| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20160126211009.GA4695@redhat.com> Date: Tue, 26 Jan 2016 22:10:09 +0100 From: Oleg Nesterov <oleg@...hat.com> To: Andrew Morton <akpm@...ux-foundation.org> Cc: Sasha Levin <sasha.levin@...cle.com>, linux-kernel@...r.kernel.org, mingo@...nel.org, peterz@...radead.org Subject: Re: [PATCH] signals: work around random wakeups in sigsuspend() On 01/25, Andrew Morton wrote: > > On Mon, 25 Jan 2016 10:21:46 -0500 Sasha Levin <sasha.levin@...cle.com> wrote: > > > A random wakeup can get us out of sigsuspend() without TIF_SIGPENDING > > being set. > > > > Avoid that by making sure we were signaled, like sys_pause() does. > > What we're lacking here is any description of the end-user-visible > effects of the bug. The warning in dmesg and -ERESTARTNOHAND which we should never return to user space, although I bet nobody checks the error code returned by sigsuspend(). Plus, of course, sys_sigsuspend() can return while it should not. > Enough for people to be able to decide (and to > recognize!) whether their kernel needs this patch.</stdrefrain> I don't think this problem is really serious, plus it is very unlikely. The spurious return from sigsuspend() should not really hurt. And, ironically, there is another more serious "reverse" problem ;) sigsuspend() orany other user of -ERESTARTNOHAND can "miss" the signal, in a sense that the kernel can wrongly restart this syscall after return from signal handler. This is not trivial to fix.. Oleg.
Powered by blists - more mailing lists