| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 19 Apr 2024 13:06:32 +0200 From: Oleg Nesterov <oleg@...hat.com> To: Thomas Gleixner <tglx@...utronix.de> Cc: LKML <linux-kernel@...r.kernel.org>, Anna-Maria Behnsen <anna-maria@...utronix.de>, Frederic Weisbecker <frederic@...nel.org>, John Stultz <jstultz@...gle.com>, Peter Zijlstra <peterz@...radead.org>, Ingo Molnar <mingo@...nel.org>, Stephen Boyd <sboyd@...nel.org>, Eric Biederman <ebiederm@...ssion.com> Subject: Re: [patch V2 26/50] signal: Get rid of resched_timer logic On 04/18, Oleg Nesterov wrote: > > On 04/18, Oleg Nesterov wrote: > > > > On 04/11, Thomas Gleixner wrote: > > > > > > There is no reason for handing the *resched pointer argument through > > > several functions just to check whether the signal is related to a self > > > rearming posix timer. > > > > Agreed, these changes looks good to me. > > I meant the intent. > > But this is not simple, collect_signal() checks SIGQUEUE_PREALLOC exactly > because (iiuc) we need to ensure that SI_TIMER didn't come from userspace. > > perhaps we should disallow SI_TIMER with _sys_private != 0 from userspace, > I dunno... > > And I don't really understand the "not to be passed to user" comment in > include/uapi/asm-generic/siginfo.h. copy_siginfo_to_user() just copies > the whole kernel_siginfo. OK, si_sys_private is cleared in dequeue_signal() (or in posixtimer_rearm() with this series). In the past SI_TIMER was defined as __SI_CODE(__SI_TIMER,-2), it was > 0, so it could not come from userspace (see the info->si_code >= 0 check in do_rt_sigqueueinfo). Today SI_TIMER < 0. We could introduce SI_TIMER_KERNEL > 0 with the minimal changes, but this can't help because the commit 66dd34ad31e59 allows to send any siginfo to itself. Otoh, I have no idea how CRIU restores the posix timers. If a process has a pending blocked SI_TIMER signal, then I guess it actually needs to enqueue this signal at restore time, but resched_timer will be never true? I got lost... Sorry for the noise. > Confused. > > > But, > > > > > SI_TIMER is only used by the posix timer code and cannot be queued from > > > user space. > > > > Why? I think sigqueueinfo() can certainly use si_code = SI_TIMER, so > > > > > @@ -1011,6 +1001,9 @@ static int __send_signal_locked(int sig, > > > > > > lockdep_assert_held(&t->sighand->siglock); > > > > > > + if (WARN_ON_ONCE(!is_si_special(info) && info->si_code == SI_TIMER)) > > > + return 0; > > > > this can be easily triggered by userspace and thus looks wrong. > > > > Oleg.
Powered by blists - more mailing lists