| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 18 Mar 2022 09:52:46 -0500
From: "Eric W. Biederman" <ebiederm@...ssion.com>
To: Kees Cook <keescook@...omium.org>
Cc: linux-kernel@...r.kernel.org,
Linus Torvalds <torvalds@...ux-foundation.org>,
Alexey Gladkov <legion@...nel.org>,
Kyle Huey <me@...ehuey.com>, Oleg Nesterov <oleg@...hat.com>,
Al Viro <viro@...iv.linux.org.uk>, linux-api@...r.kernel.org,
Jens Axboe <axboe@...nel.dk>
Subject: Re: [PATCH 2/2] ptrace: Return the signal to continue with from
ptrace_stop
Kees Cook <keescook@...omium.org> writes:
> On Tue, Mar 15, 2022 at 06:22:26PM -0500, Eric W. Biederman wrote:
>>
>> The signal a task should continue with after a ptrace stop is
>> inconsistently read, cleared, and sent. Solve this by reading and
>> clearing the signal to be sent in ptrace_stop.
>>
>> In an ideal world everything except ptrace_signal would share a common
>> implementation of continuing with the signal, so ptracers could count
>> on the signal they ask to continue with actually being delivered. For
>> now retain bug compatibility and just return with the signal number
>> the ptracer requested the code continue with.
>>
>> Signed-off-by: "Eric W. Biederman" <ebiederm@...ssion.com>
>> ---
>> include/linux/ptrace.h | 12 ++++++------
>> kernel/signal.c | 31 ++++++++++++++++++-------------
>> 2 files changed, 24 insertions(+), 19 deletions(-)
>>
>> diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h
>> index 3e6b46e2b7be..15b3d176b6b4 100644
>> --- a/include/linux/ptrace.h
>> +++ b/include/linux/ptrace.h
>> @@ -60,7 +60,7 @@ extern int ptrace_writedata(struct task_struct *tsk, char __user *src, unsigned
>> extern void ptrace_disable(struct task_struct *);
>> extern int ptrace_request(struct task_struct *child, long request,
>> unsigned long addr, unsigned long data);
>> -extern void ptrace_notify(int exit_code, unsigned long message);
>> +extern int ptrace_notify(int exit_code, unsigned long message);
>> [...]
>> -static void ptrace_stop(int exit_code, int why, int clear_code,
>> +static int ptrace_stop(int exit_code, int why, int clear_code,
>> unsigned long message, kernel_siginfo_t *info)
>> [...]
>> -static void ptrace_do_notify(int signr, int exit_code, int why, unsigned long message)
>> +static int ptrace_do_notify(int signr, int exit_code, int why, unsigned long message)
>> [...]
>> -void ptrace_notify(int exit_code, unsigned long message)
>> +int ptrace_notify(int exit_code, unsigned long message)
>
> Just for robustness, how about marking the functions that have switched
> from void to int return as __must_check (or at least just ptrace_notify)?
We can't. There are historical cases that simply don't check if a
signal should be sent after the function, and they exist for every
function that is modified.
If we can modify the code so that everyone is checking the return value
than certainly, but that just doesn't happen to reflect how this
ptrace helper is being used today.
> With that and the style nit Oleg already mentioned, yeah, this looks
> good too.
Alright style nit fixed.
> Reviewed-by: Kees Cook <keescook@...omium.org>
Eric
Powered by blists - more mailing lists