[PATCH] kernel: introduce prctl(PR_LOG_UACCESS)

Peter Zijlstra peterz at infradead.org
Wed Sep 22 12:53:07 PDT 2021


On Wed, Sep 22, 2021 at 03:22:50PM -0400, Steven Rostedt wrote:
> On Wed, 22 Sep 2021 19:46:47 +0200
> David Hildenbrand <david at redhat.com> wrote:
> 
> > > All signals except SIGKILL and SIGSTOP are masked for the interval
> > > between the prctl() and the next syscall in order to prevent handlers
> > > for intervening asynchronous signals from issuing syscalls that may
> > > cause uaccesses from the wrong syscall to be logged.  
> > 
> > Stupid question: can this be exploited from user space to effectively 
> > disable SIGKILL for a long time ... and do we care?
> 
> I first misread it too, but then caught my mistake reading it a second
> time. It says "except SIGKILL". So no, it does not disable SIGKILL.

Disabling SIGINT might already be a giant nuisance. Letting through
SIGSTOP but not SIGCONT seems awkward. Blocking SIGTRAP seems like a bad
idea too. Blocking SIGBUS as delivered by #MC will be hillarious.



More information about the linux-arm-kernel mailing list