lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 10 Sep 2019 15:10:50 +0200
From:   Christian Brauner <christian.brauner@...ntu.com>
To:     Oleg Nesterov <oleg@...hat.com>
Cc:     Eugene Syromiatnikov <esyr@...hat.com>,
        linux-kernel@...r.kernel.org,
        Christian Brauner <christian@...uner.io>,
        Andrew Morton <akpm@...ux-foundation.org>,
        "Peter Zijlstra (Intel)" <peterz@...radead.org>,
        Ingo Molnar <mingo@...nel.org>,
        "Dmitry V. Levin" <ldv@...linux.org>,
        Eric Biederman <ebiederm@...ssion.com>
Subject: Re: [PATCH] fork: fail on non-zero higher 32 bits of args.exit_signal

On Tue, Sep 10, 2019 at 03:09:35PM +0200, Christian Brauner wrote:
> On Tue, Sep 10, 2019 at 02:44:41PM +0200, Oleg Nesterov wrote:
> > On 09/10, Eugene Syromiatnikov wrote:
> > >
> > > --- a/kernel/fork.c
> > > +++ b/kernel/fork.c
> > > @@ -2562,6 +2562,9 @@ noinline static int copy_clone_args_from_user(struct kernel_clone_args *kargs,
> > >  	if (copy_from_user(&args, uargs, size))
> > >  		return -EFAULT;
> > >  
> > > +	if (unlikely(((unsigned int)args.exit_signal) != args.exit_signal))
> > > +		return -EINVAL;
> > 
> > Hmm. Unless I am totally confused you found a serious bug...
> > 
> > Without CLONE_THREAD/CLONE_PARENT copy_process() blindly does
> > 
> > 	p->exit_signal = args->exit_signal;
> > 
> > the valid_signal(sig) check in do_notify_parent() mostly saves us, but we
> > must not allow child->exit_signal < 0, if nothing else this breaks
> > thread_group_leader().
> > 
> > And afaics this patch doesn't fix this? I think we need the valid_signal()
> > check...
> 
> Thanks for sending this patch so quickly after our conversation
> yesterday, Eugene!
> We definitely want valid_signal() to verify the signal is ok.
> 
> Eugene, can you please update the patch to use valid signal and keep it
> as a separate patch from the cleanup and selftest patches?

I'll then pick this up quickly so we can get this in before 5.3 is out.

Thanks!
Christian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ