Re: [PATCH -mm v2] do_notify_parent: sanitize the valid_signal() checks

Next message: Google: "Re: [PATCH v2] tracing/probes: Allow use of BTF names to dereference pointers"
Previous message: Kuniyuki Iwashima: "Re: [PATCH RDMA v2] RDMA/rxe: add mutual exclusion in rxe_net_del()"
Next in thread: Oleg Nesterov: "Re: [PATCH -mm v2] do_notify_parent: sanitize the valid_signal() checks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Tetsuo Handa

Date: Sat May 16 2026 - 22:18:32 EST

On 2026/03/18 4:08, Oleg Nesterov wrote:
> On 03/17, Andrew Morton wrote:
>>
>> On Tue, 17 Mar 2026 14:58:18 +0100 Oleg Nesterov <oleg@xxxxxxxxxx> wrote:
>>
>>> Now that kernel_clone() checks valid_signal(args->exit_signal), the "sig"
>>> argument of do_notify_parent() must always be valid or we have a bug.

No activity for two months. When is the fix expected to land to upstream?
This bug allows a local unprivileged user to crash panic_on_warn=1 systems
by running below program, and therefore should be fixed before Linux 7.1 is
released.

----------
#define _GNU_SOURCE
#include <sched.h>

static int proc(void* arg) { return 0; }

int main(void) {
static char stack[8192];
return clone(proc, &stack[sizeof(stack) - 64], 127, 0) == -1;
}
----------