On Sun, Mar 2, 2025 at 10:31 PM Mark Kettenis <mark.kettenis@xs4all.nl> wrote:
> Well, you're right that there is a potential race between threads
> here.  Although that can only happen if you write your own version of
> ld.so that creates threads before pinning down the syscalls using
> pinsyscalls(2).
>
[snip]
> But at the same time, this is a solution for a problem that doesn't
> really exist in reality.  If someone really writes an ld.so
> replacement that starts threads beforing calling pinsyscalls(2) they
> deserve what they get.
>

I'm not claiming legitimate userspace will do this.

I am claiming the stock code has a race here which has to be evaluated
(for example if it can be used to panic the kernel).

I implied this is something which will have to be looked at every time
there are any changes to pinsyscalls.

Finally I claim this is a potential attack vector which does not need
to be there. If possible, calls into pinsyscalls from multithreaded
processes would be disallowed to begin with. If that's not an option,
the calling process can get other threads (if any) freeze execution
for the duration. Either way, the problem disappears with no real
complexity added.

-- 
Mateusz Guzik <mjguzik gmail.com>