From: Oleg Nesterov <oleg@redhat.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Andy Lutomirski <luto@kernel.org>, Kees Cook <kees@kernel.org>,
Kusaram Devineni <kusaram@devineni.in>,
Peter Zijlstra <peterz@infradead.org>,
Thomas Gleixner <tglx@kernel.org>, Will Drewry <wad@chromium.org>,
linux-kernel@vger.kernel.org,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [PATCH 0/11] Short circuit delivery for coredump signals
Date: Sun, 28 Jun 2026 16:29:02 +0200 [thread overview]
Message-ID: <akEvrpT28f0fbUjP@redhat.com> (raw)
In-Reply-To: <87o6gx9rc4.fsf@email.froward.int.ebiederm.org>
Eric,
Please rebase on top of Linus's tree, git am fails at 7/11.
So far I didnt' try to read the individual patches, I've applied
the whole series on top of 25fe708bbc59 to avoid the conflicts, and
after the very quick glance I seem to see some problems.
Please correct me.
-------------------------------------------------------------------------
complete_signal() does:
if (sig_fatal(p, sig) && !sigismember(&t->real_blocked, sig) &&
(sig == SIGKILL || !p->ptrace)) {
/*
* This signal will be fatal to the whole group.
*
* Start a group exit and wake everybody up.
* This way we don't have other threads
* running and doing things after a slower
* thread has the fatal signal pending.
*/
signal->flags = SIGNAL_GROUP_EXIT | SIGNAL_EXIT_DEQUEUE;
signal->group_exit_code = sig;
... kill the thread group ...
However, prepare_signal() still does:
if (signal->flags & SIGNAL_GROUP_EXIT) {
if (signal->core_state)
return sig == SIGKILL;
/*
* The process is in the middle of dying, drop the signal.
*/
return false;
This means that if SIGKILL comes before coredump_begin() sets signal->core_state,
it will be lost.
-------------------------------------------------------------------------
dequeue_exit_signal:
if (signal->flags & SIGNAL_EXIT_DEQUEUE) {
struct sigpending *pending = NULL;
struct sigqueue *timer_sigq;
int signr = exit_code;
signal->flags &= ~SIGNAL_EXIT_DEQUEUE;
pending = sigismember(&tsk->pending.signal, signr) ?
&tsk->pending : &signal->shared_pending;
collect_signal(signr, pending, info, &timer_sigq);
This looks obviously wrong. 2 threads, T1 and T2. SIGSEGV is sent to T1.
T2 calls get_signal(), clears SIGNAL_EXIT_DEQUEUE and returns SIGSEGV.
But collect_signal() won't find SIGSEGV, *info will be bogus.
T2 calls coredump_begin() and initiates the coredump. The core dump will
be written with wrong dumper thread, bogus siginfo (si_addr/etc are lost).
Even the filename is wrong if core_pattern includes "%i".
Oleg.
On 06/26, Eric W. Biederman wrote:
>
> Oleg's recent patchset tweaking how force_sig_info works has inspired me
> to finally push through and update the signal handling to have proper
> short circuit deliver for coredump signals. Everything is just simpler
> when coredumps are not such a large special case.
>
> What makes this tricky is coredumps have had their own process
> shoot-down logic similar to but separate and different from everything
> else in the kernel. The bulk of this set of changes is merging the
> process shoot-down logic that is used for signals and the logic for
> coredumps. So the same process shoot-down logic can be shared.
>
> With the shoot-down logic sorted the rest is quite straight forward.
>
> Who should pick up these changes? Historically I would put it in my own
> tree but unfortunately I just have a little bit of time here and there,
> and I can't predict when I will have time to work on things.
>
> Eric W. Biederman (11):
> signal: Compute the exit_code in get_signal
> signal: In get_signal call do_exit when it is unnecessary to shoot down threads
> signal: Bring down all threads when handling a non-coredump fatal signal
> signal: Move stopping for the coredump from do_exit into get_signal
> signal: Move audit_core_dumps from do_coredump into get_signal
> coredump: In zap_threads complete startup if there is no need to wait
> signal: Use the thread killing in get_signal for coredumps
> exit: Make do_group_exit static
> signal: Dequeue fatal signals
> signal: Short circuit deliver coredump signals
> signal: Remove SA_IMMUTABLE
>
> fs/coredump.c | 161 +++++++++++++++++----------------
> include/linux/coredump.h | 4 +
> include/linux/sched/signal.h | 2 +
> include/linux/sched/task.h | 1 -
> include/linux/signal_types.h | 3 -
> include/uapi/asm-generic/signal-defs.h | 1 -
> kernel/exit.c | 41 ++-------
> kernel/signal.c | 119 +++++++++++++++---------
> mm/oom_kill.c | 2 +-
> 9 files changed, 171 insertions(+), 163 deletions(-)
>
next prev parent reply other threads:[~2026-06-28 14:29 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-19 13:27 [PATCH v2 1/3] signal: change force_sig_info_to_task() to call __send_signal_locked() Oleg Nesterov
2026-06-19 13:27 ` [PATCH v2 2/3] signal: turn the "bool force" arg of __send_signal_locked() into "int flags" Oleg Nesterov
2026-06-19 13:28 ` [PATCH v2 3/3] signal: fix evasion of SA_IMMUTABLE signals Oleg Nesterov
2026-06-26 16:52 ` [PATCH 0/11] Short circuit delivery for coredump signals Eric W. Biederman
2026-06-26 16:54 ` [PATCH 01/11] signal: Compute the exit_code in get_signal Eric W. Biederman
2026-06-26 16:54 ` [PATCH 02/11] signal: In get_signal call do_exit when it is unnecessary to shoot down threads Eric W. Biederman
2026-06-26 16:55 ` [PATCH 03/11] signal: Bring down all threads when handling a non-coredump fatal signal Eric W. Biederman
2026-06-26 16:55 ` [PATCH 04/11] signal: Move stopping for the coredump from do_exit into get_signal Eric W. Biederman
2026-06-26 16:56 ` [PATCH 05/11] signal: Move audit_core_dumps from do_coredump " Eric W. Biederman
2026-06-26 16:57 ` [PATCH 06/11] coredump: In zap_threads complete startup if there is no need to wait Eric W. Biederman
2026-06-26 16:57 ` [PATCH 07/11] signal: Use the thread killing in get_signal for coredumps Eric W. Biederman
2026-06-26 16:58 ` [PATCH 08/11] exit: Make do_group_exit static Eric W. Biederman
2026-06-26 16:59 ` [PATCH 09/11] signal: Dequeue fatal signals Eric W. Biederman
2026-06-26 16:59 ` [PATCH 10/11] signal: Short circuit deliver coredump signals Eric W. Biederman
2026-06-26 17:00 ` [PATCH 11/11] signal: Remove SA_IMMUTABLE Eric W. Biederman
2026-06-28 14:29 ` Oleg Nesterov [this message]
2026-06-29 6:22 ` [PATCH 0/11] Short circuit delivery for coredump signals Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=akEvrpT28f0fbUjP@redhat.com \
--to=oleg@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=ebiederm@xmission.com \
--cc=kees@kernel.org \
--cc=kusaram@devineni.in \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=peterz@infradead.org \
--cc=tglx@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=wad@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.