Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp549118imm; Wed, 1 Aug 2018 00:58:46 -0700 (PDT) X-Google-Smtp-Source: AAOMgpeG/QbuLRoopiwMwPrwxZMPU5uaGBB3SGewtoeywyI4Cths0OXbHfOonIQJITmwbbGogoJy X-Received: by 2002:a62:d842:: with SMTP id e63-v6mr25931202pfg.88.1533110326923; Wed, 01 Aug 2018 00:58:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1533110326; cv=none; d=google.com; s=arc-20160816; b=YcQZ2PNYT4l+OyR1E7lLnP+PsUZ9iXXXUB7IReuLCP0MdMwjoKW7X3bf8+XqKKBakO 4/wDOVwfDzT1Qo2DNPIlplad2vr3wa8GqpebiTyBAFERHghaOwC69ECiphVVhSXfCezq pJq1eB02TBsXQb5oFP9G4rgCrmhlERX1iD3uWg7ZbGtnqBsHWyStpjBcMbvhui+CiGWX EE5yH7Ld+I5aorU0MLWDYpr3y10wpt0KEQ1p1xvkHPT+Wj42j2TLsYF5yDKbD6tEy+Sg T6DPlxwtWjdNq0uDmzD9Am0K8HY8gpNeidt/AxULIsJ1mcEImMkj5/r0YoE9Oa1OWwAv oapQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature:arc-authentication-results; bh=xYnkeUElkhxdaWZJddBYUPpse1oG6z/9BY3e5KpySqU=; b=Cg7bKhDPEn9/997cDA7XDm2iR06r2OnYtp8vdJ02M95gPfC1r417rK5GRsjBI62kG7 dSGRSktbUGBWuuvSX33Ds8Fen+U93kErwaEO/Mim9ir4Bih8EMCwt+O0KtYjQ0ACTXjY RzGW/Z4HNg8BYN3SJq3DDiMV9pTx2In5zeAp3TrMhu27spvW4zqoaxg/ZRzxjD6pB/ZU JQ+V0QWtuffAYu/zJ6QKl50N0rlEQI2sogMuUNRa9otL+htjdpkG/nYz6a5NFI36uCXE asPkJ4wxX1KkEOj3mW+54sQL96pW+L/WuT8rxkETGtVhZdRCpVkplW1N3n3dxU1dVcKg q6Cg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="vWz/2OjD"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o8-v6si13877698pll.193.2018.08.01.00.58.32; Wed, 01 Aug 2018 00:58:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="vWz/2OjD"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387657AbeHAJld (ORCPT + 99 others); Wed, 1 Aug 2018 05:41:33 -0400 Received: from mail-oi0-f66.google.com ([209.85.218.66]:35366 "EHLO mail-oi0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387605AbeHAJld (ORCPT ); Wed, 1 Aug 2018 05:41:33 -0400 Received: by mail-oi0-f66.google.com with SMTP id m11-v6so7752922oic.2 for ; Wed, 01 Aug 2018 00:57:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=xYnkeUElkhxdaWZJddBYUPpse1oG6z/9BY3e5KpySqU=; b=vWz/2OjDFXxDaFA0h+iSUluc0mQExA+oOmDTZ1FFW6bjW5wDyxfAGvF+wqxa+dwp0C F+P1ODkcdnrLEoB0Z9JyO0g7JeILl5TvvXPVbjwiMTzqCbPkCbpkrux2BA+ZcnMvLVkZ HZhvF3dPM1UtNp8wnDnTeQTAJ/yaadu7A7nUTRMbWfApCiKS6vufRX/Q4KlHIHsKaHWh tg9jDUqE6Wa+bhybShAE2THF+9x8atJQGK8JoAEO1uhqdmB9cIxKrmvbDTGetLOu6a+V 0qkhEG5Befa9n9QDuUWm83tye9RK5VUutpT6atpNeg1vGwFpCSBkEbywrvByhNG8i87Q xitg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=xYnkeUElkhxdaWZJddBYUPpse1oG6z/9BY3e5KpySqU=; b=KGmAsNAhB0/0G2YRJ8V4ux0KMqi+uzW/KGqWFIgZyyb69YmSH5TpKLqHj87Vv0AP7H tAakOOKc3D79kdlR3Fk8kXl3CJgt4YCEybq0+nN37FUwaE//JvAdsSZTTlbaIc1aaGMx 2ifvzb71UrxDtwlyh883Znk2qaSeUCAke1qgGwv+ND4fY2JLsExFORi26CNCqnTtK5Wi EzH2/5rh4Pr2YBd23xlJ+J28stjY5gIoGj7yzLZFRnF7XlQ64I+LkrabuXP0PQi4GjDj 4DpEXeErpTkYv5pTyZWdIRM/P5QTAkR6hyd7fY9+TxeEcq09c48QFroDNn5eRS0T4Qkt 3zJQ== X-Gm-Message-State: AOUpUlEUvvFDvMELQv5/Q542h+AVLodv+AliXdnw6A7lH7G6DtDrspSt Ot2GEMY1vgdOCudOBDhi+lZwr3Zz5vEnIx4vF03IbA== X-Received: by 2002:aca:c42:: with SMTP id i2-v6mr2225505oiy.219.1533110227836; Wed, 01 Aug 2018 00:57:07 -0700 (PDT) MIME-Version: 1.0 References: <20180730075241.24002-1-j@bitron.ch> <625ede00c618783eb610b7109c35c514e8faa793.camel@bitron.ch> In-Reply-To: <625ede00c618783eb610b7109c35c514e8faa793.camel@bitron.ch> From: Jann Horn Date: Wed, 1 Aug 2018 09:56:41 +0200 Message-ID: Subject: Re: [PATCH] prctl: add PR_[GS]ET_KILLABLE To: j@bitron.ch Cc: Andrew Morton , Oleg Nesterov , "Eric W. Biederman" , Linux API , kernel list Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Aug 1, 2018 at 9:44 AM J=C3=BCrg Billeter wrote: > > On Tue, 2018-07-31 at 18:26 +0200, Jann Horn wrote: > > On Mon, Jul 30, 2018 at 10:01 AM J=C3=BCrg Billeter wrote= : > > > > [...] > > > diff --git a/kernel/sys.c b/kernel/sys.c > > > index 38509dc1f77b..264de630d548 100644 > > > --- a/kernel/sys.c > > > +++ b/kernel/sys.c > > > > [...] > > > + case PR_SET_KILLABLE: > > > + if (arg2 !=3D 1 || arg3 || arg4 || arg5) > > > + return -EINVAL; > > > + me->signal->flags &=3D ~SIGNAL_UNKILLABLE; > > > + break; > > > > I don't have an opinion on this patchset otherwise, but should this > > prctl maybe block PR_SET_KILLABLE if you're actually the real init > > process? This seems like it could potentially lead to weird things. > > While I don't expect global init to use this, I can't think of a good > reason to disallow it in the kernel. Do you have specific concerns or > is the code in kernel/fork.c the only reason? No, I don't have any other specific concerns. > I prefer avoiding special cases unless really required.