Re: + kernel-fork-validate-exit_signal-in-clone-syscall.patch added to mm-nonmm-unstable branch

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Oleg Nesterov <oleg@redhat.com>
To: Deepanshu Kartikey <kartikey406@gmail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
	mm-commits@vger.kernel.org, vschneid@redhat.com,
	vincent.guittot@linaro.org, surenb@google.com,
	stable@vger.kernel.org, rppt@kernel.org, rostedt@goodmis.org,
	peterz@infradead.org, mingo@redhat.com, mhocko@suse.com,
	mgorman@suse.de, lorenzo.stoakes@oracle.com,
	liam.howlett@oracle.com, kees@kernel.org, juri.lelli@redhat.com,
	dietmar.eggemann@arm.com, david@kernel.org, bsegall@google.com,
	brauner@kernel.org
Subject: Re: + kernel-fork-validate-exit_signal-in-clone-syscall.patch added to mm-nonmm-unstable branch
Date: Mon, 9 Mar 2026 11:47:28 +0100	[thread overview]
Message-ID: <aa6lQIECL7dChKkI@redhat.com> (raw)
In-Reply-To: <CADhLXY6zH2A88dSDeTdsQJ77dEOPX5fkHu7PvhKL1beXGxs6Tw@mail.gmail.com>

On 03/09, Deepanshu Kartikey wrote:
>
> > Well, kernel_clone() has more users which doesn't validate .exit_signal,
> > say sys_ia32_clone().
> >
> > we need to move the valid_signal() check from copy_clone_args_from_user()
> > to kernel_clone() or copy_process()...
> >
> > So. This should fix my
> >
> >         [PATCH] do_notify_parent: sanitize the valid_signal() checks
> >         https://lore.kernel.org/all/aZsfg0Y055yuAvsq@redhat.com/
> >
> > do_notify_parent-sanitize-the-valid_signal-checks.patch in -mm tree.
> >
> > Somehow I was very sure that copy_process() paths already have the valid_signal()
> > check but my memory fooled me.
> >
> > But this is a user visible change which can cause other bug reports...
> > Perhaps we should revert do_notify_parent-sanitize-the-valid_signal-checks.patch
> > and this patch?
> >
> > Even if I think that the new valid_signal() check "fixes" the undocumented
> > behaviour, unlikely there is a sane application which passes non-valid exit
> > signal to sys_clone(). But who knows...
> >
> > Oleg.
> >
>
> Hi Oleg,
>
> Thank you for the review.
>
> You are correct that fixing only the clone() syscall is incomplete.
> sys_ia32_clone() and other kernel_clone() callers would remain
> unprotected. I will send a v2 with the valid_signal() check moved
> to kernel_clone() to cover all callers.
>
> Regarding your do_notify_parent patch — since v2 will fix the root
> cause at kernel_clone(), your patch in the -mm tree can be dropped.

Well. my patch can be dropped with or without your v2. It is just
a cleanup and I still think it is a good cleanup...

But without your fix it is wrong. From the changelog:

	The "sig" argument of do_notify_parent() must always be valid

this is not true because (contrary to what I thought) sys_clone doesn't
validate exit_signal. The

	WARN_ON_ONCE(!valid_signal(sig))

added by that patch allowed to notice the problem you are trying to fix.

But again, this (your patch) is a user-visible change, and I am worried
even if I think this change is good.

Oleg.

     prev parent reply	other threads:[~2026-03-09 10:47 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-03-08 21:31 + kernel-fork-validate-exit_signal-in-clone-syscall.patch added to mm-nonmm-unstable branch Andrew Morton
2026-03-09  9:58 ` Oleg Nesterov
2026-03-09 10:38   ` Deepanshu Kartikey
2026-03-09 10:47     ` Oleg Nesterov [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=aa6lQIECL7dChKkI@redhat.com \
    --to=oleg@redhat.com \
    --cc=akpm@linux-foundation.org \
    --cc=brauner@kernel.org \
    --cc=bsegall@google.com \
    --cc=david@kernel.org \
    --cc=dietmar.eggemann@arm.com \
    --cc=juri.lelli@redhat.com \
    --cc=kartikey406@gmail.com \
    --cc=kees@kernel.org \
    --cc=liam.howlett@oracle.com \
    --cc=lorenzo.stoakes@oracle.com \
    --cc=mgorman@suse.de \
    --cc=mhocko@suse.com \
    --cc=mingo@redhat.com \
    --cc=mm-commits@vger.kernel.org \
    --cc=peterz@infradead.org \
    --cc=rostedt@goodmis.org \
    --cc=rppt@kernel.org \
    --cc=stable@vger.kernel.org \
    --cc=surenb@google.com \
    --cc=vincent.guittot@linaro.org \
    --cc=vschneid@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.