Re: [RFC PATCH 1/3] signal: Ensure every siginfo we send has all bits initialized

2018-04-19 Thread Dave Martin
On Wed, Apr 18, 2018 at 09:22:09AM -0500, Eric W. Biederman wrote: > Dave Martin writes: > > > On Tue, Apr 17, 2018 at 02:37:38PM -0500, Eric W. Biederman wrote: [...] > >> My intention is to leave 0 instances of clear_siginfo in the > >> architecture specific code.

Re: [RFC PATCH 1/3] signal: Ensure every siginfo we send has all bits initialized

2018-04-18 Thread Eric W. Biederman
Dave Martin writes: > On Tue, Apr 17, 2018 at 02:37:38PM -0500, Eric W. Biederman wrote: >> Dave Martin writes: >> >> > Hmmm >> > >> > memset()/clear_siginfo() may ensure that there are no uninitialised >> > explicit fields except for those in inactive

Re: [RFC PATCH 1/3] signal: Ensure every siginfo we send has all bits initialized

2018-04-18 Thread Dave Martin
On Tue, Apr 17, 2018 at 02:37:38PM -0500, Eric W. Biederman wrote: > Dave Martin writes: > > > Hmmm > > > > memset()/clear_siginfo() may ensure that there are no uninitialised > > explicit fields except for those in inactive union members, but I'm not > > sure that this

Re: [RFC PATCH 1/3] signal: Ensure every siginfo we send has all bits initialized

2018-04-17 Thread Eric W. Biederman
Dave Martin writes: > Hmmm > > memset()/clear_siginfo() may ensure that there are no uninitialised > explicit fields except for those in inactive union members, but I'm not > sure that this approach is guaranteed to sanitise the padding seen by > userspace. > > Rationale

Re: [RFC PATCH 1/3] signal: Ensure every siginfo we send has all bits initialized

2018-04-17 Thread Dave Martin
On Sun, Apr 15, 2018 at 10:57:33AM -0500, Eric W. Biederman wrote: > > Call clear_siginfo to ensure every stack allocated siginfo is properly > initialized before being passed to the signal sending functions. > > Note: It is not safe to depend on C initializers to initialize struct > siginfo on

[RFC PATCH 1/3] signal: Ensure every siginfo we send has all bits initialized

2018-04-15 Thread Eric W. Biederman
Call clear_siginfo to ensure every stack allocated siginfo is properly initialized before being passed to the signal sending functions. Note: It is not safe to depend on C initializers to initialize struct siginfo on the stack because C is allowed to skip holes when initializing a structure.