From: Oleg Nesterov <oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Cc: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Containers <containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>,
Sukadev Bhattiprolu
<sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>,
roland-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org
Subject: Re: [PATCH 7/7][v8] SI_USER: Masquerade si_pid when crossing pid ns boundary
Date: Thu, 19 Feb 2009 19:51:59 +0100 [thread overview]
Message-ID: <20090219185159.GA374@redhat.com> (raw)
In-Reply-To: <m1y6w21k6d.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
On 02/19, Eric W. Biederman wrote:
>
> Sukadev Bhattiprolu <sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> writes:
>
> > From: Sukadev Bhattiprolu <sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
> > Date: Wed, 24 Dec 2008 14:14:18 -0800
> > Subject: [PATCH 7/7][v8] SI_USER: Masquerade si_pid when crossing pid ns
> > boundary
> >
> > When sending a signal to a descendant namespace, set ->si_pid to 0 since
> > the sender does not have a pid in the receiver's namespace.
> >
> > Note:
> > - If rt_sigqueueinfo() sets si_code to SI_USER when sending a
> > signal across a pid namespace boundary, the value in ->si_pid
> > will be cleared to 0.
> >
> > Changelog[v5]:
> > - (Oleg Nesterov) Address both sys_kill() and sys_tkill() cases
> > in send_signal() to simplify code (this drops patch 7/7 from
> > earlier version of patchset).
> >
> > Signed-off-by: Sukadev Bhattiprolu <sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
> > ---
> > kernel/signal.c | 2 ++
> > 1 files changed, 2 insertions(+), 0 deletions(-)
> >
> > diff --git a/kernel/signal.c b/kernel/signal.c
> > index c94355b..a416d77 100644
> > --- a/kernel/signal.c
> > +++ b/kernel/signal.c
> > @@ -883,6 +883,8 @@ static int __send_signal(int sig, struct siginfo *info,
> > struct task_struct *t,
> > break;
> > default:
> > copy_siginfo(&q->info, info);
> > + if (from_ancestor_ns)
> > + q->info.si_pid = 0;
>
> This is wrong. siginfo is a union and you need to inspect
> code to see if si_pid is present in the current union.
SI_FROMUSER() == T, unless we have more (hopefully not) in-kernel
users which send SI_FROMUSER() signals, .si_pid must be valid?
kill_pid_info_as_uid() was the only known sender of SI_FROMUSER
signal, it was converted to use __send_signal(from_ancestor_ns => 0).
Oleg.
WARNING: multiple messages have this Message-ID (diff)
From: Oleg Nesterov <oleg@redhat.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>,
Andrew Morton <akpm@osdl.org>,
roland@redhat.com, daniel@hozac.com,
Containers <containers@lists.osdl.org>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 7/7][v8] SI_USER: Masquerade si_pid when crossing pid ns boundary
Date: Thu, 19 Feb 2009 19:51:59 +0100 [thread overview]
Message-ID: <20090219185159.GA374@redhat.com> (raw)
In-Reply-To: <m1y6w21k6d.fsf@fess.ebiederm.org>
On 02/19, Eric W. Biederman wrote:
>
> Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com> writes:
>
> > From: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
> > Date: Wed, 24 Dec 2008 14:14:18 -0800
> > Subject: [PATCH 7/7][v8] SI_USER: Masquerade si_pid when crossing pid ns
> > boundary
> >
> > When sending a signal to a descendant namespace, set ->si_pid to 0 since
> > the sender does not have a pid in the receiver's namespace.
> >
> > Note:
> > - If rt_sigqueueinfo() sets si_code to SI_USER when sending a
> > signal across a pid namespace boundary, the value in ->si_pid
> > will be cleared to 0.
> >
> > Changelog[v5]:
> > - (Oleg Nesterov) Address both sys_kill() and sys_tkill() cases
> > in send_signal() to simplify code (this drops patch 7/7 from
> > earlier version of patchset).
> >
> > Signed-off-by: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
> > ---
> > kernel/signal.c | 2 ++
> > 1 files changed, 2 insertions(+), 0 deletions(-)
> >
> > diff --git a/kernel/signal.c b/kernel/signal.c
> > index c94355b..a416d77 100644
> > --- a/kernel/signal.c
> > +++ b/kernel/signal.c
> > @@ -883,6 +883,8 @@ static int __send_signal(int sig, struct siginfo *info,
> > struct task_struct *t,
> > break;
> > default:
> > copy_siginfo(&q->info, info);
> > + if (from_ancestor_ns)
> > + q->info.si_pid = 0;
>
> This is wrong. siginfo is a union and you need to inspect
> code to see if si_pid is present in the current union.
SI_FROMUSER() == T, unless we have more (hopefully not) in-kernel
users which send SI_FROMUSER() signals, .si_pid must be valid?
kill_pid_info_as_uid() was the only known sender of SI_FROMUSER
signal, it was converted to use __send_signal(from_ancestor_ns => 0).
Oleg.
next prev parent reply other threads:[~2009-02-19 18:51 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-02-19 3:02 [PATCH 0/7][v8] Container-init signal semantics Sukadev Bhattiprolu
2009-02-19 3:05 ` [PATCH 1/7][v8] Remove 'handler' parameter to tracehook functions Sukadev Bhattiprolu
2009-02-19 3:05 ` [PATCH 2/7][v8] Protect init from unwanted signals more Sukadev Bhattiprolu
2009-02-19 3:06 ` [PATCH 3/7][v8] Add from_ancestor_ns parameter to send_signal() Sukadev Bhattiprolu
2009-02-19 3:06 ` [PATCH 4/7][v8] Protect cinit from unblocked SIG_DFL signals Sukadev Bhattiprolu
2009-02-19 3:07 ` [PATCH 7/7][v8] SI_USER: Masquerade si_pid when crossing pid ns boundary Sukadev Bhattiprolu
2009-02-19 16:11 ` Eric W. Biederman
[not found] ` <m1y6w21k6d.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2009-02-19 18:51 ` Oleg Nesterov [this message]
2009-02-19 18:51 ` Oleg Nesterov
2009-02-19 22:18 ` Eric W. Biederman
[not found] ` <m1fxiayss9.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2009-02-19 22:31 ` Oleg Nesterov
2009-02-19 22:31 ` Oleg Nesterov
2009-02-19 23:21 ` Eric W. Biederman
2009-02-19 23:51 ` Roland McGrath
2009-02-19 23:51 ` Roland McGrath
2009-02-20 0:35 ` Eric W. Biederman
[not found] ` <m1bpsyt05t.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2009-02-20 1:06 ` Roland McGrath
2009-02-20 1:06 ` Roland McGrath
2009-02-20 2:12 ` Eric W. Biederman
2009-02-20 3:10 ` Roland McGrath
2009-02-20 3:10 ` Roland McGrath
2009-02-20 4:05 ` Eric W. Biederman
[not found] ` <m1fxiaxbb5.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2009-02-20 0:28 ` Oleg Nesterov
2009-02-20 0:28 ` Oleg Nesterov
2009-02-20 1:16 ` Eric W. Biederman
2009-02-19 14:59 ` [PATCH 0/7][v8] Container-init signal semantics Daniel Lezcano
2009-03-07 19:04 ` Sukadev Bhattiprolu
2009-03-07 19:43 ` Daniel Lezcano
2009-03-07 19:51 ` Greg Kurz
2009-03-07 19:59 ` Daniel Lezcano
[not found] ` <20090219030207.GA18783-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-02-19 3:07 ` [PATCH 5/7][v8] zap_pid_ns_process() should use force_sig() Sukadev Bhattiprolu
2009-02-19 3:07 ` Sukadev Bhattiprolu
[not found] ` <20090219030704.GE18990-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-02-19 18:59 ` Oleg Nesterov
2009-02-19 18:59 ` Oleg Nesterov
2009-02-19 20:26 ` Sukadev Bhattiprolu
2009-02-19 3:07 ` [PATCH 6/7][v8] Protect cinit from blocked fatal signals Sukadev Bhattiprolu
2009-02-19 3:07 ` Sukadev Bhattiprolu
2009-02-19 20:53 ` [PATCH 0/7][v8] Container-init signal semantics Oleg Nesterov
2009-02-19 20:53 ` Oleg Nesterov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090219185159.GA374@redhat.com \
--to=oleg-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=roland-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.