On Mon, Dec 13, 2021 at 2:54 PM Eric W. Biederman <ebiederm@xxxxxxxxxxxx> wrote:
>
>
> if (signal->flags & (SIGNAL_GROUP_EXIT | SIGNAL_GROUP_COREDUMP)) {
> - if (!(signal->flags & SIGNAL_GROUP_EXIT))
> - return sig == SIGKILL;
> + struct core_state *core_state = signal->core_state;
> + if (core_state) {
This change is very confusing.
Also, why does it do that 'signal->core_state->dumper.task', when we
already know that it's the same as 'signal->group_exit_task'?
The only thing that sets 'signal->core_state' also sets
'signal->group_exit_task', and the call chain has set both to the same
task.
So the code is odd and makes little sense.
But what's even more odd is how it
(a) sends the SIGKILL to somebody else
(b) does *NOT* send SIGKILL to itself
Now, (a) is explained in the commit message. The intent is to signal
the core dumper.
But (b) looks like a fundamental change in semantics. The target of
the SIGKILL is still running, might be in some loop in the kernel that
wants to be interrupted by a fatal signal, and you expressly disabled
the code that would send that fatal signal.
If I send SIGKILL to thread A, then that SIGKILL had *better* be
delivered. To thread A, which may be in a "mutex_lock_killable()" or
whatever else.
The fact that thread B may be in the process of trying to dump core
doesn't change that at all, as far as I can see.
So I think this patch is fundamentally buggy and wrong. Or at least
needs much more explanation of why you'd not send SIGKILL to the
target thread.
Linus
