Home Home > GIT Browse > stable
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJiri Slaby <jslaby@suse.cz>2019-02-15 10:23:48 +0100
committerJiri Slaby <jslaby@suse.cz>2019-02-15 10:23:57 +0100
commit9b529399e266e702f4ef83056d93614179cc93d4 (patch)
tree57e85317e7458c8a4bf051193f2ea364fb645f24
parent7bda75fcb68889e04e726369fe033c58bccedc31 (diff)
signal: Always notice exiting tasks (bnc#1012628).
-rw-r--r--patches.kernel.org/4.20.9-011-signal-Always-notice-exiting-tasks.patch70
-rw-r--r--series.conf1
2 files changed, 71 insertions, 0 deletions
diff --git a/patches.kernel.org/4.20.9-011-signal-Always-notice-exiting-tasks.patch b/patches.kernel.org/4.20.9-011-signal-Always-notice-exiting-tasks.patch
new file mode 100644
index 0000000000..f3b8756a3e
--- /dev/null
+++ b/patches.kernel.org/4.20.9-011-signal-Always-notice-exiting-tasks.patch
@@ -0,0 +1,70 @@
+From: "Eric W. Biederman" <ebiederm@xmission.com>
+Date: Wed, 6 Feb 2019 18:39:40 -0600
+Subject: [PATCH] signal: Always notice exiting tasks
+References: bnc#1012628
+Patch-mainline: 4.20.9
+Git-commit: 35634ffa1751b6efd8cf75010b509dcb0263e29b
+
+commit 35634ffa1751b6efd8cf75010b509dcb0263e29b upstream.
+
+Recently syzkaller was able to create unkillablle processes by
+creating a timer that is delivered as a thread local signal on SIGHUP,
+and receiving SIGHUP SA_NODEFERER. Ultimately causing a loop
+failing to deliver SIGHUP but always trying.
+
+Upon examination it turns out part of the problem is actually most of
+the solution. Since 2.5 signal delivery has found all fatal signals,
+marked the signal group for death, and queued SIGKILL in every threads
+thread queue relying on signal->group_exit_code to preserve the
+information of which was the actual fatal signal.
+
+The conversion of all fatal signals to SIGKILL results in the
+synchronous signal heuristic in next_signal kicking in and preferring
+SIGHUP to SIGKILL. Which is especially problematic as all
+fatal signals have already been transformed into SIGKILL.
+
+Instead of dequeueing signals and depending upon SIGKILL to
+be the first signal dequeued, first test if the signal group
+has already been marked for death. This guarantees that
+nothing in the signal queue can prevent a process that needs
+to exit from exiting.
+
+Cc: stable@vger.kernel.org
+Tested-by: Dmitry Vyukov <dvyukov@google.com>
+Reported-by: Dmitry Vyukov <dvyukov@google.com>
+Ref: ebf5ebe31d2c ("[PATCH] signal-fixes-2.5.59-A4")
+History Tree: https://git.kernel.org/pub/scm/linux/kernel/git/tglx/history.git
+Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ kernel/signal.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/kernel/signal.c b/kernel/signal.c
+index b8faaa7a2925..091302d45169 100644
+--- a/kernel/signal.c
++++ b/kernel/signal.c
+@@ -2393,6 +2393,11 @@ bool get_signal(struct ksignal *ksig)
+ goto relock;
+ }
+
++ /* Has this task already been marked for death? */
++ ksig->info.si_signo = signr = SIGKILL;
++ if (signal_group_exit(signal))
++ goto fatal;
++
+ for (;;) {
+ struct k_sigaction *ka;
+
+@@ -2488,6 +2493,7 @@ bool get_signal(struct ksignal *ksig)
+ continue;
+ }
+
++ fatal:
+ spin_unlock_irq(&sighand->siglock);
+
+ /*
+--
+2.20.1
+
diff --git a/series.conf b/series.conf
index a514839927..941df89ad1 100644
--- a/series.conf
+++ b/series.conf
@@ -1093,6 +1093,7 @@
patches.kernel.org/4.20.9-008-iio-chemical-atlas-ph-sensor-correct-IIO_TEMP-.patch
patches.kernel.org/4.20.9-009-iio-ti-ads8688-Update-buffer-allocation-for-ti.patch
patches.kernel.org/4.20.9-010-signal-Always-attempt-to-allocate-siginfo-for-.patch
+ patches.kernel.org/4.20.9-011-signal-Always-notice-exiting-tasks.patch
########################################################
# Build fixes that apply to the vanilla kernel too.