On Thu, Oct 21, 2021 at 11:33:43AM -0500, Eric W. Biederman wrote:

Kees Cook [off-list ref] writes:

quoted

On Wed, Oct 20, 2021 at 12:43:59PM -0500, Eric W. Biederman wrote:

quoted

This is interesting both because it makes force_sigsegv simpler and
because there are a couple of buggy places in the kernel that call
do_exit(SIGILL) or do_exit(SIGSYS) because there is no straight
forward way today for those places to simply force the exit of a
process with the chosen signal.  Creating force_fatal_sig allows
those places to be implemented with normal signal exits.

I assume this is talking about seccomp()? :) Should a patch be included
in this series to change those?

Actually it is not talking about seccomp.  As far as I can tell seccomp
is deliberately only killing a single thread when it calls do_exit.

Okay, I wasn't entirely sure, but yes, seccomp wants to keep the "kill
only 1 thread" option, which is weird, but useful for the threaded
seccomp monitor case.

I am thinking about places where we really want the entire process to
die and not just a single thread.  Please see the following changes
where I actually use force_fatal_sig.

Yeah, I saw that now. Thanks!

-- 
Kees Cook