Received: by 2002:ac0:aa62:0:0:0:0:0 with SMTP id w31-v6csp2372014ima; Mon, 22 Oct 2018 08:42:27 -0700 (PDT) X-Google-Smtp-Source: ACcGV63KzsELvNvsrOvgcxqlNJU6ef4Rv8vjjGqIo/8Rt+jxss2M42bPPGM/T7WIhZ3v3Hwqw8lF X-Received: by 2002:a62:1985:: with SMTP id 127-v6mr44943393pfz.51.1540222947289; Mon, 22 Oct 2018 08:42:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540222947; cv=none; d=google.com; s=arc-20160816; b=P0MwgNCVlAFWojdFc/7+Sce59Krol83zSuMYGY6aG3lLHCVeK40Yp8+Gu+Hus1DGOd vTNFU2RrK2jxqo8DAJT48cGvvpLUIBtThVAjTJGoc7Kp2OLcHq3koRPIKJvUDTFkuZgT tpS3IRUeJKMoNSNPtjfu/PonQpiqf6VxAAhhLr2uHKOnQMyVbm5gaa4FfgcVRj9C2CBc M+ETKzuPTXPvn7eESMn9WZ5p6m2x3rG8mumpDie6rL5E1NfcjVvGoZgqOQOf6pWqHiH+ wf+qAkdVes1JonOayAcQDPrVNb00E3oQTB7aOPuFxGjY7+3sFkzwCEsh75QkqQmzjnJg xpUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=nvsX9dQCPrkAj3MHZDA4EnE4GMAnXv5rUfn9w1e1f58=; b=E8bUMp3yVemfV82uqW1D5OArR47aB7MWYeKhJavMUSLTngW+5sqTB5geeA+vrOa8uH zgTzRWF8k9jM/YtpkdyJSKguA0d5bHOi6II9I3oHXfmaUoUhc+iDuUHyxvDzOIb44czr 8LLFMnr5InfW4EcUwyLSs8uh1Uv3zvdebdjiQYkFdtUU86ojfypc3dvsoyy/UbtCG4g2 xXri+SVhIUClmSrbNKzsxGipidbKHtGmOPPxkRaWbaxlL9mS2IRpqIM+UlJPSddVwBlc MFQvNemOrAolV+wCIQATVtQX5lNRj6XuGKp4TtOJ8owpX3VAL9oQrsdp/7BBgFy1G3Y+ 7KMw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=E8VVeqbS; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i6-v6si35158042pgm.335.2018.10.22.08.42.11; Mon, 22 Oct 2018 08:42:27 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=E8VVeqbS; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728481AbeJVX76 (ORCPT + 99 others); Mon, 22 Oct 2018 19:59:58 -0400 Received: from mail-ot1-f66.google.com ([209.85.210.66]:46581 "EHLO mail-ot1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728444AbeJVX75 (ORCPT ); Mon, 22 Oct 2018 19:59:57 -0400 Received: by mail-ot1-f66.google.com with SMTP id o21so40455254otb.13 for ; Mon, 22 Oct 2018 08:40:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=nvsX9dQCPrkAj3MHZDA4EnE4GMAnXv5rUfn9w1e1f58=; b=E8VVeqbSJiZloog0zEBTji4k4JTo9g9fOJxyilcgvU9foJ0x6CYG3Wyuz0/T3p9boi Pnvou58a06ZEzKQFLT0XHEzbF7qvJYYWAHTbeDF5oARbWIo5TA/TckhRSWZTi00kbn// 55NPrFWBi6UUa5TyXXGW1Vdch+Dj9w+7GhtdnjsPV4HfozA0in+6kJTRT4v6rp3ZPbsc YcVu0YmAmtGydR/Htl/XSvz3GUvjrRpjq98WtTlKhwfCvadN/Q0EbO5WFXmCQOTTx0dd RPtS3jWdxqOMtLx6L9GqjRBvbvfZLhc56cyACVRDpvA/iEUkZUtXR51IpXa6ZuT2AmVb AYzA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=nvsX9dQCPrkAj3MHZDA4EnE4GMAnXv5rUfn9w1e1f58=; b=Vum89U4kLpCQKF8RyK42gMQe9fFD0GpRWRVnEuZM8xNoMqeEbIoeG+voVsIuFkWpPN scxHsnTGetiI97wWZj/+IvY/gRiOmUmgqb9KqBT6gz9RYEGhGiuXVlrEyGTdLaT0wc+P 36gXMdfooZbouhmYP1+POM7ds/uFaqUq+R31Z3KATmUsNagoS9pt5THMAX7EteSiRn3G LU+7G9XupCb7ZxeakD78HDSKGkMdDTJG7fvGiwVgEgk75wsvhvxRQNgOSZe6DELvBkR1 KbjDaSjxE6Zba5xU7mKqK3jo47P+BmE/fFqwtcSH6YAND4kwVcjPXpkuh4TnJcRiV6rP 2AMA== X-Gm-Message-State: ABuFfoiiQsF04E88cvOQ+BRJV9MEkne5AVtW1oW3QSMffXE9rjLDXiZQ Ecihpacq8PEpu/OC2124U5NUI2P+5lFOwjzsKhFGzQ== X-Received: by 2002:a9d:5733:: with SMTP id p48mr27555555oth.292.1540222855377; Mon, 22 Oct 2018 08:40:55 -0700 (PDT) MIME-Version: 1.0 References: <2631f765-8d7a-45ea-6aa4-d8a9bb00d56f@cisco.com> In-Reply-To: <2631f765-8d7a-45ea-6aa4-d8a9bb00d56f@cisco.com> From: Jann Horn Date: Mon, 22 Oct 2018 17:40:28 +0200 Message-ID: Subject: Re: [PATCH] kernel/signal: Signal-based pre-coredump notification To: enkechen@cisco.com Cc: Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H . Peter Anvin" , "the arch/x86 maintainers" , Peter Zijlstra , Arnd Bergmann , "Eric W. Biederman" , Khalid Aziz , Kate Stewart , deller@gmx.de, Greg Kroah-Hartman , Al Viro , Andrew Morton , christian@brauner.io, Catalin Marinas , Will Deacon , Dave.Martin@arm.com, mchehab+samsung@kernel.org, Michal Hocko , Rik van Riel , "Kirill A . Shutemov" , guro@fb.com, Marcos Souza , Oleg Nesterov , linux@dominikbrodowski.net, Cyrill Gorcunov , yang.shi@linux.alibaba.com, Kees Cook , kernel list , linux-arch , Victor Kamensky , xe-linux-external@cisco.com, sstrogin@cisco.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Oct 20, 2018 at 1:01 AM Enke Chen wrote: > Regarding the security considerations, it seems simpler and more secure to > just clear the "pre-coredump signal" cross execve(2), and let the new program > decide for itself. What do you think? I don't have a problem with these semantics. I could imagine someone being unhappy about the theoretical race window if they want to perform an in-place reexecution of a running service, but I don't know whether anyone actually cares about that. > Changes to prctl(2): > > DESCRIPTION > > PR_SET_PREDUMP_SIG (since Linux 4.20.x) > This allows the calling process to receive a signal (arg2, > if nonzero) from a child process prior to the coredump of > the child process. arg2 must be SIGUSR1, or SIGUSR2, or > SIGCHLD, or 0 (for clear). > > When SIGCHLD is specified, the signal code is set to > CLD_PREDUMP in such an SIGCHLD signal. > > The value of the pre-coredump signal is cleared across > execve(2), or for the child of a fork(2). > > PR_GET_PREDUMP_SIG (since Linux 4.20.x) > Return the current value of the pre-coredump signal for the > calling process, in the location pointed to by (int *) arg2.