| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 22 Dec 2008 14:15:22 -0800 From: Sukadev Bhattiprolu <sukadev@...ux.vnet.ibm.com> To: oleg@...hat.com, ebiederm@...ssion.com, roland@...hat.com, bastian@...di.eu.org, gregkh@...e.de Cc: daniel@...ac.com, xemul@...nvz.org, containers@...ts.osdl.org, linux-kernel@...r.kernel.org, linux-usb@...r.kernel.org Subject: Re: [RFC][PATCH] SI_ASYNCIO: should be a kernel signal ? Sukadev Bhattiprolu [sukadev@...ux.vnet.ibm.com] wrote: | | From: Sukadev Bhattiprolu <sukadev@...ux.vnet.ibm.com> | Date: Fri, 19 Dec 2008 20:45:49 -0800 | Subject: [RFC][PATCH] SI_ASYNCIO: should be a kernel signal ? | | SI_ASYNCIO is currently defined as -4 in the kernel. This makes it appear | like a "user" signal (i.e SI_FROMUSER() is true). SI_ASYNCIO is generated | by the kernel for async events like SI_MESGQ and SI_POLL, but unlike | SI_ASYNCIO, SI_MESGQ and SI_POLL are "kernel" signals (i.e SI_FROMKERNEL() | is true). | | Shouldn't SI_ASYNCIO be a "kernel" signal too ? It is currently generated | from USB core code. | | This quick/untested RFC patch changes the in-kernel value of SI_ASYNCIO | as follows so that it becomes a "kernel" signal. | | (7 << 16)|(-4 & 0xffff) = 0x7fffc which is SI_FROMKERNEL(). | | The user-space value of SI_ASYNCIO continues to be -4. | | Known side-effects: | | Is this required to be SI_FROMUSER() to enable the uid checks in | kill_pid_info_as_uid() ? Also, changing to "kernel" signal would skip | the permission checks in check_kill_permission(). Would that be a | problem ? | | Why bother now ? (Sigh. Condensed long story) | | Besides the consistency with SI_POLL and SI_MESGQ this could simplify | implementation of special signal semantics for container-init. When a | signal is sent to container-init from user-space, we need to check the | pid namespace of the sender in send_signal(). But since send_signal() | can also be called from interrupt context, we have no way of knowing | if it is safe to check the pid namespace of the caller. | | If SI_ASYNCIO signal appears as a kernel signal, we could possibly use | SI_FROMUSER() to check if it safe to reference the pid namespace of | the sender. | | If this change has no other side-effects/breakage we will explore this | path further for the signal semantics for container-init. (There could | be other hurdles along the way...) | | See also http://lkml.org/lkml/2008/12/20/183 | | Appreciate any comments on this. | | TODO: | If this makes sense, make corresponding change to the SI_ASYNCIO | in arch/mips/siginfo.h. Grr. Importantly, we would also need to update the copy_siginfo*() and friends for this to be complete. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists