From: Christoph Böhmwalder
Sent: 29 July 2019 09:33 Fix a regression introduced by upstream commit fee109901f39 ('signal/drbd: Use send_sig not force_sig').
Currently, when a thread is initialized, all signals are set to be ignored by default. DRBD uses SIGHUP to end its threads, which means it is now no longer possible to bring down a DRBD resource because the signals do not make it through to the thread in question.
This circumstance was previously hidden by the fact that DRBD used force_sig() to kill its threads. The aforementioned upstream commit changed this to send_sig(), which means the effects of the signals being ignored by default are now becoming visible.
Thus, issue an allow_signal() at the start of the thread to explicitly allow the desired signals.
Doesn't unmasking the signals and using send_sig() instead of force_sig() have the (probably unwanted) side effect of allowing userspace to send the signal?
I've certainly got some driver code that uses force_sig() on a kthread that it doesn't (ever) want userspace to signal.
The origina1 commit says:
Further force_sig is for delivering synchronous signals (aka exceptions). The locking in force_sig is not prepared to deal with running processes, as tsk->sighand may change during exec for a running process.
I think a lot of code has assumed that the only real difference between send_sig() and force_sig() is that the latter ignores the signal mask.
If you need to unblock a kernel thread (eg one blocked in kernel_accept()) in order to unload a driver, then you really don't want it to be possible for anything else to signal the kthread.
David
- Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)