# git rev-parse -q --verify b4b27b9eed8ebdbf9f3046197d29d733c8c944f3^{commit} b4b27b9eed8ebdbf9f3046197d29d733c8c944f3 already have revision, skipping fetch # git checkout -q -f -B kisskb b4b27b9eed8ebdbf9f3046197d29d733c8c944f3 # git clean -qxdf # < git log -1 # commit b4b27b9eed8ebdbf9f3046197d29d733c8c944f3 # Author: Linus Torvalds # Date: Sun Jun 27 13:32:54 2021 -0700 # # Revert "signal: Allow tasks to cache one sigqueue struct" # # This reverts commits 4bad58ebc8bc4f20d89cff95417c9b4674769709 (and # 399f8dd9a866e107639eabd3c1979cd526ca3a98, which tried to fix it). # # I do not believe these are correct, and I'm about to release 5.13, so am # reverting them out of an abundance of caution. # # The locking is odd, and appears broken. # # On the allocation side (in __sigqueue_alloc()), the locking is somewhat # straightforward: it depends on sighand->siglock. Since one caller # doesn't hold that lock, it further then tests 'sigqueue_flags' to avoid # the case with no locks held. # # On the freeing side (in sigqueue_cache_or_free()), there is no locking # at all, and the logic instead depends on 'current' being a single # thread, and not able to race with itself. # # To make things more exciting, there's also the data race between freeing # a signal and allocating one, which is handled by using WRITE_ONCE() and # READ_ONCE(), and being mutually exclusive wrt the initial state (ie # freeing will only free if the old state was NULL, while allocating will # obviously only use the value if it was non-NULL, so only one or the # other will actually act on the value). # # However, while the free->alloc paths do seem mutually exclusive thanks # to just the data value dependency, it's not clear what the memory # ordering constraints are on it. Could writes from the previous # allocation possibly be delayed and seen by the new allocation later, # causing logical inconsistencies? # # So it's all very exciting and unusual. # # And in particular, it seems that the freeing side is incorrect in # depending on "current" being single-threaded. Yes, 'current' is a # single thread, but in the presense of asynchronous events even a single # thread can have data races. # # And such asynchronous events can and do happen, with interrupts causing # signals to be flushed and thus free'd (for example - sending a # SIGCONT/SIGSTOP can happen from interrupt context, and can flush # previously queued process control signals). # # So regardless of all the other questions about the memory ordering and # locking for this new cached allocation, the sigqueue_cache_or_free() # assumptions seem to be fundamentally incorrect. # # It may be that people will show me the errors of my ways, and tell me # why this is all safe after all. We can reinstate it if so. But my # current belief is that the WRITE_ONCE() that sets the cached entry needs # to be a smp_store_release(), and the READ_ONCE() that finds a cached # entry needs to be a smp_load_acquire() to handle memory ordering # correctly. # # And the sequence in sigqueue_cache_or_free() would need to either use a # lock or at least be interrupt-safe some way (perhaps by using something # like the percpu 'cmpxchg': it doesn't need to be SMP-safe, but like the # percpu operations it needs to be interrupt-safe). # # Fixes: 399f8dd9a866 ("signal: Prevent sigqueue caching after task got released") # Fixes: 4bad58ebc8bc ("signal: Allow tasks to cache one sigqueue struct") # Cc: Thomas Gleixner # Cc: Peter Zijlstra # Cc: Oleg Nesterov # Cc: Christian Brauner # Signed-off-by: Linus Torvalds # < /opt/cross/kisskb/korg/gcc-4.9.4-nolibc/powerpc64-linux/bin/powerpc64-linux-gcc --version # < /opt/cross/kisskb/korg/gcc-4.9.4-nolibc/powerpc64-linux/bin/powerpc64-linux-ld --version # < git log --format=%s --max-count=1 b4b27b9eed8ebdbf9f3046197d29d733c8c944f3 # < make -s -j 48 ARCH=powerpc O=/kisskb/build/linus-rand_powerpc-randconfig_powerpc-gcc4.9 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-4.9.4-nolibc/powerpc64-linux/bin/powerpc64-linux- randconfig # Added to kconfig CONFIG_STANDALONE=y # Added to kconfig CONFIG_BUILD_DOCSRC=n # Added to kconfig CONFIG_MODULE_SIG=n # Added to kconfig CONFIG_CPU_BIG_ENDIAN=y # Added to kconfig CONFIG_PPC64=y # Added to kconfig CONFIG_PPC_DISABLE_WERROR=y # Added to kconfig CONFIG_SECTION_MISMATCH_WARN_ONLY=y # Added to kconfig CONFIG_PREVENT_FIRMWARE_BUILD=y # Added to kconfig CONFIG_CC_STACKPROTECTOR_STRONG=n # Added to kconfig CONFIG_GCC_PLUGINS=n # Added to kconfig CONFIG_LD_HEAD_STUB_CATCH=y # Added to kconfig CONFIG_TRIM_UNUSED_KSYMS=n # Added to kconfig CONFIG_UBSAN=n # < make -s -j 48 ARCH=powerpc O=/kisskb/build/linus-rand_powerpc-randconfig_powerpc-gcc4.9 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-4.9.4-nolibc/powerpc64-linux/bin/powerpc64-linux- help # make -s -j 48 ARCH=powerpc O=/kisskb/build/linus-rand_powerpc-randconfig_powerpc-gcc4.9 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-4.9.4-nolibc/powerpc64-linux/bin/powerpc64-linux- olddefconfig .config:5419:warning: override: reassigning to symbol PPC64 .config:5422:warning: override: reassigning to symbol PREVENT_FIRMWARE_BUILD .config:5427:warning: override: reassigning to symbol UBSAN # make -s -j 48 ARCH=powerpc O=/kisskb/build/linus-rand_powerpc-randconfig_powerpc-gcc4.9 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-4.9.4-nolibc/powerpc64-linux/bin/powerpc64-linux- /kisskb/src/fs/jffs2/xattr.c: In function 'jffs2_build_xattr_subsystem': /kisskb/src/fs/jffs2/xattr.c:887:1: warning: the frame size of 1072 bytes is larger than 1024 bytes [-Wframe-larger-than=] } ^ /kisskb/src/fs/btrfs/tree-checker.c: In function 'check_root_item': /kisskb/src/fs/btrfs/tree-checker.c:1071:9: warning: missing braces around initializer [-Wmissing-braces] struct btrfs_root_item ri = { 0 }; ^ /kisskb/src/fs/btrfs/tree-checker.c:1071:9: warning: (near initialization for 'ri.inode') [-Wmissing-braces] /kisskb/src/drivers/media/i2c/imx334.c: In function 'imx334_read_reg': /kisskb/src/drivers/media/i2c/imx334.c:288:9: warning: missing braces around initializer [-Wmissing-braces] struct i2c_msg msgs[2] = {0}; ^ /kisskb/src/drivers/media/i2c/imx334.c:288:9: warning: (near initialization for 'msgs[0]') [-Wmissing-braces] Completed OK # rm -rf /kisskb/build/linus-rand_powerpc-randconfig_powerpc-gcc4.9 # Build took: 0:04:35.510387