Re: [PATCH] signal: change sys_kill() to use SEND_SIG_NOINFO

From: Andrew Morton

Date: Fri Jun 26 2026 - 12:43:24 EST


On Fri, 26 Jun 2026 17:33:08 +0200 Oleg Nesterov <oleg@xxxxxxxxxx> wrote:

> prepare_kill_siginfo(PIDTYPE_TGID) fills si_code = SI_USER and sets
> si_pid/si_uid in the sender's namespace. Then send_signal_locked()
> translates si_pid/si_uid to the target's namespace.
>
> SEND_SIG_NOINFO produces the same result: si_code = SI_USER, and
> __send_signal_locked() computes si_pid/si_uid directly in the target's
> namespace. The force computation is also the same: both check if the
> sender is visible in the target's pid namespace.

The above paragraphs contain no description of any flaw. What's wrong
here?

> Note: this also fixes the kill(-1, sig) case where send_signal_locked()
> rewrites si_pid/si_uid in the shared siginfo, corrupting it for subsequent
> recipients. But for other group senders like __kill_pgrp_info() we still
> need the fix from Bradley Morgan [1] who found this problem.

"also fixes". Again, what was the first fix?

> TODO: kill prepare_kill_siginfo() and change other users to use
> SEND_SIG_NOINFO too. This needs trivial changes in __send_signal_locked()
> and TP_STORE_SIGINFO().
>
> ...
>
> --- a/kernel/signal.c
> +++ b/kernel/signal.c
> @@ -3966,11 +3966,7 @@ static void prepare_kill_siginfo(int sig, struct kernel_siginfo *info,
> */
> SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
> {
> - struct kernel_siginfo info;
> -
> - prepare_kill_siginfo(sig, &info, PIDTYPE_TGID);
> -
> - return kill_something_info(sig, &info, pid);
> + return kill_something_info(sig, SEND_SIG_NOINFO, pid);
> }

Thanks, I'll queue this for testing. Please send along some changelog
edits sometime?