From: ebiederm@xmission.com (Eric W. Biederman)
To: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Cc: linux-kernel@vger.kernel.org, Thomas Gleixner <tglx@linutronix.de>
Subject: Re: [PATCH] posix-timers: Prevent broadcast signals
Date: Fri, 27 Apr 2018 11:16:06 -0500 [thread overview]
Message-ID: <87bme48w1l.fsf@xmission.com> (raw)
In-Reply-To: <20180427093426.13321-1-bigeasy@linutronix.de> (Sebastian Andrzej Siewior's message of "Fri, 27 Apr 2018 11:34:26 +0200")
Sebastian Andrzej Siewior <bigeasy@linutronix.de> writes:
> From: Thomas Gleixner <tglx@linutronix.de>
>
> Posix timers should not send broadcast signals and kernel only
> signals. Prevent it.
You are not adding prevention of ``broadcast'' signals by preventing
sig_kernel_only and sig_kernel_coredump so your change description does
not make sense.
Second we are sending the signal to ourselves. It may be silly to use
a timer to send SIGKILL or SIGSTOP but I can imagine some reasons.
For signals that might coredump if you setup a handler they won't
coredump so preventing those seems even sillier.
So what is the reason for changing which signals posix timers send?
If SIGEV_THREAD_ID is specificied I can understand not wanting
to send signals that could affect more than just a thread.
if SIGEV_THREAD is specified I can understand not wanting signals
that will do more than wake up the thread. I presume glibc precreates
the thread.
Neither of those cases should apply to everything passing through
good_sigevent. So your code is wrong if those are your justification.
Further the kernel is perfectly capable of delivering all types of
signal through send_sigqueue so there is no techincal reason for
preventing these signals.
Eric
> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
> Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
> ---
> kernel/time/posix-timers.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/kernel/time/posix-timers.c b/kernel/time/posix-timers.c
> index b6899b5060bd..4c4cbebb0d71 100644
> --- a/kernel/time/posix-timers.c
> +++ b/kernel/time/posix-timers.c
> @@ -435,6 +435,7 @@ static enum hrtimer_restart posix_timer_fn(struct hrtimer *timer)
> static struct pid *good_sigevent(sigevent_t * event)
> {
> struct task_struct *rtn = current->group_leader;
> + int sig = event->sigev_signo;
>
> switch (event->sigev_notify) {
> case SIGEV_SIGNAL | SIGEV_THREAD_ID:
> @@ -444,7 +445,8 @@ static struct pid *good_sigevent(sigevent_t * event)
> /* FALLTHRU */
> case SIGEV_SIGNAL:
> case SIGEV_THREAD:
> - if (event->sigev_signo <= 0 || event->sigev_signo > SIGRTMAX)
> + if (sig <= 0 || sig > SIGRTMAX ||
> + sig_kernel_only(sig) || sig_kernel_coredump(sig))
> return NULL;
> /* FALLTHRU */
> case SIGEV_NONE:
prev parent reply other threads:[~2018-04-27 16:16 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-27 9:34 [PATCH] posix-timers: Prevent broadcast signals Sebastian Andrzej Siewior
2018-04-27 16:16 ` Eric W. Biederman [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87bme48w1l.fsf@xmission.com \
--to=ebiederm@xmission.com \
--cc=bigeasy@linutronix.de \
--cc=linux-kernel@vger.kernel.org \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.