Re: [PATCH 1/1] signal: on exit skip waiting for an ack from the tracer if it is frozen

[Oleg Nesterov <oleg@redhat.com>]

Oh, PTRACE_EVENT_EXIT again. I can't even recall how many times
I mentioned it is broken by design but any possible change is user
visible...

But I don't really understand this patch.

On 06/28, Suren Baghdasaryan wrote:
>
> When a process is being killed or exiting and it has a tracer, it will
> notify the tracer and wait for an ack from the tracer to proceed. However
> if the tracer is frozen, this ack will not arrive until the tracer gets
> thawed. This poses a problem especially during memory pressure because
> resources of the process are not released.

Yes. But how does this differ from situation when the tracer is not
frozen but just sleeps? Or it is traced too and its tracer is frozen?

> Things become even more interesting if OOM killer picks such tracee
> and adds it into oom_victims. oom_victims counter will get incremented
> and stay that way until tracee exits. In the meantime, if the system
> tries to go into suspend, it will call oom_killer_disable() after
> freezing all processes.

Confused... suspend doesn't use cgroup_freeze/etc, so it seems your
patch should check frozen() rather than cgroup_task_frozen() ?
And what if try_to_freeze_tasks() does freeze_task(tracee->parent)
right after the check in ptrace_stop() below?


I think it would better to simply change ptrace_stop() to check TIF_MEMDIE
along with __fatal_signal_pending() and return in this case.

Although TIF_MEMDIE is per-thread... perhaps signal->oom_mm != NULL?

Michal, what do you think?

Of course, this won't fix all problems.

Oleg.

> That call will fail due to positive oom_victims,
> but not until freeze_timeout_msecs passes. For the whole duration of the
> freeze_timeout_msecs (20sec by default) the system will appear
> unresponsive.
> To fix this problem, skip the ack waiting step in the tracee when it's
> exiting and the tracer is frozen. Per ptrace(2) manual, the tracer
> cannot assume that the ptrace-stopped tracee exists. Therefore this
> change does not break any valid assumptions.
> 
> Debugged-by: Martin Liu <liumartin@google.com>
> Debugged-by: Minchan Kim <minchan@google.com>
> Signed-off-by: Suren Baghdasaryan <surenb@google.com>
> ---
>  kernel/signal.c | 14 ++++++++++++++
>  1 file changed, 14 insertions(+)
> 
> diff --git a/kernel/signal.c b/kernel/signal.c
> index 1f9dd41c04be..dd9c18fdaaa5 100644
> --- a/kernel/signal.c
> +++ b/kernel/signal.c
> @@ -2320,6 +2320,19 @@ static int ptrace_stop(int exit_code, int why, unsigned long message,
>  	if (gstop_done && (!current->ptrace || ptrace_reparented(current)))
>  		do_notify_parent_cldstop(current, false, why);
>  
> +	/*
> +	 * If tracer is frozen, it won't ack until it gets unfrozen and if the
> +	 * tracee is exiting this means its resources do not get freed until
> +	 * the tracer is thawed. Skip waiting for the tracer. Per ptrace(2)
> +	 * manual, the tracer cannot assume that the ptrace-stopped tracee
> +	 * exists, so exiting now should not be an issue.
> +	 */
> +	if (current->ptrace && (exit_code >> 8) == PTRACE_EVENT_EXIT &&
> +	    cgroup_task_frozen(current->parent)) {
> +		read_unlock(&tasklist_lock);
> +		goto skip_wait;
> +	}
> +
>  	/*
>  	 * The previous do_notify_parent_cldstop() invocation woke ptracer.
>  	 * One a PREEMPTION kernel this can result in preemption requirement
> @@ -2356,6 +2369,7 @@ static int ptrace_stop(int exit_code, int why, unsigned long message,
>  	schedule();
>  	cgroup_leave_frozen(true);
>  
> +skip_wait:
>  	/*
>  	 * We are back.  Now reacquire the siglock before touching
>  	 * last_siginfo, so that we are sure to have synchronized with
> 
> base-commit: 6c0483dbfe7223f2b8390e3d5fe942629d3317b7
> -- 
> 2.45.2.803.g4e1b14247a-goog
>