Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758197AbXEaAs0 (ORCPT ); Wed, 30 May 2007 20:48:26 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1754108AbXEaAsT (ORCPT ); Wed, 30 May 2007 20:48:19 -0400 Received: from fgwmail6.fujitsu.co.jp ([192.51.44.36]:36998 "EHLO fgwmail6.fujitsu.co.jp" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753232AbXEaAsS (ORCPT ); Wed, 30 May 2007 20:48:18 -0400 Date: Thu, 31 May 2007 09:48:16 +0900 Message-ID: <87wsypakdr.wl%takeuchi_satoru@jp.fujitsu.com> From: Satoru Takeuchi To: Oleg Nesterov Cc: Andrew Morton , Satoru Takeuchi , Roland McGrath , linux-kernel@vger.kernel.org Subject: Re: [PATCH] tty: fix leakage of -ERESTARTSYS to userland In-Reply-To: <20070530191849.GB85@tv-sign.ru> References: <20070529184435.GA174@tv-sign.ru> <20070530110513.b2ae50ad.akpm@linux-foundation.org> <20070530191849.GB85@tv-sign.ru> User-Agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.8 (=?ISO-8859-4?Q?Shij=F2?=) APEL/10.6 Emacs/21.4 (i486-pc-linux-gnu) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2296 Lines: 65 At Wed, 30 May 2007 23:18:49 +0400, Oleg Nesterov wrote: > > On 05/30, Andrew Morton wrote: > > On Tue, 29 May 2007 22:44:35 +0400 > > Oleg Nesterov wrote: > > > > > --- t/drivers/char/n_tty.c~ 2007-04-05 12:18:26.000000000 +0400 > > > +++ t/drivers/char/n_tty.c 2007-05-28 10:57:58.000000000 +0400 > > > @@ -1191,6 +1191,7 @@ static int job_control(struct tty_struct > > > is_current_pgrp_orphaned()) > > > return -EIO; > > > kill_pgrp(task_pgrp(current), SIGTTIN, 1); > > > + set_thread_flag(TIF_SIGPENDING); > > > return -ERESTARTSYS; > > > } > > > } > > > > Are there other callers of kill_pgrp() which have the same problem? > > Hopefully no. > > > Perhaps we should have a kill_pgrp_self() which takes care of doing > > this, rather than open-coding it. Something with a comment which > > explains what's going on ;) > > This set_thread_flag(TIF_SIGPENDING) is "connected" to "return -ERESTARTSYS", > not to kill_pgrp(), imho the new helper is not so suitable. > > Perhaps it makes sense to add the comment into include/linux/errno.h, to > explain that -ERESTART... codes are only valid when signal_pending() == true. Like this? Satoru --- Add comment for errnos related to restart syscall to avoid the leakage of kernel only errnos. Signed-off-by: Satoru Takeuchi Cc: Oleg Nesterov Index: linux-2.6.22-rc3/include/linux/errno.h =================================================================== --- linux-2.6.22-rc3.orig/include/linux/errno.h 2007-04-26 12:08:32.000000000 +0900 +++ linux-2.6.22-rc3/include/linux/errno.h 2007-05-31 09:44:27.000000000 +0900 @@ -5,7 +5,11 @@ #ifdef __KERNEL__ -/* Should never be seen by user programs */ +/* + * Should never be seen by user programs. Please note that returing + * `ERESTART*' errnos when `!signal_pending()' incurs the leakage of these + * errnos to user space. + */ #define ERESTARTSYS 512 #define ERESTARTNOINTR 513 #define ERESTARTNOHAND 514 /* restart if no handler.. */ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/