lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Wed, 28 Oct 2015 16:53:53 +0100
From:	Oleg Nesterov <oleg@...hat.com>
To:	Markus Pargmann <mpa@...gutronix.de>
Cc:	Andrew Morton <akpm@...ux-foundation.org>,
	nbd-general@...ts.sourceforge.net, linux-kernel@...r.kernel.org
Subject: Re: [PATCH -mm 2/3] nbd: nbd_thread_recv: remove the buggy
	kernel_dequeue_signal()

On 10/26, Markus Pargmann wrote:
>
> Hi Oleg,
>
> On Sun, Oct 25, 2015 at 04:26:39PM +0100, Oleg Nesterov wrote:
> > nbd_thread_recv() is called by userspace, it is very wrong to dequeue
> > and throw out a signal.
>
> This signal handling for a userspace process is implicitly implemented
> for several years already through the timeout handling. This is nothing
> new and could potentially break userspace if someone disconnects NBD
> using the kill command. As we expose the appropriate PID of the process
> as well this is possible to be used in an init script.
>
> So I am not sure about this patch yet.

I strongly believe this kernel_dequeue_signal() must die, it is very
wrong and I can't even enumerate all problems.

And why do you want it? Probably to "hide" the SIGKILL sent while this
process was exposed as ->task_recv. This can not work even in the simplest
case when this process is single-threaded. kernel_dequeue_signal() won't
clear SIGNAL_GROUP_EXIT set by SIGKILL, it won't remove SIGKILL from
shared_pending if it was sent by the kill command.

Note also that SIGKILL can be sent from another thread which does
exec/group_exit/coredump. In this case the state of this thread group
will be very wrong after kernel_dequeue_signal() removes SIGKILL from
task_struct->pending.

Finally. We can not even know which signal we are going to dequeue and
throw out. Say, it can be SIGCHLD or any other unrelated signal.

No, this can't be right.

Oleg.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists