From: Oleg Nesterov <oleg@redhat.com>
To: "Américo Wang" <xiyou.wangcong@gmail.com>
Cc: Ingo Molnar <mingo@elte.hu>, LKML <linux-kernel@vger.kernel.org>,
Andrew Morton <akpm@osdl.org>
Subject: Re: [Patch] signal: let valid_signal() check more
Date: Fri, 26 Dec 2008 17:06:52 +0100 [thread overview]
Message-ID: <20081226160652.GA14825@redhat.com> (raw)
In-Reply-To: <20081226171604.GE3156@hack.private>
On 12/26, Américo Wang wrote:
>
> On Fri, Dec 26, 2008 at 09:56:54AM +0100, Ingo Molnar wrote:
> >
> >* Américo Wang <xiyou.wangcong@gmail.com> wrote:
> >
> >> >> @@ -727,7 +727,7 @@ int vt_ioctl(struct tty_struct *tty, struct file * file,
> >> >> {
> >> >> if (!perm || !capable(CAP_KILL))
> >> >> goto eperm;
> >> >> - if (!valid_signal(arg) || arg < 1 || arg == SIGKILL)
> >> >> + if (!valid_signal((int)arg) || arg == SIGKILL)
> >> > ^^^^^
> >> >
> >> >The patch adds a lot of unnecessary typecasts like this.
> >>
> >> because it's inline?
> >
> >Why does your patch add a lot of seemingly unnecessary typecasts? [if your
> >short reply was supposed to be an answer to that question then please
> >explain it in more detail.]
>
> Hi, Ingo.
>
> because I also changed the type of valid_signal():
>
> -static inline int valid_signal(unsigned long sig)
> +static inline int valid_signal(int sig)
and please note that this change itself is a bit dangerous. Suppose that
a bad user does sys_prctl(PR_SET_PDEATHSIG, LONG_MIN | SIGCHLD), and now
valid_signal(arg2) (or valid_signal((int)arg2)) returns T.
(nothing really bad happens because ->pdeath_signal is "int", but still).
Note also that it is correct to do prctl(PR_SET_PDEATHSIG, 0), so the
patch was doubly wrong here.
So, please check very carefully every change you are going to do. Make
sure you don't change the behaviour, unless you think the current code
is buggy. In that case please document the fix.
OTOH, I don't understand why sys_mq_notify() accepts sigev_signo == 0,
perhaps this is oversight. good_sigevent() looks correct, but should
use the helper.
> I noticed that gcc put this kind of warning into
> -Wtraditional-conversion recently, but it is still useful to use
> explicit cast, isn't it?
I'd say explicit casts should be avoided as much as possible.
As for this particular case. Note that valid_signa((int)long_arg)
only helps to hide the problem.
Oleg.
prev parent reply other threads:[~2008-12-26 16:08 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-26 1:26 [Patch] signal: let valid_signal() check more Américo Wang
2008-12-25 18:00 ` Oleg Nesterov
2008-12-26 14:49 ` Américo Wang
2008-12-26 8:56 ` Ingo Molnar
2008-12-26 17:16 ` Américo Wang
2008-12-26 16:06 ` Oleg Nesterov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20081226160652.GA14825@redhat.com \
--to=oleg@redhat.com \
--cc=akpm@osdl.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox