Re: [patch 3/3] futex: Prevent attaching to kernel threads

From: Thomas Gleixner
Date: Mon May 12 2014 - 17:16:33 EST

Next message: Vincent Guittot: "sched: fix: initialization of sched_domain_topology for NUMA"
Previous message: Sasha Levin: "Re: mm: shmem: NULL ptr deref in shmem_fault"
In reply to: Peter Zijlstra: "Re: [patch 3/3] futex: Prevent attaching to kernel threads"
Next in thread: Davidlohr Bueso: "Re: [patch 3/3] futex: Prevent attaching to kernel threads"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 12 May 2014, Peter Zijlstra wrote:

> On Mon, May 12, 2014 at 08:45:35PM -0000, Thomas Gleixner wrote:
> > We happily allow userspace to declare a random kernel thread to be the
> > owner of a user space PI futex.
> >
> > Found while analysing the fallout of Dave Jones syscall fuzzer.
>
> Did you also still want to check the ppid for _PRIVATE futexes?

Yes.

I'm still twisting my brain how to confine the non shared case w/o
going through loops and hoops. I'm not really sure, whether we can do
something about that without making it extremly painful, but we really
should try hard.

If the non shared case turns out to be a hopeless case, then we go for
the easy private confinement or make the shared case actually painfull
enough that people who care about it figure it out :)

Thanks,

tglx

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Vincent Guittot: "sched: fix: initialization of sched_domain_topology for NUMA"
Previous message: Sasha Levin: "Re: mm: shmem: NULL ptr deref in shmem_fault"
In reply to: Peter Zijlstra: "Re: [patch 3/3] futex: Prevent attaching to kernel threads"
Next in thread: Davidlohr Bueso: "Re: [patch 3/3] futex: Prevent attaching to kernel threads"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]