Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx> writes:
> On Tue, Jun 30, 2020 at 07:29:34AM -0500, Eric W. Biederman wrote:
>>
>> diff --git a/net/bpfilter/bpfilter_kern.c b/net/bpfilter/bpfilter_kern.c
>> index 91474884ddb7..3e1874030daa 100644
>> --- a/net/bpfilter/bpfilter_kern.c
>> +++ b/net/bpfilter/bpfilter_kern.c
>> @@ -19,8 +19,8 @@ static void shutdown_umh(void)
>> struct pid *tgid = info->tgid;
>>
>> if (tgid) {
>> - kill_pid_info(SIGKILL, SEND_SIG_PRIV, tgid);
>> - wait_event(tgid->wait_pidfd, !pid_task(tgid, PIDTYPE_TGID));
>> + kill_pid(tgid, SIGKILL, 1);
>> + wait_event(tgid->wait_pidfd, !pid_has_task(tgid, PIDTYPE_TGID));
>> bpfilter_umh_cleanup(info);
>> }
>> }
>>
>> > And then did:
>> > while true; do iptables -L;rmmod bpfilter; done
>> >
>> > Unfortunately sometimes 'rmmod bpfilter' hangs in wait_event().
>>
>> Hmm. The wake up happens just of tgid->wait_pidfd happens just before
>> release_task is called so there is a race. As it is possible to wake
>> up and then go back to sleep before pid_has_task becomes false.
>>
>> So I think I need a friendly helper that does:
>>
>> bool task_has_exited(struct pid *tgid)
>> {
>> bool exited = false;
>>
>> rcu_read_lock();
>> tsk = pid_task(tgid, PIDTYPE_TGID);
>> exited = !!tsk;
>> if (tsk) {
>> exited = !!tsk->exit_state;
>> out:
>> rcu_unlock();
>> return exited;
>> }
>
> All makes sense to me.
> If I understood the race condition such helper should indeed solve it.
> Are you going to add such patch to your series?
> I'll proceed with my work on top of your series and will ignore this
> race for now, but I think it should be fixed before we land this set
> into multiple trees.
Yes. I am just finishing it up now.
Eric
