Hi Greg, after the previous discussion about what kind of patches are acceptable for stable and your hints on how to send them to the ML in https://lore.kernel.org/all/YsrfDfe3urGkepvJ@xxxxxxxxx/ I'd like to know if this patch meets the requirements and if it can be considered. I do have a few more similar ones which I think meet the stable requirements and finally the init-cleanup patch (upstream 3dfc9b02864bt "LSM: Initialize security_hook_heads upon registration.") which I'd like to backport to 4.9. But first I want to know whether I now got the formal requirements right before sending further patches. Thanks, Alex On 11.07.22 11:56, Alexander Grund wrote: > From: Stephen Smalley <sds@xxxxxxxxxxxxx> > > commit 3a2f5a59a695a73e0cde9a61e0feae5fa730e936 upstream. > > As reported by yangshukui, a permission denial from security_task_wait() > can lead to a soft lockup in zap_pid_ns_processes() since it only expects > sys_wait4() to return 0 or -ECHILD. Further, security_task_wait() can > in general lead to zombies; in the absence of some way to automatically > reparent a child process upon a denial, the hook is not useful. Remove > the security hook and its implementations in SELinux and Smack. Smack > already removed its check from its hook. > > <snip>
