I don't understand why we need valid_predump_signal() at all.
>>
>> Most of the signals have well-defined semantics, and would not be appropriate
>> for this purpose.
>
> you are going to change the rules anyway.
I will just add that CLD_XXX is only valid with SIGCHLD as they are
signal specific si_codes. In conjunction with another signal like
SIGUSR it will have another meaning. I would really appreciate it
if new code does not further complicate siginfo_layout.
>> That is why it is limited to only SIGCHLD, SIGUSR1, SIGUSR2.
>
> Which do not queue. So the parent won't get the 2nd signal if 2 children
> crash at the same time.
We do best effort queueing but we don't guarantee anything. So yes
this makes signals a very louzy interface for sending this kind of
information.
>> >> if (sig_kernel_coredump(signr)) {
>> >> + /*
>> >> + * Notify the parent prior to the coredump if the
>> >> + * parent is interested in such a notificaiton.
>> >> + */
>> >> + int p_sig = current->real_parent->predump_signal;
>> >> +
>> >> + if (valid_predump_signal(p_sig)) {
>> >> + read_lock(&tasklist_lock);
>> >> + do_notify_parent_predump(current);
>> >> + read_unlock(&tasklist_lock);
>> >> + cond_resched();
>> >
>> > perhaps this should be called by do_coredump() after coredump_wait() kills
>> > all the sub-threads?
>>
>> proc_coredump_connector(current) is located here, they should stay together.
>
> Why?
>
> Once again, other threads are still alive. So if the parent restarts the service
> after it recieves -predump_signal, the new process can "race" with the old thread.
Yes. It isn't until do_coredump calls coredump_wait that all of the
threads are killed.
Eric
WARNING: multiple messages have this Message-ID (diff)
From: ebiederm@xmission.com (Eric W. Biederman)
To: Oleg Nesterov <oleg@redhat.com>
Cc: Enke Chen <enkechen@cisco.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
"H. Peter Anvin" <hpa@zytor.com>,
x86@kernel.org, Peter Zijlstra <peterz@infradead.org>,
Arnd Bergmann <arnd@arndb.de>,
Khalid Aziz <khalid.aziz@oracle.com>,
Kate Stewart <kstewart@linuxfoundation.org>,
Helge Deller <deller@gmx.de>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Al Viro <viro@zeniv.linux.org.uk>,
Andrew Morton <akpm@linux-foundation.org>,
Christian Brauner <christian@brauner.io>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will.deacon@arm.com>,
Dave Martin <Dave.Martin@arm.com>,
Mauro Carvalho Chehab <mchehab+samsung@kernel.org>,
Michal Hocko <mhocko@kernel.org>, Rik van Riel <riel@surriel.com>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
Roman Gushchin <guro@fb.com>,
Marcos Paulo de Souza <marcos.souza.org@gmail.com>,
Dominik Brodowski <linux@dominikbrodowski.net>,
Cyrill Gorcunov <gorcunov@openvz.org>,
Yang Shi <yang.shi@linux.alibaba.com>,
Jann Horn <jannh@google.com>, Kees Cook <keescook@chromium.org>,
linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org,
"Victor Kamensky \(kamensky\)" <kamensky@cisco.com>,
xe-linux-external@cisco.com, Stefan Strogin <sstrogin@cisco.com>,
Eugene Syromiatnikov <esyr@redhat.com>
Subject: Re: [PATCH] kernel/signal: Signal-based pre-coredump notification
Date: Tue, 16 Oct 2018 10:09:34 -0500 [thread overview]
Message-ID: <87bm7ukjwx.fsf@xmission.com> (raw)
In-Reply-To: <20181016141405.GA22045@redhat.com> (Oleg Nesterov's message of "Tue, 16 Oct 2018 16:14:06 +0200")
Oleg Nesterov <oleg@redhat.com> writes:
> On 10/15, Enke Chen wrote:
>>
>> > I don't understand why we need valid_predump_signal() at all.
>>
>> Most of the signals have well-defined semantics, and would not be appropriate
>> for this purpose.
>
> you are going to change the rules anyway.
I will just add that CLD_XXX is only valid with SIGCHLD as they are
signal specific si_codes. In conjunction with another signal like
SIGUSR it will have another meaning. I would really appreciate it
if new code does not further complicate siginfo_layout.
>> That is why it is limited to only SIGCHLD, SIGUSR1, SIGUSR2.
>
> Which do not queue. So the parent won't get the 2nd signal if 2 children
> crash at the same time.
We do best effort queueing but we don't guarantee anything. So yes
this makes signals a very louzy interface for sending this kind of
information.
>> >> if (sig_kernel_coredump(signr)) {
>> >> + /*
>> >> + * Notify the parent prior to the coredump if the
>> >> + * parent is interested in such a notificaiton.
>> >> + */
>> >> + int p_sig = current->real_parent->predump_signal;
>> >> +
>> >> + if (valid_predump_signal(p_sig)) {
>> >> + read_lock(&tasklist_lock);
>> >> + do_notify_parent_predump(current);
>> >> + read_unlock(&tasklist_lock);
>> >> + cond_resched();
>> >
>> > perhaps this should be called by do_coredump() after coredump_wait() kills
>> > all the sub-threads?
>>
>> proc_coredump_connector(current) is located here, they should stay together.
>
> Why?
>
> Once again, other threads are still alive. So if the parent restarts the service
> after it recieves -predump_signal, the new process can "race" with the old thread.
Yes. It isn't until do_coredump calls coredump_wait that all of the
threads are killed.
Eric
next prev parent reply other threads:[~2018-10-16 15:09 UTC|newest]
Thread overview: 148+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-13 0:33 [PATCH] kernel/signal: Signal-based pre-coredump notification Enke Chen
2018-10-13 0:33 ` Enke Chen
2018-10-13 6:40 ` Greg Kroah-Hartman
2018-10-13 6:40 ` Greg Kroah-Hartman
2018-10-15 18:16 ` Enke Chen
2018-10-15 18:16 ` Enke Chen
2018-10-15 18:43 ` Greg Kroah-Hartman
2018-10-15 18:43 ` Greg Kroah-Hartman
2018-10-15 18:49 ` Enke Chen
2018-10-15 18:49 ` Enke Chen
2018-10-15 18:58 ` Greg Kroah-Hartman
2018-10-15 18:58 ` Greg Kroah-Hartman
2018-10-13 10:44 ` Christian Brauner
2018-10-13 10:44 ` Christian Brauner
2018-10-15 18:39 ` Enke Chen
2018-10-15 18:39 ` Enke Chen
2018-10-15 18:39 ` Enke Chen
2018-10-13 18:27 ` Jann Horn
2018-10-13 18:27 ` Jann Horn
2018-10-15 18:36 ` Enke Chen
2018-10-15 18:36 ` Enke Chen
2018-10-15 18:54 ` Jann Horn
2018-10-15 18:54 ` Jann Horn
2018-10-15 19:23 ` Enke Chen
2018-10-15 19:23 ` Enke Chen
2018-10-19 23:01 ` Enke Chen
2018-10-19 23:01 ` Enke Chen
2018-10-22 15:40 ` Jann Horn
2018-10-22 15:40 ` Jann Horn
2018-10-22 20:48 ` Enke Chen
2018-10-22 20:48 ` Enke Chen
2018-10-15 12:05 ` Oleg Nesterov
2018-10-15 12:05 ` Oleg Nesterov
2018-10-15 18:54 ` Enke Chen
2018-10-15 18:54 ` Enke Chen
2018-10-15 19:17 ` Enke Chen
2018-10-15 19:17 ` Enke Chen
2018-10-15 19:26 ` Enke Chen
2018-10-15 19:26 ` Enke Chen
2018-10-16 14:14 ` Oleg Nesterov
2018-10-16 14:14 ` Oleg Nesterov
2018-10-16 15:09 ` Eric W. Biederman [this message]
2018-10-16 15:09 ` Eric W. Biederman
2018-10-16 15:09 ` Eric W. Biederman
2018-10-17 0:39 ` Enke Chen
2018-10-17 0:39 ` Enke Chen
2018-10-15 21:21 ` Alan Cox
2018-10-15 21:21 ` Alan Cox
2018-10-15 21:31 ` Enke Chen
2018-10-15 21:31 ` Enke Chen
2018-10-15 23:28 ` Eric W. Biederman
2018-10-15 23:28 ` Eric W. Biederman
2018-10-15 23:28 ` Eric W. Biederman
2018-10-16 0:33 ` valdis.kletnieks
2018-10-16 0:33 ` valdis.kletnieks
2018-10-16 0:33 ` valdis.kletnieks
2018-10-16 0:54 ` Enke Chen
2018-10-16 0:54 ` Enke Chen
2018-10-16 15:26 ` Eric W. Biederman
2018-10-16 15:26 ` Eric W. Biederman
2018-10-16 15:26 ` Eric W. Biederman
2018-10-22 21:09 ` [PATCH v2] " Enke Chen
2018-10-22 21:09 ` Enke Chen
2018-10-23 9:23 ` Oleg Nesterov
2018-10-23 9:23 ` Oleg Nesterov
2018-10-23 19:43 ` Enke Chen
2018-10-23 19:43 ` Enke Chen
2018-10-23 21:40 ` Enke Chen
2018-10-23 21:40 ` Enke Chen
2018-10-24 13:52 ` Oleg Nesterov
2018-10-24 13:52 ` Oleg Nesterov
2018-10-24 21:56 ` Enke Chen
2018-10-24 21:56 ` Enke Chen
2018-10-24 5:39 ` [PATCH v3] " Enke Chen
2018-10-24 5:39 ` Enke Chen
2018-10-24 14:02 ` Oleg Nesterov
2018-10-24 14:02 ` Oleg Nesterov
2018-10-24 22:02 ` Enke Chen
2018-10-24 22:02 ` Enke Chen
2018-10-25 22:56 ` [PATCH v4] " Enke Chen
2018-10-25 22:56 ` Enke Chen
2018-10-26 8:28 ` Oleg Nesterov
2018-10-26 8:28 ` Oleg Nesterov
2018-10-26 22:23 ` Enke Chen
2018-10-26 22:23 ` Enke Chen
2018-10-29 11:18 ` Oleg Nesterov
2018-10-29 11:18 ` Oleg Nesterov
2018-10-29 21:08 ` Enke Chen
2018-10-29 21:08 ` Enke Chen
2018-10-29 22:31 ` [PATCH v5] " Enke Chen
2018-10-29 22:31 ` Enke Chen
2018-10-30 16:46 ` Oleg Nesterov
2018-10-30 16:46 ` Oleg Nesterov
2018-10-31 0:25 ` Enke Chen
2018-10-31 0:25 ` Enke Chen
2018-11-22 0:37 ` Andrew Morton
2018-11-22 0:37 ` Andrew Morton
2018-11-22 1:09 ` Enke Chen
2018-11-22 1:09 ` Enke Chen
2018-11-22 1:18 ` Enke Chen
2018-11-22 1:18 ` Enke Chen
2018-11-22 1:33 ` Andrew Morton
2018-11-22 1:33 ` Andrew Morton
2018-11-22 4:57 ` Enke Chen
2018-11-22 4:57 ` Enke Chen
2018-11-12 23:22 ` Enke Chen
2018-11-12 23:22 ` Enke Chen
2018-11-27 22:54 ` [PATCH v5 1/2] " Enke Chen
2018-11-27 22:54 ` Enke Chen
2018-11-28 15:19 ` Dave Martin
2018-11-28 15:19 ` Dave Martin
2018-11-29 0:15 ` Enke Chen
2018-11-29 0:15 ` Enke Chen
2018-11-29 11:55 ` Dave Martin
2018-11-29 11:55 ` Dave Martin
2018-11-30 0:27 ` Enke Chen
2018-11-30 0:27 ` Enke Chen
2018-11-30 12:03 ` Oleg Nesterov
2018-11-30 12:03 ` Oleg Nesterov
2018-12-05 6:47 ` Jann Horn
2018-12-05 6:47 ` Jann Horn
2018-12-04 22:37 ` Andrew Morton
2018-12-04 22:37 ` Andrew Morton
2018-12-06 17:29 ` Oleg Nesterov
2018-12-06 17:29 ` Oleg Nesterov
2018-10-25 22:56 ` [PATCH] selftests/prctl: selftest for pre-coredump signal notification Enke Chen
2018-10-25 22:56 ` Enke Chen
2018-11-27 22:54 ` [PATCH v5 2/2] " Enke Chen
2018-11-27 22:54 ` Enke Chen
2018-10-24 13:29 ` [PATCH v2] kernel/signal: Signal-based pre-coredump notification Eric W. Biederman
2018-10-24 13:29 ` Eric W. Biederman
2018-10-24 13:29 ` Eric W. Biederman
2018-10-24 23:50 ` Enke Chen
2018-10-24 23:50 ` Enke Chen
2018-10-25 12:23 ` Eric W. Biederman
2018-10-25 12:23 ` Eric W. Biederman
2018-10-25 12:23 ` Eric W. Biederman
2018-10-25 20:45 ` Enke Chen
2018-10-25 20:45 ` Enke Chen
2018-10-25 21:24 ` Enke Chen
2018-10-25 21:24 ` Enke Chen
2018-10-25 21:56 ` Enke Chen
2018-10-25 21:56 ` Enke Chen
2018-10-25 13:45 ` Jann Horn
2018-10-25 13:45 ` Jann Horn
2018-10-25 20:21 ` Eric W. Biederman
2018-10-25 20:21 ` Eric W. Biederman
2018-10-25 20:21 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87bm7ukjwx.fsf@xmission.com \
--to=ebiederm@xmission.com \
--cc=Dave.Martin@arm.com \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=bp@alien8.de \
--cc=catalin.marinas@arm.com \
--cc=christian@brauner.io \
--cc=deller@gmx.de \
--cc=enkechen@cisco.com \
--cc=gregkh@linuxfoundation.org \
--cc=hpa@zytor.com \
--cc=khalid.aziz@oracle.com \
--cc=kstewart@linuxfoundation.org \
--cc=mchehab+samsung@kernel.org \
--cc=mhocko@kernel.org \
--cc=mingo@redhat.com \
--cc=oleg@redhat.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=viro@zeniv.linux.org.uk \
--cc=will.deacon@arm.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.