Re: + kernel-fork-validate-exit_signal-in-clone-syscall.patch added to mm-nonmm-unstable branch

public inbox for stable@vger.kernel.org
 help / color / mirror / Atom feed

From: Oleg Nesterov <oleg@redhat.com>
To: Deepanshu Kartikey <kartikey406@gmail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
	mm-commits@vger.kernel.org, vschneid@redhat.com,
	vincent.guittot@linaro.org, surenb@google.com,
	stable@vger.kernel.org, rppt@kernel.org, rostedt@goodmis.org,
	peterz@infradead.org, mingo@redhat.com, mhocko@suse.com,
	mgorman@suse.de, lorenzo.stoakes@oracle.com,
	liam.howlett@oracle.com, kees@kernel.org, juri.lelli@redhat.com,
	dietmar.eggemann@arm.com, david@kernel.org, bsegall@google.com,
	brauner@kernel.org
Subject: Re: + kernel-fork-validate-exit_signal-in-clone-syscall.patch added to mm-nonmm-unstable branch
Date: Mon, 9 Mar 2026 11:47:28 +0100	[thread overview]
Message-ID: <aa6lQIECL7dChKkI@redhat.com> (raw)
In-Reply-To: <CADhLXY6zH2A88dSDeTdsQJ77dEOPX5fkHu7PvhKL1beXGxs6Tw@mail.gmail.com>

On 03/09, Deepanshu Kartikey wrote:
>
> > Well, kernel_clone() has more users which doesn't validate .exit_signal,
> > say sys_ia32_clone().
> >
> > we need to move the valid_signal() check from copy_clone_args_from_user()
> > to kernel_clone() or copy_process()...
> >
> > So. This should fix my
> >
> >         [PATCH] do_notify_parent: sanitize the valid_signal() checks
> >         https://lore.kernel.org/all/aZsfg0Y055yuAvsq@redhat.com/
> >
> > do_notify_parent-sanitize-the-valid_signal-checks.patch in -mm tree.
> >
> > Somehow I was very sure that copy_process() paths already have the valid_signal()
> > check but my memory fooled me.
> >
> > But this is a user visible change which can cause other bug reports...
> > Perhaps we should revert do_notify_parent-sanitize-the-valid_signal-checks.patch
> > and this patch?
> >
> > Even if I think that the new valid_signal() check "fixes" the undocumented
> > behaviour, unlikely there is a sane application which passes non-valid exit
> > signal to sys_clone(). But who knows...
> >
> > Oleg.
> >
>
> Hi Oleg,
>
> Thank you for the review.
>
> You are correct that fixing only the clone() syscall is incomplete.
> sys_ia32_clone() and other kernel_clone() callers would remain
> unprotected. I will send a v2 with the valid_signal() check moved
> to kernel_clone() to cover all callers.
>
> Regarding your do_notify_parent patch — since v2 will fix the root
> cause at kernel_clone(), your patch in the -mm tree can be dropped.

Well. my patch can be dropped with or without your v2. It is just
a cleanup and I still think it is a good cleanup...

But without your fix it is wrong. From the changelog:

	The "sig" argument of do_notify_parent() must always be valid

this is not true because (contrary to what I thought) sys_clone doesn't
validate exit_signal. The

	WARN_ON_ONCE(!valid_signal(sig))

added by that patch allowed to notice the problem you are trying to fix.

But again, this (your patch) is a user-visible change, and I am worried
even if I think this change is good.

Oleg.

     prev parent reply	other threads:[~2026-03-09 10:47 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-03-08 21:31 + kernel-fork-validate-exit_signal-in-clone-syscall.patch added to mm-nonmm-unstable branch Andrew Morton
2026-03-09  9:58 ` Oleg Nesterov
2026-03-09 10:38   ` Deepanshu Kartikey
2026-03-09 10:47     ` Oleg Nesterov [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=aa6lQIECL7dChKkI@redhat.com \
    --to=oleg@redhat.com \
    --cc=akpm@linux-foundation.org \
    --cc=brauner@kernel.org \
    --cc=bsegall@google.com \
    --cc=david@kernel.org \
    --cc=dietmar.eggemann@arm.com \
    --cc=juri.lelli@redhat.com \
    --cc=kartikey406@gmail.com \
    --cc=kees@kernel.org \
    --cc=liam.howlett@oracle.com \
    --cc=lorenzo.stoakes@oracle.com \
    --cc=mgorman@suse.de \
    --cc=mhocko@suse.com \
    --cc=mingo@redhat.com \
    --cc=mm-commits@vger.kernel.org \
    --cc=peterz@infradead.org \
    --cc=rostedt@goodmis.org \
    --cc=rppt@kernel.org \
    --cc=stable@vger.kernel.org \
    --cc=surenb@google.com \
    --cc=vincent.guittot@linaro.org \
    --cc=vschneid@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox