On Tue, Mar 05, 2024 at 01:43:14AM -0800, Kees Cook wrote:
On Mon, Mar 04, 2024 at 03:39:02PM -0800, Jakub Kicinski wrote:
On Mon, 4 Mar 2024 15:14:04 -0800 Kees Cook wrote:
Ugh, I'm guessing vfork() "eats" the signal, IOW grandchild signals, child exits? vfork() and signals.. I'd rather leave to Kees || Mickael.
Oh no, that does seem bad. Since Mickaël is also seeing weird issues, can we drop the vfork changes for now?
Seems doable, but won't be a simple revert. "drop" means we'd need to bring ->step back. More or less go back to v3.
I think we have to -- other CIs are now showing the most of seccomp failing now. (And I can confirm this now -- I had only tested seccomp on earlier versions of the series.)
Sorry for the trouble, I found and fixed the vfork issues. I tested with seccomp and Landlock. You can find a dedicated branch here (with some Reviewed-by and Acked-by removed because of the changes): https://git.kernel.org/pub/scm/linux/kernel/git/mic/linux.git/log/?h=kselfte...
Jakub, please send a v5 series with this updated patch and your exit/_exit fixes.
-- Kees Cook