From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757079Ab0CJUce (ORCPT ); Wed, 10 Mar 2010 15:32:34 -0500 Received: from mx1.redhat.com ([209.132.183.28]:1687 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755401Ab0CJUcd (ORCPT ); Wed, 10 Mar 2010 15:32:33 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit From: Roland McGrath To: Oleg Nesterov X-Fcc: ~/Mail/linus Cc: Andrew Morton , Andi Kleen , David Howells , Neil Horman , Rusty Russell , linux-kernel@vger.kernel.org Subject: Re: [PATCH] wait_for_helper: SIGCHLD from user-space can lead to use-after-free In-Reply-To: Oleg Nesterov's message of Wednesday, 10 March 2010 18:16:34 +0100 <20100310171634.GA1039@redhat.com> References: <20100310171634.GA1039@redhat.com> X-Antipastobozoticataclysm: When George Bush projectile vomits antipasto on the Japanese. Message-Id: <20100310203209.54168BCCD@magilla.sf.frob.com> Date: Wed, 10 Mar 2010 12:32:09 -0800 (PST) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org SIGCHLD being blocked doesn't affect reaping, so SIG_IGN or sa_flags & SA_NOCLDWAIT is the only thing that would do this. How does that come about here in this kthread? Is it inherited from the instigating user process? If so, then SA_NOCLDWAIT is as much a problem as SIG_IGN. Or I guess maybe it's from ignore_signals() in kthreadd()? In that case SIG_IGN is indeed all that matters. (I don't really know all the kthread/kmod/userhelper code organization.) Perhaps it would be cleaner to do: flush_signal_handlers(current, 1); in wait_for_helper. That should make it redundant in ____call_usermodehelper, so it could be removed from there. Thanks, Roland