Received: by 2002:ac0:946b:0:0:0:0:0 with SMTP id j40csp2456676imj; Mon, 18 Feb 2019 06:22:20 -0800 (PST) X-Google-Smtp-Source: AHgI3IY5B5AZiudISige8KS/K9Ifge1MK47W8UA2klFZ8jzsFvTDP30HYYMPo6p/Sq5RS0T6QQP/ X-Received: by 2002:a63:575d:: with SMTP id h29mr4431128pgm.442.1550499740883; Mon, 18 Feb 2019 06:22:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1550499740; cv=none; d=google.com; s=arc-20160816; b=FgQhfb4KnfTtdx4c/YzwVVgzjOqd8nMV8vpRf6rIf1UfpYDvhYa1Nee/Ya3E2a1L1O IKsvVVCM5seimtti/k0u7EAzZZOauL78RYUpNgboyqGSaiNFjQ2LDev0W2qF5tBlkLnQ 8npziZBfVT6rLxPom8UGgvkQFA/SCy627rL9X8XTtMGGgn5zzR4SqRhb5g51Xhmb+ntX HBhjyX+1+tESQKy9tJoVtvxO/VtuI+Zv3ZzmyifiYDrDGa+0s0tdlsM1Nad+5AT9kfh2 tO8pYZYRVI6zghZSo6uYbzcj+NjX0PMedQYNTv7h2mKRidHZAKdH3Dg4E5tuKROce1t4 lpUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=Z0dIyRY6NipuYEYg0n0S+zTrutAgdrumT4MZDJqWcno=; b=pZKje74eFCWKNbF7ldHFJGb+iOWuPyN64rU2yelWup1K0PmdUMvJmS0Tc+gDkDgQMe nTmtzE4aAldlExEBUppSxnzdthDQPyMYVcBaaUeSTG0swuzQ3HtfnJ6cHEcSelxE5Znd Z4RAjsLg08vdlPtZOXkchEgyZsk1nbTI4TeopE16vV9RswKchrBeajFRJ19dXnSTeuz/ 65FMZcccXzCdHmNpZbsfsx61C+VuWCPtmbU4DOxD4x2Tm5djUkqwLYhIuRZnO4vF07wB pFm8GAf/Vg4NFnRjp/sgkoNsZjvexLXwzW7VfKI+1fOZGDuD0VtmNMguUWHmPjQAAK8U YB3Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=iaJTZmku; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z5si13174009pgf.261.2019.02.18.06.22.05; Mon, 18 Feb 2019 06:22:20 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=iaJTZmku; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390944AbfBROVN (ORCPT + 99 others); Mon, 18 Feb 2019 09:21:13 -0500 Received: from mail.kernel.org ([198.145.29.99]:49714 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2390450AbfBROGj (ORCPT ); Mon, 18 Feb 2019 09:06:39 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 9FCC321917; Mon, 18 Feb 2019 14:06:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1550498799; bh=zq/4FDu2VWztYRXm+dxcTENNT1mCm4zRa+bcM5GH/ew=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=iaJTZmkuxZcXqv/kQpMgKQolOK7OwHk1fzbYHm7yQrEiFiz3bnMZYfiKOLiXkdkT0 039S13woC4BYXGLzxb/AWaBAMbSQ7bds6hSaJImwfRdJSjwxr/m/flQ6yrAQF2H/jS 9LZ5uN4Yf3DCTrNfTtBik1vpDW0TnFOVpE4c2Hj8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Dmitry Vyukov , "Eric W. Biederman" Subject: [PATCH 4.4 099/143] signal: Always notice exiting tasks Date: Mon, 18 Feb 2019 14:43:47 +0100 Message-Id: <20190218133532.663992132@linuxfoundation.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190218133529.099444112@linuxfoundation.org> References: <20190218133529.099444112@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.4-stable review patch. If anyone has any objections, please let me know. ------------------ From: Eric W. Biederman commit 35634ffa1751b6efd8cf75010b509dcb0263e29b upstream. Recently syzkaller was able to create unkillablle processes by creating a timer that is delivered as a thread local signal on SIGHUP, and receiving SIGHUP SA_NODEFERER. Ultimately causing a loop failing to deliver SIGHUP but always trying. Upon examination it turns out part of the problem is actually most of the solution. Since 2.5 signal delivery has found all fatal signals, marked the signal group for death, and queued SIGKILL in every threads thread queue relying on signal->group_exit_code to preserve the information of which was the actual fatal signal. The conversion of all fatal signals to SIGKILL results in the synchronous signal heuristic in next_signal kicking in and preferring SIGHUP to SIGKILL. Which is especially problematic as all fatal signals have already been transformed into SIGKILL. Instead of dequeueing signals and depending upon SIGKILL to be the first signal dequeued, first test if the signal group has already been marked for death. This guarantees that nothing in the signal queue can prevent a process that needs to exit from exiting. Cc: stable@vger.kernel.org Tested-by: Dmitry Vyukov Reported-by: Dmitry Vyukov Ref: ebf5ebe31d2c ("[PATCH] signal-fixes-2.5.59-A4") History Tree: https://git.kernel.org/pub/scm/linux/kernel/git/tglx/history.git Signed-off-by: "Eric W. Biederman" Signed-off-by: Greg Kroah-Hartman --- kernel/signal.c | 6 ++++++ 1 file changed, 6 insertions(+) --- a/kernel/signal.c +++ b/kernel/signal.c @@ -2198,6 +2198,11 @@ relock: goto relock; } + /* Has this task already been marked for death? */ + ksig->info.si_signo = signr = SIGKILL; + if (signal_group_exit(signal)) + goto fatal; + for (;;) { struct k_sigaction *ka; @@ -2293,6 +2298,7 @@ relock: continue; } + fatal: spin_unlock_irq(&sighand->siglock); /*