Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp539527imm; Wed, 1 Aug 2018 00:45:08 -0700 (PDT) X-Google-Smtp-Source: AAOMgpdqPRENRugqGRzpX4s+GtqSZ4wAxkuGOzv5fMhcIva3RvVSo+k+PGUS1JKnb87Alcg6YaSL X-Received: by 2002:a63:844:: with SMTP id 65-v6mr24110596pgi.406.1533109508256; Wed, 01 Aug 2018 00:45:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1533109508; cv=none; d=google.com; s=arc-20160816; b=XMkVAGJYJUqdxnQ1DtUP2eV+826OW6dK1vcrQxoHkfyJL5MIDdlIHQWJn07xSn8pMs 8Hq6ItpjZj8GcUb1juJWll98Vpul2KtgZY3z1H8JduUlJxqlT0L17kmHJrlC1ibgzG8M glFQvuQyltBkPRzhCX2KI4r4Fz2noo1Ra+wvf1IFIrMHKys4EDUJgQxBpJ2zoUJYdb0y 2qmc6WWWdfNB0oJPAlzCTGEYmdZqTDiz9IAKQFWHI9SuDe9voY+VHGp+n8dHVICuhD4S cN+3bNHkCDx9YJi8zKpUm7kGXbZsDc8AiYl1Qz+0qakKRhmI33ecT1WyFqe8nfK4/GSf terw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id :arc-authentication-results; bh=fOq/6Q8mY0lZ5qwcEsyi9VWSmDD9lA0e2N49m2p6/1A=; b=qRV9k9BW28k4piAujWas/PJL3tcEt3wu70bZV+jS7uGZ8nrmm3uyRzpK6mtY0YDR53 Z+64JVWjEbkKIC2ETo6tcJet3dRjH4cro7QY5RweXNtoeGHjkPuOgPBmF8OVXUNG4I+Y xQSUjhgMPqBztybWzTLtVvZDpeZdpkdg0Unis1lqXRXta1gNqmPl4heW6bSUhChwODn8 ZwkknJAgPcQpOmIecinVo0P+M9xyIKkEmXKl2latm/NR1JXBWrlgfffv+dKjUQm+rpyn qH793G5UKaRpULq4g+KD75qVjYVc+EJ1lSpX7OQY97Jc4yN25Z4msnTQAfhXno8vwDJU cvYQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m9-v6si13756119pgq.172.2018.08.01.00.44.53; Wed, 01 Aug 2018 00:45:08 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387550AbeHAJ23 (ORCPT + 99 others); Wed, 1 Aug 2018 05:28:29 -0400 Received: from nov-007-i652.relay.mailchannels.net ([46.232.183.206]:60756 "EHLO nov-007-i652.relay.mailchannels.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729769AbeHAJ23 (ORCPT ); Wed, 1 Aug 2018 05:28:29 -0400 X-Sender-Id: novatrend|x-authuser|juerg@bitron.ch Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 59E17BE03E9; Wed, 1 Aug 2018 07:44:03 +0000 (UTC) Received: from srv17.tophost.ch (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTPA id A1E04BE03CF; Wed, 1 Aug 2018 07:44:00 +0000 (UTC) X-Sender-Id: novatrend|x-authuser|juerg@bitron.ch Received: from srv17.tophost.ch (srv17.tophost.ch [193.33.128.141]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.15.2); Wed, 01 Aug 2018 07:44:03 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: novatrend|x-authuser|juerg@bitron.ch X-MailChannels-Auth-Id: novatrend X-Name-Power: 4553995a4b0cfa02_1533109443004_2258524725 X-MC-Loop-Signature: 1533109443004:3758119433 X-MC-Ingress-Time: 1533109443003 Received: from [80.219.231.201] (port=57984 helo=jzen.bitron.ch) by srv17.tophost.ch with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.91) (envelope-from ) id 1fklnZ-00D6Aq-Sc; Wed, 01 Aug 2018 09:43:58 +0200 Message-ID: <625ede00c618783eb610b7109c35c514e8faa793.camel@bitron.ch> Subject: Re: [PATCH] prctl: add PR_[GS]ET_KILLABLE From: =?ISO-8859-1?Q?J=FCrg?= Billeter To: Jann Horn Cc: Andrew Morton , Oleg Nesterov , "Eric W. Biederman" , Linux API , kernel list Date: Wed, 01 Aug 2018 09:43:57 +0200 In-Reply-To: References: <20180730075241.24002-1-j@bitron.ch> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.28.4 Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-AuthUser: juerg@bitron.ch Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2018-07-31 at 18:26 +0200, Jann Horn wrote: > On Mon, Jul 30, 2018 at 10:01 AM Jürg Billeter wrote: > > [...] > > diff --git a/kernel/sys.c b/kernel/sys.c > > index 38509dc1f77b..264de630d548 100644 > > --- a/kernel/sys.c > > +++ b/kernel/sys.c > > [...] > > + case PR_SET_KILLABLE: > > + if (arg2 != 1 || arg3 || arg4 || arg5) > > + return -EINVAL; > > + me->signal->flags &= ~SIGNAL_UNKILLABLE; > > + break; > > I don't have an opinion on this patchset otherwise, but should this > prctl maybe block PR_SET_KILLABLE if you're actually the real init > process? This seems like it could potentially lead to weird things. While I don't expect global init to use this, I can't think of a good reason to disallow it in the kernel. Do you have specific concerns or is the code in kernel/fork.c the only reason? I prefer avoiding special cases unless really required. > This code in kernel/fork.c seems to rely on the fact that global init > is SIGNAL_UNKILLABLE, and probably also leads to weirdness if > container init is non-SIGNAL_UNKILLABLE: Yes, Oleg has mentioned this as well. I have to change copy_process() to directly check for the PID namespace root process instead of checking for SIGNAL_UNKILLABLE. Jürg