ACK: [PATCH][SRU][ARTFUL] UBUNTU:SAUCE: exec: fix lockup because retry loop may never exit
Stefan Bader
stefan.bader at canonical.com
Tue Jan 23 10:11:10 UTC 2018
On 07.12.2017 18:32, Colin King wrote:
> From: Colin Ian King <colin.king at canonical.com>
>
> BugLink: https://launchpad.net/bugs/1730717
>
> My early fix for bug LP#1672819 could get stuck in an infinite
> retry loop causing lockups. Currently the retry is aggressively
> spinning on a check and will never abort. Relax the aggressive
> retry by adding a small interruptible delay and limit the number
> of retries.
>
> I've analyzed the retries and 95% of the cases on an 8 CPU Xeon
> host never hit the retry loop and less that 0.5% of retries are
> ever more than 1 retry using the original reproducer program.
> Considering that the reproducer is an extreeme case of forcing
> the race condition I believe we now have a suitable balance of
> non-aggressive CPU eating retries and a mechanism to bail out
> after enough retries and avoid a lockup.
>
> Admittedly this workaround is a bit of an ugly hack, but the
> retry path is never executed for the majority of use cases and
> only hits the retry/delay for the racy condition we hit with the
> original bug.
>
> Signed-off-by: Colin Ian King <colin.king at canonical.com>
Acked-by: Stefan Bader <stefan.bader at canonical.com>
> ---
> fs/exec.c | 9 +++++++--
> 1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/fs/exec.c b/fs/exec.c
> index 5c2c1ff3bd..0f47bb8486 100644
> --- a/fs/exec.c
> +++ b/fs/exec.c
> @@ -62,6 +62,7 @@
> #include <linux/oom.h>
> #include <linux/compat.h>
> #include <linux/vmalloc.h>
> +#include <linux/delay.h>
>
> #include <trace/events/fs.h>
>
> @@ -1465,6 +1466,7 @@ static void check_unsafe_exec(struct linux_binprm *bprm)
> struct task_struct *p = current, *t;
> unsigned n_fs;
> bool fs_recheck;
> + int count = 0;
>
> if (p->ptrace)
> bprm->unsafe |= LSM_UNSAFE_PTRACE;
> @@ -1492,8 +1494,11 @@ static void check_unsafe_exec(struct linux_binprm *bprm)
>
> if (p->fs->users > n_fs) {
> if (fs_recheck) {
> - spin_unlock(&p->fs->lock);
> - goto recheck;
> + if (count++ < 20) {
> + spin_unlock(&p->fs->lock);
> + msleep_interruptible(1);
> + goto recheck;
> + }
> }
> bprm->unsafe |= LSM_UNSAFE_SHARE;
> } else
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20180123/d9c2e157/attachment.sig>
More information about the kernel-team
mailing list