From: Oleg Nesterov <oleg@redhat.com>
To: Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>,
Chris Evans <scarybeasts@gmail.com>,
David Howells <dhowells@redhat.com>,
Don Howard <dhoward@redhat.com>, Eugene Teo <eugene@redhat.com>,
Michael Kerrisk <mtk.manpages@googlemail.com>,
Roland McGrath <roland@redhat.com>,
Tavis Ormandy <taviso@sdf.lonestar.org>,
Vitaly Mayatskikh <vmayatsk@redhat.com>,
stable@kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH 1/2] copy_process: fix CLONE_PARENT && ->exit_signal interaction
Date: Wed, 25 Feb 2009 20:02:11 +0100 [thread overview]
Message-ID: <20090225190211.GA7445@redhat.com> (raw)
clone(CLONE_PARENT | SIGXXX) blindly sets ->exit_signal = SIGXXX. It is not
clear to me what was the supposed behaviour but this does not look right.
The parent of the forking task will receive this signal which bypasses all
security checks.
With this patch CLONE_PARENT re-uses both ->real_parent and ->exit_signal,
this looks at least logical.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Reported-by: Chris Evans <scarybeasts@gmail.com>
--- 6.29-rc3/kernel/fork.c~1_EXIT_SIGNAL 2009-02-09 01:03:48.000000000 +0100
+++ 6.29-rc3/kernel/fork.c 2009-02-25 18:09:56.000000000 +0100
@@ -1217,10 +1217,16 @@ static struct task_struct *copy_process(
!cpu_online(task_cpu(p))))
set_task_cpu(p, smp_processor_id());
- /* CLONE_PARENT re-uses the old parent */
- if (clone_flags & (CLONE_PARENT|CLONE_THREAD))
+ /* CLONE_PARENT re-uses the old parent and exit_signal */
+ if (clone_flags & (CLONE_PARENT|CLONE_THREAD)) {
+ /*
+ * Do this under tasklist_lock to avoid the race with
+ * re-parenting to init.
+ */
+ if (!(clone_flags & CLONE_THREAD))
+ p->exit_signal = current->group_leader->exit_signal;
p->real_parent = current->real_parent;
- else
+ } else
p->real_parent = current;
spin_lock(¤t->sighand->siglock);
next reply other threads:[~2009-02-25 19:11 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-02-25 19:02 Oleg Nesterov [this message]
2009-02-25 19:39 ` [PATCH 1/2] copy_process: fix CLONE_PARENT && ->exit_signal interaction Roland McGrath
2009-02-25 19:48 ` Oleg Nesterov
2009-02-25 19:54 ` Roland McGrath
2009-02-25 20:06 ` Linus Torvalds
2009-02-25 21:20 ` Oleg Nesterov
2009-02-25 21:34 ` [stable] " Greg KH
2009-02-26 21:59 ` Oleg Nesterov
2009-02-26 22:12 ` Linus Torvalds
2009-02-26 22:30 ` Oleg Nesterov
2009-02-26 22:43 ` Linus Torvalds
2009-03-02 21:22 ` [PATCH] copy_process: fix CLONE_PARENT && parent_exec_id interaction Oleg Nesterov
2009-03-02 21:33 ` Linus Torvalds
2009-03-02 21:58 ` Oleg Nesterov
2009-03-09 16:45 ` David Howells
2009-03-09 18:33 ` Oleg Nesterov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090225190211.GA7445@redhat.com \
--to=oleg@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=dhoward@redhat.com \
--cc=dhowells@redhat.com \
--cc=eugene@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mtk.manpages@googlemail.com \
--cc=roland@redhat.com \
--cc=scarybeasts@gmail.com \
--cc=stable@kernel.org \
--cc=taviso@sdf.lonestar.org \
--cc=torvalds@linux-foundation.org \
--cc=vmayatsk@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox