In preparation for handling ignored posix timer signals correctly and
embedding the sigqueue struct into struct k_itimer, hand down a pointer to
the sigqueue struct into posix_timer_deliver_signal() instead of just
having a boolean flag.
No functional change.
Suggested-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
---
V5: New patch
---
include/linux/posix-timers.h | 5 +++--
kernel/signal.c | 24 ++++++++++++------------
kernel/time/posix-timers.c | 2 +-
3 files changed, 16 insertions(+), 15 deletions(-)
--- a/include/linux/posix-timers.h
+++ b/include/linux/posix-timers.h
@@ -110,7 +110,7 @@ static inline void posix_cputimers_rt_wa
void posixtimer_rearm_itimer(struct task_struct *p);
bool posixtimer_init_sigqueue(struct sigqueue *q);
int posixtimer_send_sigqueue(struct k_itimer *tmr);
-bool posixtimer_deliver_signal(struct kernel_siginfo *info);
+bool posixtimer_deliver_signal(struct kernel_siginfo *info, struct sigqueue *timer_sigq);
void posixtimer_free_timer(struct k_itimer *timer);
/* Init task static initializer */
@@ -135,7 +135,8 @@ static inline void posix_cputimers_init(
static inline void posix_cputimers_group_init(struct posix_cputimers *pct,
u64 cpu_limit) { }
static inline void posixtimer_rearm_itimer(struct task_struct *p) { }
-static inline bool posixtimer_deliver_signal(struct kernel_siginfo *info) { return false; }
+static inline bool posixtimer_deliver_signal(struct kernel_siginfo *info,
+ struct sigqueue *timer_sigq) { return false; }
static inline void posixtimer_free_timer(struct k_itimer *timer) { }
#endif
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -545,7 +545,7 @@ bool unhandled_signal(struct task_struct
}
static void collect_signal(int sig, struct sigpending *list, kernel_siginfo_t *info,
- bool *resched_timer)
+ struct sigqueue **timer_sigq)
{
struct sigqueue *q, *first = NULL;
@@ -568,10 +568,10 @@ static void collect_signal(int sig, stru
list_del_init(&first->list);
copy_siginfo(info, &first->info);
- *resched_timer = (first->flags & SIGQUEUE_PREALLOC) &&
- (info->si_code == SI_TIMER);
-
- __sigqueue_free(first);
+ if (unlikely((first->flags & SIGQUEUE_PREALLOC) && (info->si_code == SI_TIMER)))
+ *timer_sigq = first;
+ else
+ __sigqueue_free(first);
} else {
/*
* Ok, it wasn't in the queue. This must be
@@ -588,12 +588,12 @@ static void collect_signal(int sig, stru
}
static int __dequeue_signal(struct sigpending *pending, sigset_t *mask,
- kernel_siginfo_t *info, bool *resched_timer)
+ kernel_siginfo_t *info, struct sigqueue **timer_sigq)
{
int sig = next_signal(pending, mask);
if (sig)
- collect_signal(sig, pending, info, resched_timer);
+ collect_signal(sig, pending, info, timer_sigq);
return sig;
}
@@ -604,19 +604,19 @@ static int __dequeue_signal(struct sigpe
*/
int dequeue_signal(sigset_t *mask, kernel_siginfo_t *info, enum pid_type *type)
{
+ struct sigqueue *timer_sigq = NULL;
struct task_struct *tsk = current;
- bool resched_timer = false;
int signr;
lockdep_assert_held(&tsk->sighand->siglock);
again:
*type = PIDTYPE_PID;
- signr = __dequeue_signal(&tsk->pending, mask, info, &resched_timer);
+ signr = __dequeue_signal(&tsk->pending, mask, info, &timer_sigq);
if (!signr) {
*type = PIDTYPE_TGID;
signr = __dequeue_signal(&tsk->signal->shared_pending,
- mask, info, &resched_timer);
+ mask, info, &timer_sigq);
if (unlikely(signr == SIGALRM))
posixtimer_rearm_itimer(tsk);
@@ -642,8 +642,8 @@ int dequeue_signal(sigset_t *mask, kerne
current->jobctl |= JOBCTL_STOP_DEQUEUED;
}
- if (IS_ENABLED(CONFIG_POSIX_TIMERS) && unlikely(resched_timer)) {
- if (!posixtimer_deliver_signal(info))
+ if (IS_ENABLED(CONFIG_POSIX_TIMERS) && unlikely(timer_sigq)) {
+ if (!posixtimer_deliver_signal(info, timer_sigq))
goto again;
}
--- a/kernel/time/posix-timers.c
+++ b/kernel/time/posix-timers.c
@@ -253,7 +253,7 @@ static void common_hrtimer_rearm(struct
* This function is called from the signal delivery code. It decides
* whether the signal should be dropped and rearms interval timers.
*/
-bool posixtimer_deliver_signal(struct kernel_siginfo *info)
+bool posixtimer_deliver_signal(struct kernel_siginfo *info, struct sigqueue *timer_sigq)
{
struct k_itimer *timr;
unsigned long flags;Le Tue, Oct 01, 2024 at 10:42:21AM +0200, Thomas Gleixner a écrit :
> @@ -604,19 +604,19 @@ static int __dequeue_signal(struct sigpe
> */
> int dequeue_signal(sigset_t *mask, kernel_siginfo_t *info, enum pid_type *type)
> {
> + struct sigqueue *timer_sigq = NULL;
> struct task_struct *tsk = current;
> - bool resched_timer = false;
> int signr;
>
> lockdep_assert_held(&tsk->sighand->siglock);
>
> again:
> *type = PIDTYPE_PID;
> - signr = __dequeue_signal(&tsk->pending, mask, info, &resched_timer);
> + signr = __dequeue_signal(&tsk->pending, mask, info, &timer_sigq);
> if (!signr) {
> *type = PIDTYPE_TGID;
> signr = __dequeue_signal(&tsk->signal->shared_pending,
> - mask, info, &resched_timer);
> + mask, info, &timer_sigq);
>
> if (unlikely(signr == SIGALRM))
> posixtimer_rearm_itimer(tsk);
> @@ -642,8 +642,8 @@ int dequeue_signal(sigset_t *mask, kerne
> current->jobctl |= JOBCTL_STOP_DEQUEUED;
> }
>
> - if (IS_ENABLED(CONFIG_POSIX_TIMERS) && unlikely(resched_timer)) {
> - if (!posixtimer_deliver_signal(info))
> + if (IS_ENABLED(CONFIG_POSIX_TIMERS) && unlikely(timer_sigq)) {
> + if (!posixtimer_deliver_signal(info, timer_sigq))
> goto again;
If the signal has been refused, it goes goto again without clearing timer_sigq.
With the upcoming patch it becomes bad because if there is another signal
dequeued on the next iteration, posixtimer_deliver_signal() is called again with
two side effects:
_ The reference is put twice
_ The other dequeued signal is now ignored.
Thanks.
On Tue, Oct 29 2024 at 17:04, Frederic Weisbecker wrote:
> Le Tue, Oct 01, 2024 at 10:42:21AM +0200, Thomas Gleixner a écrit :
>> @@ -604,19 +604,19 @@ static int __dequeue_signal(struct sigpe
>> */
>> int dequeue_signal(sigset_t *mask, kernel_siginfo_t *info, enum pid_type *type)
>> {
>> + struct sigqueue *timer_sigq = NULL;
>> struct task_struct *tsk = current;
>> - bool resched_timer = false;
>> int signr;
>>
>> lockdep_assert_held(&tsk->sighand->siglock);
>>
>> again:
>> *type = PIDTYPE_PID;
>> - signr = __dequeue_signal(&tsk->pending, mask, info, &resched_timer);
>> + signr = __dequeue_signal(&tsk->pending, mask, info, &timer_sigq);
>> if (!signr) {
>> *type = PIDTYPE_TGID;
>> signr = __dequeue_signal(&tsk->signal->shared_pending,
>> - mask, info, &resched_timer);
>> + mask, info, &timer_sigq);
>>
>> if (unlikely(signr == SIGALRM))
>> posixtimer_rearm_itimer(tsk);
>> @@ -642,8 +642,8 @@ int dequeue_signal(sigset_t *mask, kerne
>> current->jobctl |= JOBCTL_STOP_DEQUEUED;
>> }
>>
>> - if (IS_ENABLED(CONFIG_POSIX_TIMERS) && unlikely(resched_timer)) {
>> - if (!posixtimer_deliver_signal(info))
>> + if (IS_ENABLED(CONFIG_POSIX_TIMERS) && unlikely(timer_sigq)) {
>> + if (!posixtimer_deliver_signal(info, timer_sigq))
>> goto again;
>
> If the signal has been refused, it goes goto again without clearing
> timer_sigq.
That's right. timer_sigq needs to be set to NULL after again:
Good catch!
Thanks,
tglx
Le Tue, Oct 01, 2024 at 10:42:21AM +0200, Thomas Gleixner a écrit :
> In preparation for handling ignored posix timer signals correctly and
> embedding the sigqueue struct into struct k_itimer, hand down a pointer to
> the sigqueue struct into posix_timer_deliver_signal() instead of just
> having a boolean flag.
>
> No functional change.
>
> Suggested-by: Eric W. Biederman <ebiederm@xmission.com>
> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
On second thoughts, a little concern:
> ---
> V5: New patch
> ---
> include/linux/posix-timers.h | 5 +++--
> kernel/signal.c | 24 ++++++++++++------------
> kernel/time/posix-timers.c | 2 +-
> 3 files changed, 16 insertions(+), 15 deletions(-)
>
> --- a/include/linux/posix-timers.h
> +++ b/include/linux/posix-timers.h
> @@ -110,7 +110,7 @@ static inline void posix_cputimers_rt_wa
> void posixtimer_rearm_itimer(struct task_struct *p);
> bool posixtimer_init_sigqueue(struct sigqueue *q);
> int posixtimer_send_sigqueue(struct k_itimer *tmr);
> -bool posixtimer_deliver_signal(struct kernel_siginfo *info);
> +bool posixtimer_deliver_signal(struct kernel_siginfo *info, struct sigqueue *timer_sigq);
> void posixtimer_free_timer(struct k_itimer *timer);
>
> /* Init task static initializer */
> @@ -135,7 +135,8 @@ static inline void posix_cputimers_init(
> static inline void posix_cputimers_group_init(struct posix_cputimers *pct,
> u64 cpu_limit) { }
> static inline void posixtimer_rearm_itimer(struct task_struct *p) { }
> -static inline bool posixtimer_deliver_signal(struct kernel_siginfo *info) { return false; }
> +static inline bool posixtimer_deliver_signal(struct kernel_siginfo *info,
> + struct sigqueue *timer_sigq) { return false; }
> static inline void posixtimer_free_timer(struct k_itimer *timer) { }
> #endif
>
> --- a/kernel/signal.c
> +++ b/kernel/signal.c
> @@ -545,7 +545,7 @@ bool unhandled_signal(struct task_struct
> }
>
> static void collect_signal(int sig, struct sigpending *list, kernel_siginfo_t *info,
> - bool *resched_timer)
> + struct sigqueue **timer_sigq)
> {
> struct sigqueue *q, *first = NULL;
>
> @@ -568,10 +568,10 @@ static void collect_signal(int sig, stru
> list_del_init(&first->list);
> copy_siginfo(info, &first->info);
>
> - *resched_timer = (first->flags & SIGQUEUE_PREALLOC) &&
> - (info->si_code == SI_TIMER);
> -
> - __sigqueue_free(first);
> + if (unlikely((first->flags & SIGQUEUE_PREALLOC) && (info->si_code == SI_TIMER)))
> + *timer_sigq = first;
> + else
> + __sigqueue_free(first);
So this isn't calling __sigqueue_free() unconditionally anymore. What if
the timer has been freed already, what is going to free the sigqueue?
Thanks.
On Tue, Oct 29 2024 at 16:56, Frederic Weisbecker wrote:
>> @@ -568,10 +568,10 @@ static void collect_signal(int sig, stru
>> list_del_init(&first->list);
>> copy_siginfo(info, &first->info);
>>
>> - *resched_timer = (first->flags & SIGQUEUE_PREALLOC) &&
>> - (info->si_code == SI_TIMER);
>> -
>> - __sigqueue_free(first);
>> + if (unlikely((first->flags & SIGQUEUE_PREALLOC) && (info->si_code == SI_TIMER)))
>> + *timer_sigq = first;
>> + else
>> + __sigqueue_free(first);
>
> So this isn't calling __sigqueue_free() unconditionally anymore. What if
> the timer has been freed already, what is going to free the sigqueue?
__sigqueue_free() does not free timers marked with SIGQUEUE_PREALLOC.
sigqueue_free() takes care of that, which is invoked from
posixtimer_free_timer(). It clears SIGQUEUE_PREALLOC and if it is queued
it lets it pending and delivery will free it.
That's not any different from before this change.
Though thinking more about it. As we drop the signal in that case
anyway, we could remove it from pending in sigqueue_free() directly. Let
me look into that.
Thanks,
tglx
On Tue, Oct 29 2024 at 17:22, Thomas Gleixner wrote:
> On Tue, Oct 29 2024 at 16:56, Frederic Weisbecker wrote:
>>> @@ -568,10 +568,10 @@ static void collect_signal(int sig, stru
>>> list_del_init(&first->list);
>>> copy_siginfo(info, &first->info);
>>>
>>> - *resched_timer = (first->flags & SIGQUEUE_PREALLOC) &&
>>> - (info->si_code == SI_TIMER);
>>> -
>>> - __sigqueue_free(first);
>>> + if (unlikely((first->flags & SIGQUEUE_PREALLOC) && (info->si_code == SI_TIMER)))
>>> + *timer_sigq = first;
>>> + else
>>> + __sigqueue_free(first);
>>
>> So this isn't calling __sigqueue_free() unconditionally anymore. What if
>> the timer has been freed already, what is going to free the sigqueue?
>
> __sigqueue_free() does not free timers marked with SIGQUEUE_PREALLOC.
>
> sigqueue_free() takes care of that, which is invoked from
> posixtimer_free_timer(). It clears SIGQUEUE_PREALLOC and if it is queued
> it lets it pending and delivery will free it.
>
> That's not any different from before this change.
>
> Though thinking more about it. As we drop the signal in that case
> anyway, we could remove it from pending in sigqueue_free() directly. Let
> me look into that.
Hrm. That requires to do partially what collect_signal() does to keep
the sigset correct. I'm not sure it's worth the trouble.
With the subsequent changes which embed the sigqueue into the timer
itself, the current flow is simple as it has just one place where it
drops the reference count which was acquired when queueing the timer,
i.e. in the delivery path.
Thanks,
tglx
Le Tue, Oct 29, 2024 at 05:22:17PM +0100, Thomas Gleixner a écrit : > On Tue, Oct 29 2024 at 16:56, Frederic Weisbecker wrote: > >> @@ -568,10 +568,10 @@ static void collect_signal(int sig, stru > >> list_del_init(&first->list); > >> copy_siginfo(info, &first->info); > >> > >> - *resched_timer = (first->flags & SIGQUEUE_PREALLOC) && > >> - (info->si_code == SI_TIMER); > >> - > >> - __sigqueue_free(first); > >> + if (unlikely((first->flags & SIGQUEUE_PREALLOC) && (info->si_code == SI_TIMER))) > >> + *timer_sigq = first; > >> + else > >> + __sigqueue_free(first); > > > > So this isn't calling __sigqueue_free() unconditionally anymore. What if > > the timer has been freed already, what is going to free the sigqueue? > > __sigqueue_free() does not free timers marked with SIGQUEUE_PREALLOC. > > sigqueue_free() takes care of that, which is invoked from > posixtimer_free_timer(). It clears SIGQUEUE_PREALLOC and if it is queued > it lets it pending and delivery will free it. But the delivery freeing used to be done with the __sigqueue_free() above, which doesn't happen anymore, right? > > That's not any different from before this change. > > Though thinking more about it. As we drop the signal in that case > anyway, we could remove it from pending in sigqueue_free() directly. Let > me look into that. Ok. Thanks. > > Thanks, > > tglx
On Tue, Oct 29 2024 at 17:34, Frederic Weisbecker wrote:
> Le Tue, Oct 29, 2024 at 05:22:17PM +0100, Thomas Gleixner a écrit :
>> On Tue, Oct 29 2024 at 16:56, Frederic Weisbecker wrote:
>> >> @@ -568,10 +568,10 @@ static void collect_signal(int sig, stru
>> >> list_del_init(&first->list);
>> >> copy_siginfo(info, &first->info);
>> >>
>> >> - *resched_timer = (first->flags & SIGQUEUE_PREALLOC) &&
>> >> - (info->si_code == SI_TIMER);
>> >> -
>> >> - __sigqueue_free(first);
>> >> + if (unlikely((first->flags & SIGQUEUE_PREALLOC) && (info->si_code == SI_TIMER)))
>> >> + *timer_sigq = first;
>> >> + else
>> >> + __sigqueue_free(first);
>> >
>> > So this isn't calling __sigqueue_free() unconditionally anymore. What if
>> > the timer has been freed already, what is going to free the sigqueue?
>>
>> __sigqueue_free() does not free timers marked with SIGQUEUE_PREALLOC.
>>
>> sigqueue_free() takes care of that, which is invoked from
>> posixtimer_free_timer(). It clears SIGQUEUE_PREALLOC and if it is queued
>> it lets it pending and delivery will free it.
>
> But the delivery freeing used to be done with the __sigqueue_free()
> above, which doesn't happen anymore, right?
It still happens because SIGQUEUE_PREALLOC is cleared in sigqueue_free()
__sigqueue_free() has
if (q->flags & PREALLOC)
return;
So the old code called __sigqueue_free() unconditionally which just
returned. But now we have a condition to that effect already, so why
call into __sigqueue_free() for nothing?
Let me add a comment.
Thanks,
tglx
Le Tue, Oct 29, 2024 at 05:55:38PM +0100, Thomas Gleixner a écrit : > On Tue, Oct 29 2024 at 17:34, Frederic Weisbecker wrote: > > > Le Tue, Oct 29, 2024 at 05:22:17PM +0100, Thomas Gleixner a écrit : > >> On Tue, Oct 29 2024 at 16:56, Frederic Weisbecker wrote: > >> >> @@ -568,10 +568,10 @@ static void collect_signal(int sig, stru > >> >> list_del_init(&first->list); > >> >> copy_siginfo(info, &first->info); > >> >> > >> >> - *resched_timer = (first->flags & SIGQUEUE_PREALLOC) && > >> >> - (info->si_code == SI_TIMER); > >> >> - > >> >> - __sigqueue_free(first); > >> >> + if (unlikely((first->flags & SIGQUEUE_PREALLOC) && (info->si_code == SI_TIMER))) > >> >> + *timer_sigq = first; > >> >> + else > >> >> + __sigqueue_free(first); > >> > > >> > So this isn't calling __sigqueue_free() unconditionally anymore. What if > >> > the timer has been freed already, what is going to free the sigqueue? > >> > >> __sigqueue_free() does not free timers marked with SIGQUEUE_PREALLOC. > >> > >> sigqueue_free() takes care of that, which is invoked from > >> posixtimer_free_timer(). It clears SIGQUEUE_PREALLOC and if it is queued > >> it lets it pending and delivery will free it. > > > > But the delivery freeing used to be done with the __sigqueue_free() > > above, which doesn't happen anymore, right? > > It still happens because SIGQUEUE_PREALLOC is cleared in sigqueue_free() > > __sigqueue_free() has > if (q->flags & PREALLOC) > return; > > So the old code called __sigqueue_free() unconditionally which just > returned. But now we have a condition to that effect already, so why > call into __sigqueue_free() for nothing? 1) Signal is queued 2) Timer is deleted, sigqueue() clears SIGQUEUE_PREALLOC but doesn't go further because the sigqueue is queued 3) Signal is collected and delivered but it's not calling __sigqueue_free() so the sigqueue is not released. This is "fixed" on the subsequent patch which uses embedded sigqueue and rcuref but this patch alone breaks. Or am I missing something that prevents it? Thanks.
On Tue, Oct 29 2024 at 18:55, Frederic Weisbecker wrote:
> Le Tue, Oct 29, 2024 at 05:55:38PM +0100, Thomas Gleixner a écrit :
>> It still happens because SIGQUEUE_PREALLOC is cleared in sigqueue_free()
>>
>> __sigqueue_free() has
>> if (q->flags & PREALLOC)
>> return;
>>
>> So the old code called __sigqueue_free() unconditionally which just
>> returned. But now we have a condition to that effect already, so why
>> call into __sigqueue_free() for nothing?
>
> 1) Signal is queued
> 2) Timer is deleted, sigqueue() clears SIGQUEUE_PREALLOC but doesn't go
> further because the sigqueue is queued
> 3) Signal is collected and delivered but it's not calling __sigqueue_free()
> so the sigqueue is not released.
>
> This is "fixed" on the subsequent patch which uses embedded sigqueue and
> rcuref but this patch alone breaks.
>
> Or am I missing something that prevents it?
Again:
> 1) Signal is queued
> 2) Timer is deleted, sigqueue() clears SIGQUEUE_PREALLOC but doesn't go
> further because the sigqueue is queued
3)
void collect_signal(..)
if (unlikely((first->flags & SIGQUEUE_PREALLOC) && (info->si_code == SI_TIMER)))
*timer_sigq = first; // Path NOT taken because SIGQUEUE_PREALLOC is not set
else
__sigqueue_free(first); // Path taken and frees it
No?
Thanks,
tglx
Le Tue, Oct 29, 2024 at 08:16:27PM +0100, Thomas Gleixner a écrit : > On Tue, Oct 29 2024 at 18:55, Frederic Weisbecker wrote: > > Le Tue, Oct 29, 2024 at 05:55:38PM +0100, Thomas Gleixner a écrit : > >> It still happens because SIGQUEUE_PREALLOC is cleared in sigqueue_free() > >> > >> __sigqueue_free() has > >> if (q->flags & PREALLOC) > >> return; > >> > >> So the old code called __sigqueue_free() unconditionally which just > >> returned. But now we have a condition to that effect already, so why > >> call into __sigqueue_free() for nothing? > > > > 1) Signal is queued > > 2) Timer is deleted, sigqueue() clears SIGQUEUE_PREALLOC but doesn't go > > further because the sigqueue is queued > > 3) Signal is collected and delivered but it's not calling __sigqueue_free() > > so the sigqueue is not released. > > > > This is "fixed" on the subsequent patch which uses embedded sigqueue and > > rcuref but this patch alone breaks. > > > > Or am I missing something that prevents it? > > Again: > > > 1) Signal is queued > > 2) Timer is deleted, sigqueue() clears SIGQUEUE_PREALLOC but doesn't go > > further because the sigqueue is queued > > 3) > > void collect_signal(..) > > if (unlikely((first->flags & SIGQUEUE_PREALLOC) && (info->si_code == SI_TIMER))) > *timer_sigq = first; // Path NOT taken because SIGQUEUE_PREALLOC is not set > else > __sigqueue_free(first); // Path taken and frees it > > No? Duh! Yes of course... Thanks. > > Thanks, > > tglx
Le Tue, Oct 01, 2024 at 10:42:21AM +0200, Thomas Gleixner a écrit : > In preparation for handling ignored posix timer signals correctly and > embedding the sigqueue struct into struct k_itimer, hand down a pointer to > the sigqueue struct into posix_timer_deliver_signal() instead of just > having a boolean flag. > > No functional change. > > Suggested-by: Eric W. Biederman <ebiederm@xmission.com> > Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Frederic Weisbecker <frederic@kernel.org>
© 2016 - 2024 Red Hat, Inc.