lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 09 May 2020 14:57:33 -0500
From: (Eric W. Biederman)
To:     Linus Torvalds <>
Cc:     Linux Kernel Mailing List <>,
        Oleg Nesterov <>, Jann Horn <>,
        Kees Cook <>,
        Greg Ungerer <>,
        Rob Landley <>,
        Bernd Edlinger <>,
        linux-fsdevel <>,
        Al Viro <>,
        Alexey Dobriyan <>,
        Andrew Morton <>
Subject: Re: [PATCH 3/6] exec: Stop open coding mutex_lock_killable of cred_guard_mutex

Linus Torvalds <> writes:

> On Fri, May 8, 2020 at 11:48 AM Eric W. Biederman <> wrote:
>> Oleg modified the code that did
>> "mutex_lock_interruptible(&current->cred_guard_mutex)" to return
>> -ERESTARTNOINTR instead of -EINTR, so that userspace will never see a
>> failure to grab the mutex.
>> Slightly earlier Liam R. Howlett defined mutex_lock_killable for
>> exactly the same situation but it does it a little more cleanly.
> What what what?
> None of this makes sense. Your commit message is completely wrong, and
> the patch is utter shite.
> mutex_lock_interruptible() and mutex_lock_killable() are completely
> different operations, and the difference has absolutely nothing to do
> mutex_lock_interruptible() is interrupted by any signal.
> mutex_lock_killable() is - surprise surprise - only interrupted by
> SIGKILL (in theory any fatal signal, but we never actually implemented
> that logic, so it's only interruptible by the known-to-always-be-fatal
>> Switch the code to mutex_lock_killable so that it is clearer what the
>> code is doing.
> This nonsensical patch makes me worry about all your other patches.
> The explanation is wrong, the patch is wrong, and it changes things to
> be fundamentally broken.
> Before this, ^C would break out of a blocked execve()/ptrace()
> situation. After this patch, you need special tools to do so.
> This patch is completely wrong.

Sigh.  Brain fart on my part. You are correct.

I saw the restart, and totally forgot that it allows the handling of a
signal before restarting the system call.

Except for the handling of the signal in userspace it is the same as
mutex_lock_killable but that is a big big big if.

My apologies.  I will drop this patch.


Powered by blists - more mailing lists