From: Petr Skocik <pskocik@gmail.com>
To: Kees Cook <keescook@chromium.org>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
Oleg Nesterov <oleg@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>,
Peter Zijlstra <peterz@infradead.org>,
Marco Elver <elver@google.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 0/1] *** Fix kill(-1,s) returning 0 on 0 kills ***
Date: Wed, 23 Nov 2022 00:01:39 +0100 [thread overview]
Message-ID: <4e1dcf10-dba0-4cd4-cfa7-db6b8e06eeff@gmail.com> (raw)
In-Reply-To: <202211220913.AF86992@keescook>
On 11/22/22 18:15, Kees Cook wrote:
> On Tue, Nov 22, 2022 at 05:12:40PM +0100, Petr Skocik wrote:
>> Hi. I've never sent a kernel patch before but this one seemed trivial,
>> so I thought I'd give it a shot.
>>
>> My issue: kill(-1,s) on Linux doesn't return -ESCHR when it has nothing
>> to kill.
> It looks like LTP already tests for this, and gets -ESRCH?
> https://github.com/linux-test-project/ltp/blob/master/testcases/kernel/containers/pidns/pidns10.c
>
> Does it still pass with your change?
>
I went ahead and ran it and it does pass with the change.
But it should be obvious from the code alone too. It's only a few
(and fewer after the patch) simple lines of code.
The original:
int retval = 0, count = 0;
struct task_struct * p;
for_each_process(p) {
if (task_pid_vnr(p) > 1 &&
!same_thread_group(p, current)) {
int err = group_send_sig_info(sig, info, p,
PIDTYPE_MAX);
++count;
if (err != -EPERM)
retval = err;
}
}
ret = count ? retval : -ESRCH;
counts kills made after the `task_pid_vnr(p) > 1 &&
!same_thread_group(p, current)` check.
Some, and possibly all, of those kills fail with -EPERM, but the the
final line only sets -ESRCH
if the count is zero (i.e., the initial check fails). It should be
counting only kill attempts that
have _not_ returned -EPERM (if all returned -EPERM, then no suitable
target was found and
a -ESRCH is would be in order -- but it won't be set with the original
code!).
So the change can be as minor as
diff --git a/kernel/signal.c b/kernel/signal.c
index d140672185a4..e42076e2332b 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -1608,9 +1608,10 @@ static int kill_something_info(int sig,
struct kernel_siginfo *info, pid_t pid)
!same_thread_group(p, current)) {
int err = group_send_sig_info(sig, info, p,
PIDTYPE_MAX);
- ++count;
- if (err != -EPERM)
+ if (err != -EPERM){
+ ++count;
retval = err;
+ }
}
}
ret = count ? retval : -ESRCH;
But since the count variable isn't used other than for the zeroness
check, I simplified it further
into
- int retval = 0, count = 0;
struct task_struct * p;
+ ret = -ESRCH;
for_each_process(p) {
if (task_pid_vnr(p) > 1 &&
!same_thread_group(p, current)) {
int err = group_send_sig_info(sig, info, p,
PIDTYPE_MAX);
- ++count;
if (err != -EPERM)
- retval = err;
+ ret = err; /*either all 0 or all -EINVAL*/
}
}
- ret = count ? retval : -ESRCH;
adding a comment explaining the apparent implicit assumption of the
original code that
the non-EPERM returns from group_send_sig_info in this context must be
either all -EINVAL
(bad signal number) or all 0, i.e., there can't be a signal allocation
failure
(that would be susceptible to being overshadowed by a 0 returned from a
later kill)
because none of those kills in this context (kill not sigqueue) should
require any memory allocation.
It's a tiny patch.
Cheers,
Petr Skocik
P.S.: Apologies if the code formatting is off. Sent this one with
Thunderbird. Need to work on my
CLI mailsending skills.
next prev parent reply other threads:[~2022-11-22 23:02 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-22 16:12 [PATCH 0/1] *** Fix kill(-1,s) returning 0 on 0 kills *** Petr Skocik
2022-11-22 16:12 ` [PATCH 1/1] Fix kill(-1,s) returning 0 on 0 kills Petr Skocik
2022-11-23 10:30 ` Oleg Nesterov
2022-11-23 11:20 ` Oleg Nesterov
2022-11-23 11:27 ` Petr Skocik
2022-11-23 11:56 ` Oleg Nesterov
2022-11-22 17:15 ` [PATCH 0/1] *** Fix kill(-1,s) returning 0 on 0 kills *** Kees Cook
2022-11-22 23:01 ` Petr Skocik [this message]
2023-08-09 12:27 ` Petr Skocik
2023-08-10 16:16 ` Eric W. Biederman
2023-08-10 21:30 ` Petr Skocik
2023-08-11 21:25 ` Eric W. Biederman
2023-08-11 22:16 ` [PATCH] signal: Fix the error return of kill -1 Eric W. Biederman
2023-08-14 14:06 ` Oleg Nesterov
2023-08-14 15:43 ` Oleg Nesterov
2023-08-15 14:47 ` David Laight
2023-08-15 15:11 ` Oleg Nesterov
2023-08-16 20:32 ` Eric W. Biederman
2023-08-16 21:06 ` Oleg Nesterov
2023-08-17 2:33 ` Eric W. Biederman
2023-08-17 4:37 ` Eric W. Biederman
2023-08-17 15:47 ` [PATCH] __kill_pgrp_info: simplify the calculation of return value Oleg Nesterov
2023-08-11 23:37 ` [PATCH 0/1] *** Fix kill(-1,s) returning 0 on 0 kills *** Petr Skocik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4e1dcf10-dba0-4cd4-cfa7-db6b8e06eeff@gmail.com \
--to=pskocik@gmail.com \
--cc=ebiederm@xmission.com \
--cc=elver@google.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=oleg@redhat.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.