lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 22 Jan 2007 11:24:06 -0500
From:	Neil Horman <nhorman@...driver.com>
To:	Linus Torvalds <torvalds@...ux-foundation.org>
Cc:	Paolo Ornati <ornati@...twebnet.it>, linux-kernel@...r.kernel.org,
	akpm@...l.org, torvalds@...l.org
Subject: Re: [PATCH] select: fix sys_select to not leak ERESTARTNOHAND to userspace

On Mon, Jan 22, 2007 at 08:03:53AM -0800, Linus Torvalds wrote:
> 
> 
> On Mon, 22 Jan 2007, Neil Horman wrote:
> 
> > On Mon, Jan 22, 2007 at 02:59:56PM +0100, Paolo Ornati wrote:
> > > 
> > > the ERESTARTNOHAND thing is handled in arch specific signal code,
> > 
> > In the signal handling path yes.
> 
> Right.
> 
> > Not always in the case of select, though.  Check core_sys_select:
> 
> No, even in the case of select().
> 
> > if (!ret) {
> >                 ret = -ERESTARTNOHAND;
> >                 if (signal_pending(current))
> >                         goto out;
> >                 ret = 0;
> 
> Since we have "signal_pending(current)" being true, we _know_ that the 
> signal handling path will be triggered, so the ERESTARTNOHAND will be 
> changed into the appropriate error return (or restart) by the signal 
> handling code.
> 
> > Its possible for core_sys_select to return ERESTARTNOHAND to sys_select, which
> > will in turn (as its currently written), return that value back to user space.
> 
> No. Exactly because sys_select() will always return through the system 
> call handling path, and that will turn the ERESTARTNOHAND into something 
> else.
> 
> NOTE! If you use "ptrace()", you may see the internal errors. But that's a 
> ptrace-only thing, and may have fooled you into thinking that the actual 
> _application_ sees those internal errors. It won't.
> 
> Of course, we could have some signal-handling bug here, but if so, it 
> would affect a lot more than just select(). Have you actually seen 
> ERESTARTNOINTR in the app (not just ptrace?)
> 
The error was reported to me second hand.  I'm expecting a reproducer (although
to date, I'm still waiting for it, so I may have jumped the gun here).  In fact,
I see what your saying now, down in the assembly glue for our arches (x86 in
this case) we jump to do_notify_resume since we have a pending signal, and
inside do_signal from there we fix up ERESTARTNOHAND to be something sane for
userspace.  Ok, I withdraw this patch.  I'll repost when/if I get my hands on
the reproducer and see that something is actually slipping through.

Neil

> 		Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ