From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3F5EB4206E for ; Wed, 15 Jan 2025 00:49:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736902196; cv=none; b=Rsm9G1Rotl+/1VLyvhHxO6sk0TQCT29zEJ8Z82QZfuK/RNaEDo3SGaaQ3Rk8g5KVph4TVu/QYC9j++HI5gdO2H3MWiIoGVkTkf0j0+R/hMA92HdJH9F+TCbmJQsOrr3pL+EHe5OgoJQS02PmCsd7NrHUWI2TgZ2GCQDlc3XiSQw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736902196; c=relaxed/simple; bh=OrBYKDvjrHeZqYLUwy8HxvmIpE9gkmf/wLPUi/QiLwA=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=ZW1aF0ggtirlQWemS5ovz1BvdozajQ/zEMqcFyvZ+0p0soIeRDjZs+nrllfGpe5KbTHuzWGeOOQOVvOWRjKVjoGKXaXuc3Bi7TONNsdBcZ7tcFoeipxLKuNqtQBN07BORfPLWDb1qebu9nqEbNb/rE1m3OwgdHhyC4nxphkmXbw= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=SIEXMA5n; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="SIEXMA5n" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 72E01C4CEDD; Wed, 15 Jan 2025 00:49:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1736902195; bh=OrBYKDvjrHeZqYLUwy8HxvmIpE9gkmf/wLPUi/QiLwA=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=SIEXMA5nBtVDxwXPYUeMZy7z2n7DUuKbsHLPygTbFA3nxKiScSbckSoCd60YVsxop OhbvbEGDELlt9VutCrOlmBwqIBbNMc8ZhHNrBUJiMlXvg7oKrUFR5vNO40ddrZ7gjg QC4KgKatTPnBTp8MYvL0yZy9FVwip9QTKRuaIQRZiGE+/vNC7Fqa/qB+vgwkqyP/Cl ItVwkkXA1tlN/sOLhNyN6tF9++cJowUvZxLrbk+PoNPfgwe8MhJOAVRw5/KHY+zynz 6kDIsD+D349sR4iaubrwumyv8URT2yiy1sT8IT8t5bXgBNtpzoujP7zorlqnAv+ApQ 0qdHBui+vq/Yg== Date: Wed, 15 Jan 2025 01:49:52 +0100 From: Frederic Weisbecker To: Thomas Gleixner Cc: syzbot , anna-maria@linutronix.de, linux-kernel@vger.kernel.org, peterz@infradead.org, syzkaller-bugs@googlegroups.com, Eric Biederman , Oleg Nesterov Subject: Re: [PATCH V2] signal/posixtimers: Handle ignore/blocked sequences correctly Message-ID: References: <6761b16e.050a0220.29fcd0.006d.GAE@google.com> <87ikrf78xa.ffs@tglx> <87cyhm7azk.ffs@tglx> <87a5cq7639.ffs@tglx> <87ikqhcnjn.ffs@tglx> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <87ikqhcnjn.ffs@tglx> Le Tue, Jan 14, 2025 at 06:28:44PM +0100, Thomas Gleixner a écrit : > syzbot triggered the warning in posixtimer_send_sigqueue(), which warns > about a non-ignored signal being already queued on the ignored list. > > The warning is actually bogus, as the following sequence causes this: > > signal($SIG, SIGIGN); > timer_settime(...); // arm periodic timer > > timer fires, signal is ignored and queued on ignored list > > sigprocmask(SIG_BLOCK, ...); // block the signal > timer_settime(...); // re-arm periodic timer > > timer fires, signal is not ignored because it is blocked > ---> Warning triggers as signal is on the ignored list > > Ideally timer_settime() could remove the signal, but that's racy and > incomplete vs. other scenarios and requires a full reevaluation of the > pending signal list. > > Instead of adding more complexity, handle it gracefully by removing the > warning and requeueing the signal to the pending list. That's correct > versus: > > 1) sig[timed]wait() as that does not check for SIGIGN and only relies on > dequeue_signal() -> posixtimers_deliver_signal() to check whether the > pending signal is still valid. > > 2) Unblocking of the signal. > > - If the unblocking happens before SIGIGN is replaced by a signal > handler, then the timer is rearmed in dequeue_signal(), but > get_signal() will ignore it. The next timer expiry will move it back > to the ignored list. > > - If SIGIGN was replaced before unblocking, then the signal will be > delivered and a subsequent expiry will queue a signal on the pending > list again. > > There is a related scenario to trigger the complementary warning in the > signal ignored path, which does not expect the signal to be on the pending > list when it is ignored. That can be triggered even before the above change > via: > > task1 task2 > > signal($SIG, SIGIGN); > sigprocmask(SIG_BLOCK, ...); > > timer_create(); // Signal target is task2 > timer_settime(...); // arm periodic timer > > timer fires, signal is not ignored because it is blocked > and queued on the pending list of task2 > > syscall() > // Sets the pending flag > sigprocmask(SIG_UNBLOCK, ...); > > -> preemption, task2 cannot dequeue the signal > > timer_settime(...); // re-arm periodic timer > > timer fires, signal is ignored > ---> Warning triggers as signal is on task2's pending list > and the thread group is not exiting > > Consequently, remove that warning too and just keep the signal on the > pending list. > > The following attempt to deliver the signal on return to user space of > task2 will ignore the signal and a subsequent expiry will bring it back to > the ignored list, if it did not get blocked or un-ignored before that. > > Fixes: df7a996b4dab ("signal: Queue ignored posixtimers on ignore list") > Reported-by: syzbot+3c2e3cc60665d71de2f7@syzkaller.appspotmail.com > Signed-off-by: Thomas Gleixner Reviewed-by: Frederic Weisbecker