[PATCH 0/3] coredump: io_uring: Cancel io_uring to avoid core truncation

[Olivier Langlois <olivier@trillion01.com>]

Before writing the core dump, io_uring requests have to be cancelled.

Also, io_uring cancellation code had to be modified as it could set the
TIF_NOTIFY_SIGNAL bit.

Few notes about this patchset:

1. My coredump.c proposal puts the io_uring_task_cancel call further
down the do_coredump function over what Jens did propose.

Considering that this function call can be relatively expensive, I
believe that postponing it as much as possible is the way to go.

I did place it before coredump_wait which clears signal bits so that
seems to be an appropriate location but the logic could possibly be
pushed even more with possibly no harm.

2. The current patch proposal only address specifically the issue caused
by io_uring. It could reoccur as soon as something else flips the
TIF_NOTIFY_SIGNAL bit.

Therefore, another solution would simply be to modify __dump_emit to make it
resilient to TIF_NOTIFY_SIGNAL as Eric W. Biederman originally
suggested.

or maybe do both...

So making __dump_emit more robust to the TIF_NOTIFY_SIGNAL situation
might be something interesting to investigate if it would be a good idea
to do on top or in replacement to this patchset.

Lastly, Jens did already submit a patch to solve the same problem:
https://lkml.org/lkml/2021/8/17/1156

If his patch ends being a superior solution to the problem,
the first 2 patches of this set are still relevant.

Olivier Langlois (3):
  tracehook: Add a return value to tracehook_notify_signal
  io_uring: Clear TIF_NOTIFY_SIGNAL when cancelling requests
  coredump: cancel io_uring requests before dumping core

 fs/coredump.c             | 3 +++
 fs/io_uring.c             | 2 +-
 include/linux/tracehook.h | 8 ++++++--
 3 files changed, 10 insertions(+), 3 deletions(-)

-- 
2.32.0