From: Oleg Nesterov <oleg@redhat.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Deepanshu Kartikey <kartikey406@gmail.com>,
linux-kernel@vger.kernel.org, linux-mm@kvack.org
Subject: Re: [PATCH -mm v2] do_notify_parent: sanitize the valid_signal() checks
Date: Tue, 17 Mar 2026 20:08:14 +0100 [thread overview]
Message-ID: <abmmnjgxrrGLKn2D@redhat.com> (raw)
In-Reply-To: <20260317113452.cede9a514dfed36a1cb0e5a9@linux-foundation.org>
On 03/17, Andrew Morton wrote:
>
> On Tue, 17 Mar 2026 14:58:18 +0100 Oleg Nesterov <oleg@redhat.com> wrote:
>
> > Now that kernel_clone() checks valid_signal(args->exit_signal), the "sig"
> > argument of do_notify_parent() must always be valid or we have a bug.
> >
> > However, do_notify_parent() only checks that sig != -1 at the start, then
> > it does another valid_signal() check before __send_signal_locked().
> >
> > This is confusing. Change do_notify_parent() to WARN and return early if
> > valid_signal(sig) is false.
>
> Sashiko has a question:
> https://sashiko.dev/#/patchset/abld-ilvMEZ7VgMw%40redhat.com
I think that userpace can't bypass kernel_clone() (which checks valid_signal)
before copy_process().
This includes ia32_clone() and sparc_clone() mentioned in the link above.
There are in-kernel users (fork_idle, create_io_thread, vhost_task_create).
But if they pass a non-valid exit_signal (they don't), we do have a kernel
bug and WARN_ON() added by this patch should catch the problem.
In short. From the link above:
While kernel_clone() expects the caller to validate args->exit_signal
this was true before
kernel-fork-validate-exit_signal-in-kernel_clone.patch
from Deepanshu, and my cleanup depends on it.
Oleg.
prev parent reply other threads:[~2026-03-17 19:08 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-16 15:19 [PATCH v3] kernel/fork: validate exit_signal in kernel_clone() Deepanshu Kartikey
2026-03-17 12:48 ` Oleg Nesterov
2026-03-17 14:10 ` Christian Brauner
2026-03-17 14:19 ` Oleg Nesterov
2026-03-17 13:58 ` [PATCH -mm v2] do_notify_parent: sanitize the valid_signal() checks Oleg Nesterov
2026-03-17 14:38 ` Deepanshu Kartikey
2026-03-17 18:34 ` Andrew Morton
2026-03-17 19:08 ` Oleg Nesterov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=abmmnjgxrrGLKn2D@redhat.com \
--to=oleg@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=kartikey406@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.