From: Atsushi Tsuji <a-tsuji@bk.jp.nec.com>
To: Oleg Nesterov <oleg@tv-sign.ru>
Cc: linux-kernel@vger.kernel.org,
"Eric W. Biederman" <ebiederm@xmission.com>,
Roland McGrath <roland@redhat.com>,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [PATCH] kill_something_info: don't take tasklist_lock for pid==-1 case
Date: Wed, 21 May 2008 10:48:12 +0900 [thread overview]
Message-ID: <48337F5C.2040601@bk.jp.nec.com> (raw)
In-Reply-To: <20080325135645.GA96@tv-sign.ru>
Oleg Nesterov wrote:
> On 03/25, Atsushi Tsuji wrote:
>> This patch avoid taking tasklist_lock in kill_something_info() when
>> the pid is -1. It can convert to rcu_read_lock() for this case because
>> group_send_sig_info() doesn't need tasklist_lock.
>>
>> This patch is for 2.6.25-rc5-mm1.
>>
>> Signed-off-by: Atsushi Tsuji <a-tsuji@bk.jp.nec.com>
>
> Except: We don't send the signal to /sbin/init. This means that (say)
> kill(-1, SIGKILL) can miss the task forked by init. Note that this
> task could be forked even before we start kill_something_info(), but
> without tasklist there is no guarantee we will see it on the ->tasks
> list.
>
> I think this is the only problem with this change.
Sorry for late reply and thank you for your comment. I understood the
mechanism that kill(-1, SIGKILL) can miss the tasks forked by init
(and the thread group of the current process, because we don't also
send the signal to them). If kill(-1, SIGKILL) finish before the
forking init process does list_add_tail_rcu(p->tasks) in
copy_process(), the process forked by init appears on the ->tasks list
after that. Is that right?
If so, I think this problem can happen without my patch.
Because even if kill(-1, SIGKILL) take read_lock(&tasklist_lock) in
kill_something_info(), it can finish before init process take
write_lock(&tasklist_lock) in copy_process(). So the forked process
appears after that, too.
Now, I noticed the important problem. I found the tasklist lock in
kill_something_info() can cause stall when some processes execute
kill(-1,SIGCONT) concurrently. It can happen even if a system has
only 4 CPUs (and even if a user is not privileged (not root)). This is
because the writer cannot take the tasklist lock when a lot of readers
exist and keep holding it.
This allows a local DoS. So we have to avoid that stall. The
conversion from the tasklist lock to rcu_read_lock() can solve this
problem. I think my patch doesn't make the new problem because the
problem that kill can miss the tasks have originally occurred without
my one. If there is no problem, could you ack it?
Thanks,
-Atsushi Tsuji
next prev parent reply other threads:[~2008-05-21 1:49 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-03-25 4:27 [PATCH] kill_something_info: don't take tasklist_lock for pid==-1 case Atsushi Tsuji
2008-03-25 13:56 ` Oleg Nesterov
2008-05-21 1:48 ` Atsushi Tsuji [this message]
2008-05-21 2:53 ` Eric W. Biederman
2008-05-21 3:47 ` Eric W. Biederman
2008-05-26 7:03 ` Atsushi TSUJI
2008-05-28 15:03 ` Eric W. Biederman
2008-05-31 16:55 ` Oleg Nesterov
2008-05-31 23:55 ` Eric W. Biederman
2008-06-01 16:29 ` Oleg Nesterov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48337F5C.2040601@bk.jp.nec.com \
--to=a-tsuji@bk.jp.nec.com \
--cc=akpm@linux-foundation.org \
--cc=ebiederm@xmission.com \
--cc=linux-kernel@vger.kernel.org \
--cc=oleg@tv-sign.ru \
--cc=roland@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox