| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aBnwt9cbww5R6TnN@redhat.com>
Date: Tue, 6 May 2025 13:21:27 +0200
From: Oleg Nesterov <oleg@...hat.com>
To: Sasha Levin <sashal@...nel.org>
Cc: linux-kernel@...r.kernel.org, stable@...r.kernel.org,
Frederic Weisbecker <frederic@...nel.org>,
Christian Brauner <brauner@...nel.org>, akpm@...ux-foundation.org,
mhocko@...e.com, Liam.Howlett@...cle.com, mjguzik@...il.com,
pasha.tatashin@...een.com, alexjlzheng@...cent.com
Subject: Re: [PATCH AUTOSEL 5.4 66/79] exit: change the release_task() paths
to call flush_sigqueue() lockless
I'm on PTO until May 15, can't read the code.
Did you verify that 5.14 has all the necessary "recent" posixtimer changes?
Oleg.
On 05/05, Sasha Levin wrote:
>
> From: Oleg Nesterov <oleg@...hat.com>
>
> [ Upstream commit fb3bbcfe344e64a46574a638b051ffd78762c12d ]
>
> A task can block a signal, accumulate up to RLIMIT_SIGPENDING sigqueues,
> and exit. In this case __exit_signal()->flush_sigqueue() called with irqs
> disabled can trigger a hard lockup, see
> https://lore.kernel.org/all/20190322114917.GC28876@redhat.com/
>
> Fortunately, after the recent posixtimer changes sys_timer_delete() paths
> no longer try to clear SIGQUEUE_PREALLOC and/or free tmr->sigq, and after
> the exiting task passes __exit_signal() lock_task_sighand() can't succeed
> and pid_task(tmr->it_pid) will return NULL.
>
> This means that after __exit_signal(tsk) nobody can play with tsk->pending
> or (if group_dead) with tsk->signal->shared_pending, so release_task() can
> safely call flush_sigqueue() after write_unlock_irq(&tasklist_lock).
>
> TODO:
> - we can probably shift posix_cpu_timers_exit() as well
> - do_sigaction() can hit the similar problem
>
> Signed-off-by: Oleg Nesterov <oleg@...hat.com>
> Link: https://lore.kernel.org/r/20250206152314.GA14620@redhat.com
> Reviewed-by: Frederic Weisbecker <frederic@...nel.org>
> Signed-off-by: Christian Brauner <brauner@...nel.org>
> Signed-off-by: Sasha Levin <sashal@...nel.org>
> ---
> kernel/exit.c | 19 +++++++++++--------
> 1 file changed, 11 insertions(+), 8 deletions(-)
>
> diff --git a/kernel/exit.c b/kernel/exit.c
> index 5015ecdda6d95..69deb2901ec55 100644
> --- a/kernel/exit.c
> +++ b/kernel/exit.c
> @@ -204,20 +204,13 @@ static void __exit_signal(struct task_struct *tsk)
> __unhash_process(tsk, group_dead);
> write_sequnlock(&sig->stats_lock);
>
> - /*
> - * Do this under ->siglock, we can race with another thread
> - * doing sigqueue_free() if we have SIGQUEUE_PREALLOC signals.
> - */
> - flush_sigqueue(&tsk->pending);
> tsk->sighand = NULL;
> spin_unlock(&sighand->siglock);
>
> __cleanup_sighand(sighand);
> clear_tsk_thread_flag(tsk, TIF_SIGPENDING);
> - if (group_dead) {
> - flush_sigqueue(&sig->shared_pending);
> + if (group_dead)
> tty_kref_put(tty);
> - }
> }
>
> static void delayed_put_task_struct(struct rcu_head *rhp)
> @@ -277,6 +270,16 @@ void release_task(struct task_struct *p)
>
> write_unlock_irq(&tasklist_lock);
> release_thread(p);
> + /*
> + * This task was already removed from the process/thread/pid lists
> + * and lock_task_sighand(p) can't succeed. Nobody else can touch
> + * ->pending or, if group dead, signal->shared_pending. We can call
> + * flush_sigqueue() lockless.
> + */
> + flush_sigqueue(&p->pending);
> + if (thread_group_leader(p))
> + flush_sigqueue(&p->signal->shared_pending);
> +
> put_task_struct_rcu_user(p);
>
> p = leader;
> --
> 2.39.5
>
Powered by blists - more mailing lists