• E
    signal: Don't send signals to tasks that don't exist · 84fe4cc0
    Eric W. Biederman 提交于
    Recently syzbot reported crashes in send_sigio_to_task and
    send_sigurg_to_task in linux-next.  Despite finding a reproducer
    syzbot apparently did not bisected this or otherwise track down the
    offending commit in linux-next.
    
    I happened to see this report and examined the code because I had
    recently changed these functions as part of making PIDTYPE_TGID a real
    pid type so that fork would does not need to restart when receiving a
    signal.  By examination I see that I spotted a bug in the code
    that could explain the reported crashes.
    
    When I took Oleg's suggestion and optimized send_sigurg and send_sigio
    to only send to a single task when type is PIDTYPE_PID or PIDTYPE_TGID
    I failed to handle pids that no longer point to tasks.  The macro
    do_each_pid_task simply iterates for zero iterations.  With pid_task
    an explicit NULL test is needed.
    
    Update the code to include the missing NULL test.
    
    Fixes: 01919134 ("signal: Use PIDTYPE_TGID to clearly store where file signals will be sent")
    Reported-by: syzkaller-bugs@googlegroups.com
    Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>
    84fe4cc0
fcntl.c 23.3 KB