Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp1000378ybe; Wed, 11 Sep 2019 07:56:57 -0700 (PDT) X-Google-Smtp-Source: APXvYqzFc221B0DaI5Z60a7mjnCw0nJYM6EmRnYp4kkoDVc1CokSXt/02jPZdwenp4u3Zo26eBHY X-Received: by 2002:a17:906:e2c4:: with SMTP id gr4mr29489481ejb.25.1568213817760; Wed, 11 Sep 2019 07:56:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568213817; cv=none; d=google.com; s=arc-20160816; b=svy6iGTuv7+aCg1M4FqE7xo0rbFH3IoChZMm7WQTPoEwfoCIpIStdWUguSEhIaoZ4g lE6wIAAQ/qPKZsVTMDJXVB2n3J138/U2OhVtk3HRt+yYK4UXtIv0LP7fVrQQ/h2U++1J yWJH68SBMYEpb7i4+IOrxLKKc9eAvn3y0+8rlBOA24dmQwBZIejqw80s/+m2HsqvquLm sPz6N5AFsigO0LosBrRc71z7F59IXXFIhJp86Dq7MSxwm5WhZlRApEh5eDZMDttbPxY8 DqdzaZjfgn6DeTXN/2mk55hJobMu83xkTZrh+OHh5PyoK+obSMaUJwV9eoRr2CazfiR2 Ol8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=woAsLE+aErD4vrMvfpifsoUo3yMYQWD9JJZnqZFxtw0=; b=GrLAJEglk9U6pOVUqgr1GMykPFa/7sEjN6NfacgduEzcUO23IjLMfAQfzDDL5tW+/J WaRY8oOGYCFiOVrFlgLjzyhhiGkbeeK7EGpfYzmcLfCTmwYuy6QgpU141gY2lYxWJqrI zvZHYq/PNYJLSVFl5vgOKuatp1BPaKiwppfGnEaM9govrOWNhS68OnOyyH73F6pQKTES 6bI48snnSreMKsG27/+A35oaRVGtLWwzsARNRsm096R4KZzsUEE89p/zg70mHyZc7N0q Ri/XVESSy4rtbIyXLuwB3HCB0a1wjSdeP2JX7Ps5Cedakxa5KZqoowC5lCKP8QuwEEY7 yX7w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z23si11339380eja.368.2019.09.11.07.56.33; Wed, 11 Sep 2019 07:56:57 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728336AbfIKOyw (ORCPT + 99 others); Wed, 11 Sep 2019 10:54:52 -0400 Received: from youngberry.canonical.com ([91.189.89.112]:60067 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727627AbfIKOyw (ORCPT ); Wed, 11 Sep 2019 10:54:52 -0400 Received: from [148.69.85.38] (helo=wittgenstein) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1i841A-0003CG-8l; Wed, 11 Sep 2019 14:54:48 +0000 Date: Wed, 11 Sep 2019 16:54:47 +0200 From: Christian Brauner To: Eugene Syromiatnikov Cc: Andrew Morton , linux-kernel@vger.kernel.org, Oleg Nesterov , "Peter Zijlstra (Intel)" , Ingo Molnar , "Dmitry V. Levin" , Eric Biederman Subject: Re: [PATCH v2] fork: check exit_signal passed in clone3() call Message-ID: <20190911145446.vkcqy2shldi5ibb5@wittgenstein> References: <20190910175852.GA15572@asgard.redhat.com> <20190911064852.9f236d4c201b50e14d717c14@linux-foundation.org> <20190911135236.73l6icwxqff7fkw5@wittgenstein> <20190911141635.lafrcjwvbhjm3ezy@wittgenstein> <20190911143213.GB21600@asgard.redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20190911143213.GB21600@asgard.redhat.com> User-Agent: NeoMutt/20180716 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Sep 11, 2019 at 03:32:13PM +0100, Eugene Syromiatnikov wrote: > On Wed, Sep 11, 2019 at 04:16:36PM +0200, Christian Brauner wrote: > > On Wed, Sep 11, 2019 at 03:52:36PM +0200, Christian Brauner wrote: > > > On Wed, Sep 11, 2019 at 06:48:52AM -0700, Andrew Morton wrote: > > > > What are the user-visible runtime effects of this bug? > > The userspace can set -1 as an exit_signal, and that will break process > signalling and reaping. > > > > > Relatedly, should this fix be backported into -stable kernels? If so, why? > > > > > > No, as I said in my other mail clone3() is not in any released kernel > > > yet. clone3() is going to be released in v5.3. > > > > Sigh, I spoke to soon... Hm, this is placed in _do_fork(). There's a > > chance that this might be visible in legacy clone if anyone passes in an > > invalid signal greater than NSIG right now somehow, they'd now get > > EINVAL if I'm seeing this right. > > > > So an alternative might be to only fix this in clone3() only right now > > and get this patch into 5.3 to not release clone3() with this bug from > > legacy clone duplicated. > > And we defer the actual legacy clone fix until after next merge window > > having it stew in linux-next for a couple of rcs. Distros often pull in > > rcs so if anyone notices a regression for legacy clone we'll know about > > it... valid_signal() checks at process exit time when the parent is > > supposed to be notifed will catch faulty signals anyway so it's not that > > big of a deal. > > As the patch is written, only copy_clone_args_from_user is touched (which > is used only by clone3 and not legacy clone), and the check added Great! > replicates legacy clone behaviour: userspace can set 0..CSIGNAL > as an exit_signal. Having ability to set exit_signal in NSIG..CSIGNAL Hm. The way I see it for clone3() it would make sense to only have < NSIG right away. valid_signal() won't let through anything else anyway... Since clone3() isn't out yet it doesn't make sense to replicate the (buggy) behavior of legacy clone, right? Christian