From: Greg Kroah-Hartman Date: Fri, 6 Dec 2024 14:31:17 +0000 (+0100) Subject: 6.6-stable patches X-Git-Tag: v6.6.64~3 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=893fad2f70ca5ce50216408ab44baebf95c5e607;p=thirdparty%2Fkernel%2Fstable-queue.git 6.6-stable patches added patches: posix-timers-target-group-sigqueue-to-current-task-only-if-not-exiting.patch --- diff --git a/queue-6.6/posix-timers-target-group-sigqueue-to-current-task-only-if-not-exiting.patch b/queue-6.6/posix-timers-target-group-sigqueue-to-current-task-only-if-not-exiting.patch new file mode 100644 index 00000000000..1af98fc03f5 --- /dev/null +++ b/queue-6.6/posix-timers-target-group-sigqueue-to-current-task-only-if-not-exiting.patch @@ -0,0 +1,70 @@ +From 63dffecfba3eddcf67a8f76d80e0c141f93d44a5 Mon Sep 17 00:00:00 2001 +From: Frederic Weisbecker +Date: Sat, 23 Nov 2024 00:48:11 +0100 +Subject: posix-timers: Target group sigqueue to current task only if not exiting + +From: Frederic Weisbecker + +commit 63dffecfba3eddcf67a8f76d80e0c141f93d44a5 upstream. + +A sigqueue belonging to a posix timer, which target is not a specific +thread but a whole thread group, is preferrably targeted to the current +task if it is part of that thread group. + +However nothing prevents a posix timer event from queueing such a +sigqueue from a reaped yet running task. The interruptible code space +between exit_notify() and the final call to schedule() is enough for +posix_timer_fn() hrtimer to fire. + +If that happens while the current task is part of the thread group +target, it is proposed to handle it but since its sighand pointer may +have been cleared already, the sigqueue is dropped even if there are +other tasks running within the group that could handle it. + +As a result posix timers with thread group wide target may miss signals +when some of their threads are exiting. + +Fix this with verifying that the current task hasn't been through +exit_notify() before proposing it as a preferred target so as to ensure +that its sighand is still here and stable. + +complete_signal() might still reconsider the choice and find a better +target within the group if current has passed retarget_shared_pending() +already. + +Fixes: bcb7ee79029d ("posix-timers: Prefer delivery of signals to the current thread") +Reported-by: Anthony Mallet +Suggested-by: Oleg Nesterov +Signed-off-by: Frederic Weisbecker +Signed-off-by: Thomas Gleixner +Acked-by: Oleg Nesterov +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/all/20241122234811.60455-1-frederic@kernel.org +Closes: https://lore.kernel.org/all/26411.57288.238690.681680@gargle.gargle.HOWL +Signed-off-by: Greg Kroah-Hartman +--- + kernel/signal.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +--- a/kernel/signal.c ++++ b/kernel/signal.c +@@ -1996,14 +1996,15 @@ int send_sigqueue(struct sigqueue *q, st + * into t->pending). + * + * Where type is not PIDTYPE_PID, signals must be delivered to the +- * process. In this case, prefer to deliver to current if it is in +- * the same thread group as the target process, which avoids +- * unnecessarily waking up a potentially idle task. ++ * process. In this case, prefer to deliver to current if it is in the ++ * same thread group as the target process and its sighand is stable, ++ * which avoids unnecessarily waking up a potentially idle task. + */ + t = pid_task(pid, type); + if (!t) + goto ret; +- if (type != PIDTYPE_PID && same_thread_group(t, current)) ++ if (type != PIDTYPE_PID && ++ same_thread_group(t, current) && !current->exit_state) + t = current; + if (!likely(lock_task_sighand(t, &flags))) + goto ret; diff --git a/queue-6.6/series b/queue-6.6/series index 050163a3ada..07f48c60b02 100644 --- a/queue-6.6/series +++ b/queue-6.6/series @@ -673,3 +673,4 @@ drm-xlnx-zynqmp_dpsub-fix-hotplug-detection.patch drm-amdkfd-use-the-correct-wptr-size.patch drm-amdgpu-fix-usage-slab-after-free.patch drm-amd-pm-update-current_socclk-and-current_uclk-in-gpu_metrics-on-smu-v13.0.7.patch +posix-timers-target-group-sigqueue-to-current-task-only-if-not-exiting.patch