Re: [PATCH -mm v2] do_notify_parent: sanitize the valid_signal() checks

Next message: Adam Young: "Re: [net-next v33 1/1] mctp pcc: Implement MCTP over PCC Transport"
Previous message: Ted Logan: "Re: [PATCH v2] vfio: selftests: only build tests on arm64 and x86_64"
In reply to: Andrew Morton: "Re: [PATCH -mm v2] do_notify_parent: sanitize the valid_signal() checks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Oleg Nesterov

Date: Tue Mar 17 2026 - 15:08:31 EST

On 03/17, Andrew Morton wrote:
>
> On Tue, 17 Mar 2026 14:58:18 +0100 Oleg Nesterov <oleg@xxxxxxxxxx> wrote:
>
> > Now that kernel_clone() checks valid_signal(args->exit_signal), the "sig"
> > argument of do_notify_parent() must always be valid or we have a bug.
> >
> > However, do_notify_parent() only checks that sig != -1 at the start, then
> > it does another valid_signal() check before __send_signal_locked().
> >
> > This is confusing. Change do_notify_parent() to WARN and return early if
> > valid_signal(sig) is false.
>
> Sashiko has a question:
> https://sashiko.dev/#/patchset/abld-ilvMEZ7VgMw%40redhat.com

I think that userpace can't bypass kernel_clone() (which checks valid_signal)
before copy_process().

This includes ia32_clone() and sparc_clone() mentioned in the link above.

There are in-kernel users (fork_idle, create_io_thread, vhost_task_create).
But if they pass a non-valid exit_signal (they don't), we do have a kernel
bug and WARN_ON() added by this patch should catch the problem.

In short. From the link above:

While kernel_clone() expects the caller to validate args->exit_signal

this was true before

kernel-fork-validate-exit_signal-in-kernel_clone.patch

from Deepanshu, and my cleanup depends on it.

Oleg.