diff options
| author | Benjamin Berg <benjamin@sipsolutions.net> | 2025-06-02 15:00:49 +0200 |
|---|---|---|
| committer | Johannes Berg <johannes.berg@intel.com> | 2025-06-02 15:17:19 +0200 |
| commit | 8420e08fe3a594b6ffa07705ac270faa2ed452c5 (patch) | |
| tree | 22b578adabd9ef875fdaf560bd8d6a37eb8309b6 /arch/um/include/shared | |
| parent | um: Add helper functions to get/set state for SECCOMP (diff) | |
| download | linux-8420e08fe3a594b6ffa07705ac270faa2ed452c5.tar.gz linux-8420e08fe3a594b6ffa07705ac270faa2ed452c5.zip | |
um: Track userspace children dying in SECCOMP mode
When in seccomp mode, we would hang forever on the futex if a child has
died unexpectedly. In contrast, ptrace mode will notice it and kill the
corresponding thread when it fails to run it.
Fix this issue using a new IRQ that is fired after a SIGCHLD and keeping
an (internal) list of all MMs. In the IRQ handler, find the affected MM
and set its PID to -1 as well as the futex variable to FUTEX_IN_KERN.
This, together with futex returning -EINTR after the signal is
sufficient to implement a race-free detection of a child dying.
Note that this also enables IRQ handling while starting a userspace
process. This should be safe and SECCOMP requires the IRQ in case the
process does not come up properly.
Signed-off-by: Benjamin Berg <benjamin@sipsolutions.net>
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Link: https://patch.msgid.link/20250602130052.545733-5-benjamin@sipsolutions.net
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat (limited to 'arch/um/include/shared')
| -rw-r--r-- | arch/um/include/shared/irq_user.h | 2 | ||||
| -rw-r--r-- | arch/um/include/shared/os.h | 1 | ||||
| -rw-r--r-- | arch/um/include/shared/skas/mm_id.h | 2 | ||||
| -rw-r--r-- | arch/um/include/shared/skas/skas.h | 1 |
4 files changed, 6 insertions, 0 deletions
diff --git a/arch/um/include/shared/irq_user.h b/arch/um/include/shared/irq_user.h index 88835b52ae2b..746abc24a5d5 100644 --- a/arch/um/include/shared/irq_user.h +++ b/arch/um/include/shared/irq_user.h @@ -17,6 +17,8 @@ enum um_irq_type { struct siginfo; extern void sigio_handler(int sig, struct siginfo *unused_si, struct uml_pt_regs *regs, void *mc); +extern void sigchld_handler(int sig, struct siginfo *unused_si, + struct uml_pt_regs *regs, void *mc); void sigio_run_timetravel_handlers(void); extern void free_irq_by_fd(int fd); extern void deactivate_fd(int fd, int irqnum); diff --git a/arch/um/include/shared/os.h b/arch/um/include/shared/os.h index e63a74a5ff19..3046728ec42e 100644 --- a/arch/um/include/shared/os.h +++ b/arch/um/include/shared/os.h @@ -197,6 +197,7 @@ extern int create_mem_file(unsigned long long len); extern void report_enomem(void); /* process.c */ +pid_t os_reap_child(void); extern void os_alarm_process(int pid); extern void os_kill_process(int pid, int reap_child); extern void os_kill_ptraced_process(int pid, int reap_child); diff --git a/arch/um/include/shared/skas/mm_id.h b/arch/um/include/shared/skas/mm_id.h index 140388c282f6..0654c57bb28e 100644 --- a/arch/um/include/shared/skas/mm_id.h +++ b/arch/um/include/shared/skas/mm_id.h @@ -14,4 +14,6 @@ struct mm_id { void __switch_mm(struct mm_id *mm_idp); +void notify_mm_kill(int pid); + #endif diff --git a/arch/um/include/shared/skas/skas.h b/arch/um/include/shared/skas/skas.h index 85c50122ab98..7d1de4cab551 100644 --- a/arch/um/include/shared/skas/skas.h +++ b/arch/um/include/shared/skas/skas.h @@ -8,6 +8,7 @@ #include <sysdep/ptrace.h> +extern int using_seccomp; extern int userspace_pid[]; extern void new_thread_handler(void); |