lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250729152759994n3YKgjxLglCCPkOtYtU2U@zte.com.cn>
Date: Tue, 29 Jul 2025 15:27:59 +0800 (CST)
From: <fan.yu9@....com.cn>
To: <tglx@...utronix.de>, <frederic@...nel.org>, <peterz@...radead.org>,
        <oleg@...hat.com>, <brauner@...nel.org>, <iro@...iv.linux.org.uk>,
        <joel.granados@...nel.org>, <lorenzo.stoakes@...cle.com>,
        <akpm@...ux-foundation.org>
Cc: <linux-kernel@...r.kernel.org>, <xu.xin16@....com.cn>,
        <yang.yang29@....com.cn>
Subject: [PATCH linux-next v2] signal: clarify __send_signal_locked comment in do_notify_parent

From: Fan Yu <fan.yu9@....com.cn>

The original comment (introduced in commit 61e713bdca36 ("signal: Avoid
corrupting si_pid and si_uid in do_notify_parent")) stated that
__send_signal should be used because si_pid/si_uid are in the parent's
namespace, but it did not explain why send_signal_locked() is unsafe here.

This became more ambiguous after
  commit 157cc18122b4 ("signal: Rename send_signal send_signal_locked")
without updating the comment.

Explicitly clarify that:
1. send_signal_locked() may incorrectly modify si_pid/si_uid when crossing
   PID/user namespaces (e.g., reset si_pid to 0 or translate si_uid).
2. __send_signal_locked() preserves the original siginfo values, which is
   critical since they are already in the parent's namespace.

Signed-off-by: Fan Yu <fan.yu9@....com.cn>
---
Changes in V2:
- Some fixes according to
https://lore.kernel.org/all/878qk8pdkd.ffs@tglx/
https://lore.kernel.org/all/20250728155815.GB25567@redhat.com/
- Clarify why __send_signal_locked must be used

 kernel/signal.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/kernel/signal.c b/kernel/signal.c
index e2c928de7d2c..047b22837a36 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -2252,8 +2252,10 @@ bool do_notify_parent(struct task_struct *tsk, int sig)
 			sig = 0;
 	}
 	/*
-	 * Send with __send_signal as si_pid and si_uid are in the
-	 * parent's namespaces.
+	 * Use __send_signal_locked() instead of send_signal_locked()
+	 * because si_pid and si_uid are already in the parent's
+	 * namespace. send_signal_locked() would incorrectly modify
+	 * them when crossing PID/user namespaces.
 	 */
 	if (valid_signal(sig) && sig)
 		__send_signal_locked(sig, &info, tsk->parent, PIDTYPE_TGID, false);
-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ