From: Oleg Nesterov <oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Cc: Andrew Morton
<akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>,
Aleksa Sarai <asarai-IBi9RG/b67k@public.gmane.org>,
Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>,
Attila Fazekas <afazekas-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Jann Horn <jann-XZ1E9jl8jIdeoWH0uzbU5w@public.gmane.org>,
Kees Cook <keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>,
Michal Hocko <mhocko-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Ulrich Obergfell
<uobergfe-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [RFC][PATCH v2 3/5] clone: Disallown CLONE_THREAD with a shared sighand_struct
Date: Wed, 5 Apr 2017 18:24:59 +0200 [thread overview]
Message-ID: <20170405162458.GF14536@redhat.com> (raw)
In-Reply-To: <87k2728lrp.fsf_-_-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
On 04/02, Eric W. Biederman wrote:
>
> --- a/kernel/fork.c
> +++ b/kernel/fork.c
> @@ -1515,6 +1515,13 @@ static __latent_entropy struct task_struct *copy_process(
> if ((clone_flags & CLONE_THREAD) && !(clone_flags & CLONE_SIGHAND))
> return ERR_PTR(-EINVAL);
>
> + /* Disallow CLONE_THREAD with a shared SIGHAND structure. No
> + * one cares
Well, can't resists... I won't argue, but we can't know if no one cares
or not. I agree that most probably this won't break something, but who
knows... I am always scared when we add the incompatible changes.
> and supporting it leads to unnecessarily complex
> + * code.
> + */
> + if ((clone_flags & CLONE_THREAD) && (atomic_read(¤t->sighand->count) > 1))
> + return ERR_PTR(-EINVAL);
Perhaps the comment should explain why we do this and say that
sighand-unsharing in de_thread() depends on this.
Oleg.
next prev parent reply other threads:[~2017-04-05 16:24 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20170213141452.GA30203@redhat.com>
[not found] ` <20170224160354.GA845@redhat.com>
[not found] ` <87shmv6ufl.fsf@xmission.com>
[not found] ` <20170303173326.GA17899@redhat.com>
[not found] ` <20170303173326.GA17899-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-03-03 18:23 ` [PATCH 0/2] fix the traced mt-exec deadlock Eric W. Biederman
2017-03-03 18:59 ` Eric W. Biederman
[not found] ` <87d1dyw5iw.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2017-03-03 20:06 ` Eric W. Biederman
[not found] ` <87tw7aunuh.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2017-03-03 20:11 ` [RFC][PATCH] exec: Don't wait for ptraced threads to be reaped Eric W. Biederman
2017-03-04 17:03 ` Oleg Nesterov
2017-03-30 8:07 ` Eric W. Biederman
[not found] ` <8760ir192p.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2017-04-01 5:11 ` [RFC][PATCH 0/2] exec: Fixing ptrace'd mulit-threaded hang Eric W. Biederman
[not found] ` <878tnkpv8h.fsf_-_-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2017-04-01 5:14 ` [RFC][PATCH 1/2] sighand: Count each thread group once in sighand_struct Eric W. Biederman
2017-04-01 5:16 ` [RFC][PATCH 2/2] exec: If possible don't wait for ptraced threads to be reaped Eric W. Biederman
[not found] ` <87vaqooggs.fsf_-_-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2017-04-02 15:35 ` Oleg Nesterov
[not found] ` <20170402153517.GA12637-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-04-02 18:53 ` Eric W. Biederman
[not found] ` <877f32k5ew.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2017-04-03 18:12 ` Oleg Nesterov
2017-04-03 21:04 ` Eric W. Biederman
2017-04-05 16:44 ` Oleg Nesterov
2017-04-02 15:38 ` [RFC][PATCH 0/2] exec: Fixing ptrace'd mulit-threaded hang Oleg Nesterov
2017-04-02 22:50 ` [RFC][PATCH v2 0/5] " Eric W. Biederman
[not found] ` <874ly6a0h1.fsf_-_-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2017-04-02 22:51 ` [RFC][PATCH v2 1/5] ptrace: Don't wait in PTRACE_O_TRACEEXIT for exec or coredump Eric W. Biederman
2017-04-05 16:19 ` Oleg Nesterov
2017-04-02 22:51 ` [RFC][PATCH v2 2/5] sighand: Count each thread group once in sighand_struct Eric W. Biederman
2017-04-02 22:52 ` [RFC][PATCH v2 3/5] clone: Disallown CLONE_THREAD with a shared sighand_struct Eric W. Biederman
[not found] ` <87k2728lrp.fsf_-_-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2017-04-05 16:24 ` Oleg Nesterov [this message]
2017-04-05 17:34 ` Eric W. Biederman
2017-04-05 18:11 ` Oleg Nesterov
2017-04-02 22:53 ` [RFC][PATCH v2 4/5] exec: If possible don't wait for ptraced threads to be reaped Eric W. Biederman
2017-04-05 16:15 ` Oleg Nesterov
2017-04-02 22:57 ` [RFC][PATCH v2 5/5] signal: Don't allow accessing signal_struct by old threads after exec Eric W. Biederman
[not found] ` <87zify76z9.fsf_-_-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2017-04-05 16:18 ` Oleg Nesterov
[not found] ` <20170405161812.GD14536-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-04-05 18:16 ` Eric W. Biederman
[not found] ` <87zifu90to.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2017-04-06 15:48 ` Oleg Nesterov
2017-04-02 16:15 ` [RFC][PATCH] exec: Don't wait for ptraced threads to be reaped Oleg Nesterov
[not found] ` <20170402161518.GC12637-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-04-02 21:07 ` Eric W. Biederman
[not found] ` <87inmmbjsq.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2017-04-03 18:37 ` Oleg Nesterov
[not found] ` <20170403183728.GB31390-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-04-03 22:49 ` Eric W. Biederman
2017-04-03 22:49 ` scope of cred_guard_mutex Eric W. Biederman
2017-04-05 16:08 ` Oleg Nesterov
2017-04-05 16:11 ` Kees Cook
2017-04-05 17:53 ` Eric W. Biederman
2017-04-05 18:15 ` Oleg Nesterov
[not found] ` <87fuhpjeco.fsf_-_-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2017-04-06 15:55 ` Oleg Nesterov
[not found] ` <20170406155540.GC7444-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-04-07 22:07 ` Kees Cook
2017-09-04 3:19 ` [RFC][PATCH] exec: Don't wait for ptraced threads to be reaped Robert O'Callahan
[not found] ` <87tw7axlr0.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2017-03-04 16:54 ` [PATCH 0/2] fix the traced mt-exec deadlock Oleg Nesterov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170405162458.GF14536@redhat.com \
--to=oleg-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
--cc=afazekas-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
--cc=asarai-IBi9RG/b67k@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=jann-XZ1E9jl8jIdeoWH0uzbU5w@public.gmane.org \
--cc=keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org \
--cc=mhocko-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=uobergfe-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).