* [PATCH] exec: Copy oldsighand->action under spin-lock
@ 2021-06-07 13:54 Bernd Edlinger
2021-06-07 23:17 ` Kees Cook
2022-10-18 7:22 ` Kees Cook
0 siblings, 2 replies; 3+ messages in thread
From: Bernd Edlinger @ 2021-06-07 13:54 UTC (permalink / raw)
To: Alexander Viro, Kees Cook, Eric W. Biederman, linux-fsdevel,
linux-kernel
unshare_sighand should only access oldsighand->action
while holding oldsighand->siglock, to make sure that
newsighand->action is in a consistent state.
Signed-off-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
---
fs/exec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/exec.c b/fs/exec.c
index d8af85f..8344fba 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1193,11 +1193,11 @@ static int unshare_sighand(struct task_struct *me)
return -ENOMEM;
refcount_set(&newsighand->count, 1);
- memcpy(newsighand->action, oldsighand->action,
- sizeof(newsighand->action));
write_lock_irq(&tasklist_lock);
spin_lock(&oldsighand->siglock);
+ memcpy(newsighand->action, oldsighand->action,
+ sizeof(newsighand->action));
rcu_assign_pointer(me->sighand, newsighand);
spin_unlock(&oldsighand->siglock);
write_unlock_irq(&tasklist_lock);
--
1.9.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] exec: Copy oldsighand->action under spin-lock
2021-06-07 13:54 [PATCH] exec: Copy oldsighand->action under spin-lock Bernd Edlinger
@ 2021-06-07 23:17 ` Kees Cook
2022-10-18 7:22 ` Kees Cook
1 sibling, 0 replies; 3+ messages in thread
From: Kees Cook @ 2021-06-07 23:17 UTC (permalink / raw)
To: Bernd Edlinger
Cc: Alexander Viro, Eric W. Biederman, linux-fsdevel, linux-kernel
On Mon, Jun 07, 2021 at 03:54:27PM +0200, Bernd Edlinger wrote:
> unshare_sighand should only access oldsighand->action
> while holding oldsighand->siglock, to make sure that
> newsighand->action is in a consistent state.
>
> Signed-off-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
> ---
> fs/exec.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/fs/exec.c b/fs/exec.c
> index d8af85f..8344fba 100644
> --- a/fs/exec.c
> +++ b/fs/exec.c
> @@ -1193,11 +1193,11 @@ static int unshare_sighand(struct task_struct *me)
> return -ENOMEM;
>
> refcount_set(&newsighand->count, 1);
> - memcpy(newsighand->action, oldsighand->action,
> - sizeof(newsighand->action));
>
> write_lock_irq(&tasklist_lock);
> spin_lock(&oldsighand->siglock);
> + memcpy(newsighand->action, oldsighand->action,
> + sizeof(newsighand->action));
> rcu_assign_pointer(me->sighand, newsighand);
> spin_unlock(&oldsighand->siglock);
> write_unlock_irq(&tasklist_lock);
Oh, yeah, that's a nice catch.
Reviewed-by: Kees Cook <keescook@chromium.org>
--
Kees Cook
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] exec: Copy oldsighand->action under spin-lock
2021-06-07 13:54 [PATCH] exec: Copy oldsighand->action under spin-lock Bernd Edlinger
2021-06-07 23:17 ` Kees Cook
@ 2022-10-18 7:22 ` Kees Cook
1 sibling, 0 replies; 3+ messages in thread
From: Kees Cook @ 2022-10-18 7:22 UTC (permalink / raw)
To: linux-kernel, Al Viro, linux-fsdevel, ebiederm, bernd.edlinger; +Cc: Kees Cook
On Mon, 7 Jun 2021 15:54:27 +0200, Bernd Edlinger wrote:
> unshare_sighand should only access oldsighand->action
> while holding oldsighand->siglock, to make sure that
> newsighand->action is in a consistent state.
Applied to for-next/execve, thanks!
[1/1] exec: Copy oldsighand->action under spin-lock
https://git.kernel.org/kees/c/f53283b0165f
--
Kees Cook
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-10-18 7:22 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-07 13:54 [PATCH] exec: Copy oldsighand->action under spin-lock Bernd Edlinger
2021-06-07 23:17 ` Kees Cook
2022-10-18 7:22 ` Kees Cook
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).