Re: [PATCH 01/17] signal: Make SIGKILL during coredumps an explicit special case

From: Eric W. Biederman
Date: Wed Jun 19 2024 - 14:11:10 EST


Oleg Nesterov <oleg@xxxxxxxxxx> writes:

> Hi Eric,
>
> I'll _try_ to read this (nontrivial) changes this week. To be honest,
> right now I don't really understand your goals after the quick glance...
>
> So far I have only looked at this simple 1/17 and it doesn't look right
> to me.

It might be worth applying them all on a branch and just looking at the
end result.

The interactions between all of the ways a process can exit wind up
being different, but being clean.

> On 06/18, Eric W. Biederman wrote:
>>
>> --- a/kernel/signal.c
>> +++ b/kernel/signal.c
>> @@ -907,8 +907,12 @@ static bool prepare_signal(int sig, struct task_struct *p, bool force)
>> sigset_t flush;
>>
>> if (signal->flags & SIGNAL_GROUP_EXIT) {
>> - if (signal->core_state)
>> - return sig == SIGKILL;
>> + if (signal->core_state && (sig == SIGKILL)) {
>> + struct task_struct *dumper =
>> + signal->core_state->dumper.task;
>> + sigaddset(&dumper->pending.signal, SIGKILL);
>> + signal_wake_up(dumper, 1);
>> + }
>
> and after that it returns false so __send_signal_locked/send_sigqueue simply
> return. This means:
>
> - the caller will wrongly report TRACE_SIGNAL_IGNORED

Fair.

>
> - complete_signal() won't be called, so signal->group_exit_code
> won't be updated.
>
> coredump_finish() won't change it too so the process will exit
> with group_exit_code == signr /* coredumping signal */.
>
> Yes, the fix is obvious and trivial...

The signal handling from the coredump is arguably correct. The process
has already exited, and gotten an exit code.

But I really don't care about the exit_code either way. I just want to
make ``killing'' a dead process while it core dumps independent of
complete_signal.

That ``killing'' of a dead process is a completely special case.

Eric