All of lore.kernel.org
 help / color / mirror / Atom feed
From: Oleg Nesterov <oleg@redhat.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
	Andy Lutomirski <luto@kernel.org>, Kees Cook <kees@kernel.org>,
	Kusaram Devineni <kusaram@devineni.in>,
	Peter Zijlstra <peterz@infradead.org>,
	Thomas Gleixner <tglx@kernel.org>, Will Drewry <wad@chromium.org>,
	linux-kernel@vger.kernel.org,
	Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [PATCH 0/11] Short circuit delivery for coredump signals
Date: Thu, 2 Jul 2026 12:36:31 +0200	[thread overview]
Message-ID: <akY_L6uDZnbO_5Jh@redhat.com> (raw)
In-Reply-To: <875x315jh0.fsf@email.froward.int.ebiederm.org>

On 06/29, Eric W. Biederman wrote:
>
> "Eric W. Biederman" <ebiederm@xmission.com> writes:
>
> > Oleg Nesterov <oleg@redhat.com> writes:
> >
> >> 	if (signal->flags & SIGNAL_GROUP_EXIT) {
> >> 		if (signal->core_state)
> >> 			return sig == SIGKILL;
> >> 		/*
> >> 		 * The process is in the middle of dying, drop the signal.
> >> 		 */
> >> 		return false;
> >>
> >> This means that if SIGKILL comes before coredump_begin() sets signal->core_state,
> >> it will be lost.
> >
> > I will reexamine that.  I used to have something to deal with this case
> > but somehow convinced myself it didn't matter.
>
> I was thinking of another related problem.
>
> In this case loosing SIGKILL before coredump_begin seems fine.  The process
> is already dying of a signal.

Hmm. I disagree...

> The only point of supporting SIGKILL at all during a coredump is because
> writing the coredump out can be slow.  So SIGKILL in that case just
> aborts the coredump.

Yes, the coredumping process is not dead. Yet. It can do a lot of activity
and use a lot of resources.

> Do you know of something where userspace actually depends upon
> killing a coredump before it even starts?

Well. I think a user has all rights to assume that SIGKILL must always
terminate the process asap, the process killed by SIGKILL must not start
the coredumping.

> There is another corner case I just noticed.
>
> When force_sig_info_to_task is passed HANDLER_EXIT today get_signal
> skips ptrace stops when SA_IMMUTABLE is set.  My change did not short
> circuit deliver those signals when the process was ptraced so my last
> change removing SA_IMMUTABLE was premature.

Yes... and do_sigacttion() between send and delivery...

Oleg.


      reply	other threads:[~2026-07-02 10:36 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-06-19 13:27 [PATCH v2 1/3] signal: change force_sig_info_to_task() to call __send_signal_locked() Oleg Nesterov
2026-06-19 13:27 ` [PATCH v2 2/3] signal: turn the "bool force" arg of __send_signal_locked() into "int flags" Oleg Nesterov
2026-06-19 13:28 ` [PATCH v2 3/3] signal: fix evasion of SA_IMMUTABLE signals Oleg Nesterov
2026-06-26 16:52 ` [PATCH 0/11] Short circuit delivery for coredump signals Eric W. Biederman
2026-06-26 16:54   ` [PATCH 01/11] signal: Compute the exit_code in get_signal Eric W. Biederman
2026-06-26 16:54   ` [PATCH 02/11] signal: In get_signal call do_exit when it is unnecessary to shoot down threads Eric W. Biederman
2026-06-26 16:55   ` [PATCH 03/11] signal: Bring down all threads when handling a non-coredump fatal signal Eric W. Biederman
2026-06-26 16:55   ` [PATCH 04/11] signal: Move stopping for the coredump from do_exit into get_signal Eric W. Biederman
2026-06-26 16:56   ` [PATCH 05/11] signal: Move audit_core_dumps from do_coredump " Eric W. Biederman
2026-06-26 16:57   ` [PATCH 06/11] coredump: In zap_threads complete startup if there is no need to wait Eric W. Biederman
2026-06-26 16:57   ` [PATCH 07/11] signal: Use the thread killing in get_signal for coredumps Eric W. Biederman
2026-06-26 16:58   ` [PATCH 08/11] exit: Make do_group_exit static Eric W. Biederman
2026-06-26 16:59   ` [PATCH 09/11] signal: Dequeue fatal signals Eric W. Biederman
2026-06-26 16:59   ` [PATCH 10/11] signal: Short circuit deliver coredump signals Eric W. Biederman
2026-06-26 17:00   ` [PATCH 11/11] signal: Remove SA_IMMUTABLE Eric W. Biederman
2026-06-28 14:29   ` [PATCH 0/11] Short circuit delivery for coredump signals Oleg Nesterov
2026-06-29  6:22     ` Eric W. Biederman
2026-06-29 17:45       ` Eric W. Biederman
2026-07-02 10:36         ` Oleg Nesterov [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=akY_L6uDZnbO_5Jh@redhat.com \
    --to=oleg@redhat.com \
    --cc=akpm@linux-foundation.org \
    --cc=ebiederm@xmission.com \
    --cc=kees@kernel.org \
    --cc=kusaram@devineni.in \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@kernel.org \
    --cc=peterz@infradead.org \
    --cc=tglx@kernel.org \
    --cc=torvalds@linux-foundation.org \
    --cc=wad@chromium.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.