| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 5 Nov 2015 19:02:58 +0100 From: Oleg Nesterov <oleg@...hat.com> To: Andrew Morton <akpm@...ux-foundation.org> Cc: Dmitry Vyukov <dvyukov@...gle.com>, Roland McGrath <roland@...k.frob.com>, amanieu@...il.com, pmoore@...hat.com, Ingo Molnar <mingo@...nel.org>, vdavydov@...allels.com, qiaowei.ren@...el.com, dave@...olabs.net, palmer@...belt.com, LKML <linux-kernel@...r.kernel.org>, syzkaller <syzkaller@...glegroups.com>, Kostya Serebryany <kcc@...gle.com>, Alexander Potapenko <glider@...gle.com>, Sasha Levin <sasha.levin@...cle.com> Subject: Re: [PATCH 1/1] signal: kill the obsolete SIGNAL_UNKILLABLE check in complete_signal() On 11/05, Oleg Nesterov wrote: > > On 11/04, Andrew Morton wrote: > > > > I'm thinking this should be backported into -stable due to WARN_ONs and > > kernel crashes. > > Ah, sorry for confusion. The kernel crash is fine/correct. Debugger kills > init process, the exiting init calls panic(). With or without this patch. > BTW, I always thought we should remove this panic(), but this is off-topic. > > After this patch the test-case above still crashes the kernel, but without > warning ;) > > > And as f008faff0e27 is from 2009, that means all > > kernels. > > Yes, I think this change is safe for -stable. But the only visible problem > is WARN_ON_ONCE() in task_participate_group_stop(), so I am not sure... > > Well. Actually there are more problems. zap_threads(), de_thread() can be > fooled by signal_group_exit() == F too. So a multi-threaded /sbin/init can > miss SIGKILL if it does execve(), or if it starts the coredump. But only if > SIGKILL was private (sent by tkill). > > I do not see any serious problem this patch could fix. Cough... and on the second thought this patch needs v2. Sorry Andrew, please drop signal-kill-the-obsolete-signal_unkillable-check-in-complete_signal.patch I'll send the updated version. With this patch the parent namespace can use any fatal signal (not only SIGKILL) to kill the init process in container. I do not think this is actually bad, but in any case this should not silently come as a side effect. And this is not consistent with SIGNAL_UNKILLABLE/sig_kernel_only() check in get_signal(). Most probably I will just resend this patch as 2/2, while 1/2 will change sig_task_ignored() because afaics it is not actually right too (albeit not really buggy). Oleg. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists