io_uring can asynchronously add a task_work while the task is getting freezed. TIF_NOTIFY_SIGNAL will prevent the task from sleeping in do_freezer_trap(), and since the get_signal()'s relock loop doesn't retry task_work, the task will spin there not being able to sleep until the freezing is cancelled / the task is killed / etc. Cc: stable@xxxxxxxxxxxxxxx Link: https://github.com/systemd/systemd/issues/33626 Fixes: 3146cba99aa28 ("io-wq: make worker creation resilient against signals") Reported-by: Julian Orth <ju.orth@xxxxxxxxx> Signed-off-by: Pavel Begunkov <asml.silence@xxxxxxxxx> --- kernel/signal.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/kernel/signal.c b/kernel/signal.c index 1f9dd41c04be..790d60fcfff0 100644 --- a/kernel/signal.c +++ b/kernel/signal.c @@ -2694,6 +2694,10 @@ bool get_signal(struct ksignal *ksig) try_to_freeze(); relock: + clear_notify_signal(); + if (unlikely(task_work_pending(current))) + task_work_run(); + spin_lock_irq(&sighand->siglock); /* -- 2.44.0
