lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 4 Nov 2015 17:21:23 -0800 From: Andrew Morton <akpm@...ux-foundation.org> To: Oleg Nesterov <oleg@...hat.com> Cc: Dmitry Vyukov <dvyukov@...gle.com>, Roland McGrath <roland@...k.frob.com>, amanieu@...il.com, pmoore@...hat.com, Ingo Molnar <mingo@...nel.org>, vdavydov@...allels.com, qiaowei.ren@...el.com, dave@...olabs.net, palmer@...belt.com, LKML <linux-kernel@...r.kernel.org>, syzkaller <syzkaller@...glegroups.com>, Kostya Serebryany <kcc@...gle.com>, Alexander Potapenko <glider@...gle.com>, Sasha Levin <sasha.levin@...cle.com> Subject: Re: [PATCH 1/1] signal: kill the obsolete SIGNAL_UNKILLABLE check in complete_signal() On Wed, 4 Nov 2015 20:19:12 +0100 Oleg Nesterov <oleg@...hat.com> wrote: > complete_signal() checks SIGNAL_UNKILLABLE before it starts to destroy the > thread group, today this is unnecessary and even not 100% correct. > > After the commit f008faff0e27 ("signals: protect init from unwanted signals > more") we rely on sig_task_ignored(), complete_signal(SIGKILL) can only see > a SIGNAL_UNKILLABLE task if we actually want to kill it. And note that after > the commit b3bfa0cba867 ("signals: protect cinit from blocked fatal signals") > we do not drop SIGKILL dequeued by /sbin/init. > > And it does not look right. fatal_signal_pending() should always imply that > the whole thread group (except ->group_exit_task if it is not NULL) is killed, > this check breaks the rule. > > This explains WARN_ON(!JOBCTL_STOP_PENDING) in task_participate_group_stop() > triggered by the test-case from Dmitry: > > int main() > { > int pid = 1; > ptrace(PTRACE_ATTACH, pid, 0, 0); > ptrace(PTRACE_SETOPTIONS, pid, 0, PTRACE_O_EXITKILL); > sleep(1); > return 0; > } > > do_signal_stop()->signal_group_exit() returns false because SIGNAL_GROUP_EXIT > is not set, but task_set_jobctl_pending() checks fatal_signal_pending() and > does not set JOBCTL_STOP_PENDING. > > The test-case above needs root and (correctly) crashes the kernel, but we can > trigger the same warning inside the container or using another test-case: > > static int init(void *arg) > { > for (;;) > pause(); > } > > int main(void) > { > char stack[16 * 1024]; > > for (;;) { > int pid = clone(init, stack + sizeof(stack)/2, > CLONE_NEWPID | SIGCHLD, NULL); > assert(pid > 0); > > assert(ptrace(PTRACE_ATTACH, pid, 0, 0) == 0); > assert(waitpid(-1, NULL, WSTOPPED) == pid); > > assert(ptrace(PTRACE_DETACH, pid, 0, SIGSTOP) == 0); > assert(syscall(__NR_tkill, pid, SIGKILL) == 0); > assert(pid == wait(NULL)); > } > } I'm thinking this should be backported into -stable due to WARN_ONs and kernel crashes. And as f008faff0e27 is from 2009, that means all kernels. Your thoughts on this? -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists