Re: [PATCH 13/20] signal: Implement force_fatal_sig

From: Linus Torvalds
Date: Mon Oct 25 2021 - 19:16:12 EST

Next message: Naoya Horiguchi: "[PATCH v2 4/4] mm/hwpoison: fix unpoison_memory()"
Previous message: Naoya Horiguchi: "[PATCH 3/4] mm/hwpoison: remove MF_MSG_BUDDY_2ND and MF_MSG_POISONED_HUGE"
In reply to: Andy Lutomirski: "Re: [PATCH 13/20] signal: Implement force_fatal_sig"
Next in thread: Eric W. Biederman: "Re: [PATCH 13/20] signal: Implement force_fatal_sig"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Oct 25, 2021 at 3:41 PM Andy Lutomirski <luto@xxxxxxxxxx> wrote:
>
> I'm rather nervous about all this, and I'm also nervous about the
> existing code. A quick skim is finding plenty of code paths that assume
> force_sigsegv (or a do_exit that this series touches) are genuinely
> unrecoverable.

I was going to say "what are you talking about", because clearly Eric
kept it all fatal.

But then looked at that patch a bit more before I claimed you were wrong.

And yeah, Eric's force_fatal_sig() is completely broken.

It claims to force a fatal signal, but doesn't actually do that at
all, and is completely misnamed.

It just uses "force_sig_info_to_task()", which still allows user space
to catch signals - so it's not "fatal" in the least. It only punches
through SIG_IGN and blocked signals.

So yeah, that's broken.

I do still think that that could the behavior we possibly want for
that "can't write updated vm86 state back" situation, but for
something that is called "fatal", it really needs to be fatal.

Linus

Next message: Naoya Horiguchi: "[PATCH v2 4/4] mm/hwpoison: fix unpoison_memory()"
Previous message: Naoya Horiguchi: "[PATCH 3/4] mm/hwpoison: remove MF_MSG_BUDDY_2ND and MF_MSG_POISONED_HUGE"
In reply to: Andy Lutomirski: "Re: [PATCH 13/20] signal: Implement force_fatal_sig"
Next in thread: Eric W. Biederman: "Re: [PATCH 13/20] signal: Implement force_fatal_sig"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]