[PATCH 2/2] coredump: Allow coredumps to pipes to work with io_uring

From: Eric W. Biederman
Date: Wed Jul 20 2022 - 12:51:49 EST

Next message: Krzysztof Kozlowski: "Re: [PATCH] arm64: dts: qcom: Add SKU6 for sc7180-trogdor-pazquel-lte-parade"
Previous message: Bart Van Assche: "Re: [PATCH v2 2/2] scsi: sd: Rework asynchronous resume support"
In reply to: Eric W. Biederman: "[PATCH 1/2] signal: Move stopping for the coredump from do_exit into get_signal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Now that io_uring like everything else stops for coredumps in
get_signal the code can once again allow any interruptible
condition after coredump_wait to interrupt the coredump.

Clear TIF_NOTIFY_SIGNAL after coredump_wait, to guarantee that
anything that sets TIF_NOTIFY_SIGNAL before coredump_wait completed
won't cause the coredumps to interrupted.

With all of the other threads in the process stopped io_uring doesn't
call task_work_add on the thread running do_coredump. Combined with
the clearing of TIF_NOTIFY_SIGNAL this allows processes that use
io_uring to coredump through pipes.

Restore dump_interrupted to be a simple call to signal_pending
effectively reverting commit 06af8679449d ("coredump: Limit what can
interrupt coredumps"). At this point only SIGKILL delivered to the
coredumping thread should be able to cause signal_pending to return
true.

A nice followup would be to find a reliable race free way to modify
task_work_add and probably set_notify_signal to skip setting
TIF_NOTIFY_SIGNAL once it is clear a task will no longer process
signals and other interruptible conditions. That would allow
TIF_NOTIFY_SIGNAL to be cleared where TIF_SIGPENDING is cleared in
coredump_zap_process.

To be as certain as possible that this works, I tested this with
commit 1d5f5ea7cb7d ("io-wq: remove worker to owner tw dependency")
reverted. Which means that not only is TIF_NOTIFY_SIGNAL prevented
from stopping coredumps to pipes, the sequence of stopping threads to
participate in the coredump avoids deadlocks that were possible
previously.

Signed-off-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
---
fs/coredump.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fs/coredump.c b/fs/coredump.c
index 67dda77c500f..c06594f56cbb 100644
--- a/fs/coredump.c
+++ b/fs/coredump.c
@@ -476,7 +476,7 @@ static bool dump_interrupted(void)
* but then we need to teach dump_write() to restart and clear
* TIF_SIGPENDING.
*/
- return fatal_signal_pending(current) || freezing(current);
+ return signal_pending(current);
}

static void wait_for_dump_helpers(struct file *file)
@@ -589,6 +589,9 @@ void do_coredump(const kernel_siginfo_t *siginfo)

old_cred = override_creds(cred);

+ /* Don't break out of interruptible sleeps */
+ clear_notify_signal();
+
ispipe = format_corename(&cn, &cprm, &argv, &argc);

if (ispipe) {
--
2.35.3

Next message: Krzysztof Kozlowski: "Re: [PATCH] arm64: dts: qcom: Add SKU6 for sc7180-trogdor-pazquel-lte-parade"
Previous message: Bart Van Assche: "Re: [PATCH v2 2/2] scsi: sd: Rework asynchronous resume support"
In reply to: Eric W. Biederman: "[PATCH 1/2] signal: Move stopping for the coredump from do_exit into get_signal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]