From: "Eric W. Biederman" <ebiederm@xmission.com>
To: Oleg Nesterov <oleg@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Andy Lutomirski <luto@kernel.org>, Kees Cook <kees@kernel.org>,
Kusaram Devineni <kusaram@devineni.in>,
Peter Zijlstra <peterz@infradead.org>,
Thomas Gleixner <tglx@kernel.org>,
Will Drewry <wad@chromium.org>,
linux-kernel@vger.kernel.org,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [PATCH 0/11] Short circuit delivery for coredump signals
Date: Fri, 03 Jul 2026 15:16:32 -0500 [thread overview]
Message-ID: <87ldbr4yn3.fsf@email.froward.int.ebiederm.org> (raw)
In-Reply-To: <akY_L6uDZnbO_5Jh@redhat.com> (Oleg Nesterov's message of "Thu, 2 Jul 2026 12:36:31 +0200")
Oleg Nesterov <oleg@redhat.com> writes:
> On 06/29, Eric W. Biederman wrote:
>>
>> "Eric W. Biederman" <ebiederm@xmission.com> writes:
>>
>> > Oleg Nesterov <oleg@redhat.com> writes:
>> >
>> >> if (signal->flags & SIGNAL_GROUP_EXIT) {
>> >> if (signal->core_state)
>> >> return sig == SIGKILL;
>> >> /*
>> >> * The process is in the middle of dying, drop the signal.
>> >> */
>> >> return false;
>> >>
>> >> This means that if SIGKILL comes before coredump_begin() sets signal->core_state,
>> >> it will be lost.
>> >
>> > I will reexamine that. I used to have something to deal with this case
>> > but somehow convinced myself it didn't matter.
>>
>> I was thinking of another related problem.
>>
>> In this case loosing SIGKILL before coredump_begin seems fine. The process
>> is already dying of a signal.
>
> Hmm. I disagree...
>
>> The only point of supporting SIGKILL at all during a coredump is because
>> writing the coredump out can be slow. So SIGKILL in that case just
>> aborts the coredump.
>
> Yes, the coredumping process is not dead. Yet. It can do a lot of activity
> and use a lot of resources.
It is semantically dead. Pragmatically I completely agree.
>> Do you know of something where userspace actually depends upon
>> killing a coredump before it even starts?
>
> Well. I think a user has all rights to assume that SIGKILL must always
> terminate the process asap, the process killed by SIGKILL must not start
> the coredumping.
If we arrange things so that semantically SIGKILL is delivered before
the signal that triggers the coredump, we can do that without semantic
complications. The window is tiny enough I am not certain it matters.
There are other issues with that part of code as well.
Can we please look at all of these issues after I post the next version
of my patchset (later today)? I don't think anything else depends upon them.
>> There is another corner case I just noticed.
>>
>> When force_sig_info_to_task is passed HANDLER_EXIT today get_signal
>> skips ptrace stops when SA_IMMUTABLE is set. My change did not short
>> circuit deliver those signals when the process was ptraced so my last
>> change removing SA_IMMUTABLE was premature.
>
> Yes... and do_sigacttion() between send and delivery...
HANDLER_EXIT implies the signal is fatal so there will be no userspace
delivery.
SA_IMMUTABLE only exists to ensure that when siglock is dropped that
userspace won't change the way get_signal delivers the signal.
If we can perform short circuited delivery of the fatal signal in
all cases then SA_IMMUTABLE becomes unnecessary.
Earlier you mentioned that force_sig_info_to_task combined with
dequeue_synchronous signal could do a lot better. I looked back
at my proof of concept branch and you are quite right. Especially
once we can get short circuit delivery for the coredump signals.
Eric
next prev parent reply other threads:[~2026-07-03 20:16 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-19 13:27 [PATCH v2 1/3] signal: change force_sig_info_to_task() to call __send_signal_locked() Oleg Nesterov
2026-06-19 13:27 ` [PATCH v2 2/3] signal: turn the "bool force" arg of __send_signal_locked() into "int flags" Oleg Nesterov
2026-06-19 13:28 ` [PATCH v2 3/3] signal: fix evasion of SA_IMMUTABLE signals Oleg Nesterov
2026-06-26 16:52 ` [PATCH 0/11] Short circuit delivery for coredump signals Eric W. Biederman
2026-06-26 16:54 ` [PATCH 01/11] signal: Compute the exit_code in get_signal Eric W. Biederman
2026-06-26 16:54 ` [PATCH 02/11] signal: In get_signal call do_exit when it is unnecessary to shoot down threads Eric W. Biederman
2026-06-26 16:55 ` [PATCH 03/11] signal: Bring down all threads when handling a non-coredump fatal signal Eric W. Biederman
2026-06-26 16:55 ` [PATCH 04/11] signal: Move stopping for the coredump from do_exit into get_signal Eric W. Biederman
2026-06-26 16:56 ` [PATCH 05/11] signal: Move audit_core_dumps from do_coredump " Eric W. Biederman
2026-06-26 16:57 ` [PATCH 06/11] coredump: In zap_threads complete startup if there is no need to wait Eric W. Biederman
2026-06-26 16:57 ` [PATCH 07/11] signal: Use the thread killing in get_signal for coredumps Eric W. Biederman
2026-06-26 16:58 ` [PATCH 08/11] exit: Make do_group_exit static Eric W. Biederman
2026-06-26 16:59 ` [PATCH 09/11] signal: Dequeue fatal signals Eric W. Biederman
2026-06-26 16:59 ` [PATCH 10/11] signal: Short circuit deliver coredump signals Eric W. Biederman
2026-06-26 17:00 ` [PATCH 11/11] signal: Remove SA_IMMUTABLE Eric W. Biederman
2026-06-28 14:29 ` [PATCH 0/11] Short circuit delivery for coredump signals Oleg Nesterov
2026-06-29 6:22 ` Eric W. Biederman
2026-06-29 17:45 ` Eric W. Biederman
2026-07-02 10:36 ` Oleg Nesterov
2026-07-03 20:16 ` Eric W. Biederman [this message]
2026-07-03 21:35 ` [PATCH v2 00/14] " Eric W. Biederman
2026-07-03 21:36 ` [PATCH 01/14] signal: Generalize posixtimer_queue_sigqueue into enqueue_signal Eric W. Biederman
2026-07-03 21:37 ` [PATCH 02/14] signal: Factor out sig_blocked from sig_ignored Eric W. Biederman
2026-07-03 21:37 ` [PATCH 03/14] signal: More accurate ignoring of signals based on sig_can_short_circuit Eric W. Biederman
2026-07-03 21:38 ` [PATCH 04/14] signal: Use sig_can_short_circuit to improve fatal signal delivery Eric W. Biederman
2026-07-03 21:39 ` [PATCH 05/14] signal: Compute the exit_code in get_signal Eric W. Biederman
2026-07-03 21:39 ` Eric W. Biederman
2026-07-03 21:40 ` [PATCH 06/14] signal: In get_signal call do_exit when it is unnecessary to shoot down threads Eric W. Biederman
2026-07-03 21:40 ` [PATCH 07/14] signal: Bring down all threads when handling a non-coredump fatal signal Eric W. Biederman
2026-07-03 21:41 ` [PATCH 08/14] signal: Move stopping for the coredump from do_exit into get_signal Eric W. Biederman
2026-07-03 21:41 ` [PATCH 09/14] signal: Move audit_core_dumps from do_coredump " Eric W. Biederman
2026-07-03 21:42 ` [PATCH 10/14] coredump: In zap_threads complete startup if there is no need to wait Eric W. Biederman
2026-07-03 21:43 ` [PATCH 11/14] signal: Use the thread killing in get_signal for coredumps Eric W. Biederman
2026-07-03 21:43 ` [PATCH 12/14] exit: Make do_group_exit static Eric W. Biederman
2026-07-03 21:44 ` [PATCH 13/14] signal: Dequeue fatal signals Eric W. Biederman
2026-07-03 21:44 ` [PATCH 14/14] signal: Short circuit deliver coredump signals Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ldbr4yn3.fsf@email.froward.int.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=akpm@linux-foundation.org \
--cc=kees@kernel.org \
--cc=kusaram@devineni.in \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=oleg@redhat.com \
--cc=peterz@infradead.org \
--cc=tglx@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=wad@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox