Re: [PATCH] signal: change sys_kill() to use SEND_SIG_NOINFO

[Bradley Morgan]

On June 26, 2026 5:36:03 PM GMT+01:00, Andrew Morton
<akpm@xxxxxxxxxxxxxxxxxxxx> wrote:
>On Fri, 26 Jun 2026 17:33:08 +0200 Oleg Nesterov <oleg@xxxxxxxxxx> wrote:
>
>> prepare_kill_siginfo(PIDTYPE_TGID) fills si_code = SI_USER and sets
>> si_pid/si_uid in the sender's namespace. Then send_signal_locked()
>> translates si_pid/si_uid to the target's namespace.
>> 
>> SEND_SIG_NOINFO produces the same result: si_code = SI_USER, and
>> __send_signal_locked() computes si_pid/si_uid directly in the target's
>> namespace. The force computation is also the same: both check if the
>> sender is visible in the target's pid namespace.
>
>The above paragraphs contain no description of any flaw.  What's wrong
>here?
>
>> Note: this also fixes the kill(-1, sig) case where send_signal_locked()
>> rewrites si_pid/si_uid in the shared siginfo, corrupting it for
>subsequent
>> recipients. But for other group senders like __kill_pgrp_info() we still
>> need the fix from Bradley Morgan [1] who found this problem.
>
>"also fixes".  Again, what was the first fix?
>
>> TODO: kill prepare_kill_siginfo() and change other users to use
>> SEND_SIG_NOINFO too. This needs trivial changes in
>__send_signal_locked()
>> and TP_STORE_SIGINFO().
>> 
>> ...
>>
>> --- a/kernel/signal.c
>> +++ b/kernel/signal.c
>> @@ -3966,11 +3966,7 @@ static void prepare_kill_siginfo(int sig, struct
>kernel_siginfo *info,
>>   */
>>  SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
>>  {
>> -	struct kernel_siginfo info;
>> -
>> -	prepare_kill_siginfo(sig, &info, PIDTYPE_TGID);
>> -
>> -	return kill_something_info(sig, &info, pid);
>> +	return kill_something_info(sig, SEND_SIG_NOINFO, pid);
>>  }
>
>Thanks, I'll queue this for testing.  Please send along some changelog
>edits sometime?
>
>
Fair enough.

If you want, please add


Reviewed-by: Bradley Morgan <include@xxxxxxxxx>

:)
Thanks!