lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20251225062622.1500046-1-changbin.du@huawei.com>
Date: Thu, 25 Dec 2025 14:26:22 +0800
From: Changbin Du <changbin.du@...wei.com>
To: Jonathan Corbet <corbet@....net>, Mauro Carvalho Chehab
	<mchehab@...nel.org>
CC: <linux-doc@...r.kernel.org>, <linux-kernel@...r.kernel.org>, Changbin Du
	<changbin.du@...wei.com>
Subject: [PATCH] tools: jobserver: Add validation for jobserver tokens to ensure valid '+' characters

Add validation for jobserver tokens to prevent infinite loops on invalid fds
When using GNU Make's jobserver feature in kernel builds, a bug in MAKEFLAGS
propagation caused "--jobserver-auth=3,4" to reference an unintended file
descriptor (Here, fd 3 was inherited from a shell command that opened
"/etc/passwd" instead of a valid pipe). This led to infinite loops in
jobserver-exec's os.read() calls due to empty or corrupted tokens. (The
version of my make is 4.3)

$ ls -l /proc/self/fd
total 0
lrwx------ 1 changbin changbin 64 Dec 25 13:03 0 -> /dev/pts/1
lrwx------ 1 changbin changbin 64 Dec 25 13:03 1 -> /dev/pts/1
lrwx------ 1 changbin changbin 64 Dec 25 13:03 2 -> /dev/pts/1
lr-x------ 1 changbin changbin 64 Dec 25 13:03 3 -> /etc/passwd
lr-x------ 1 changbin changbin 64 Dec 25 13:03 4 -> /proc/1421383/fd

The modified code now explicitly validates tokens:
1. Rejects empty reads (prevents infinite loops on EOF)
2. Checks all bytes are '+' characters (catches fd reuse issues)
3. Raises ValueError with clear diagnostics for debugging
This ensures robustness against invalid jobserver configurations, even when
external tools (like make) incorrectly pass non-pipe file descriptors.

Signed-off-by: Changbin Du <changbin.du@...wei.com>
---
 tools/lib/python/jobserver.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tools/lib/python/jobserver.py b/tools/lib/python/jobserver.py
index a24f30ef4fa8..88d005f96bed 100755
--- a/tools/lib/python/jobserver.py
+++ b/tools/lib/python/jobserver.py
@@ -91,6 +91,8 @@ class JobserverExec:
             while True:
                 try:
                     slot = os.read(self.reader, 8)
+                    if not slot or any(c != b'+'[0] for c in slot):
+                        raise ValueError("empty or unexpected token from jobserver")
                     self.jobs += slot
                 except (OSError, IOError) as e:
                     if e.errno == errno.EWOULDBLOCK:
-- 
2.43.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ