2005-04-17 00:20:36 +02:00
|
|
|
/*
|
|
|
|
* linux/kernel/signal.c
|
|
|
|
*
|
|
|
|
* Copyright (C) 1991, 1992 Linus Torvalds
|
|
|
|
*
|
|
|
|
* 1997-11-02 Modified for POSIX.1b signals by Richard Henderson
|
|
|
|
*
|
|
|
|
* 2003-06-02 Jim Houston - Concurrent Computer Corp.
|
|
|
|
* Changes to use preallocated sigqueue structures
|
|
|
|
* to allow signals to be sent reliably.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <linux/slab.h>
|
|
|
|
#include <linux/module.h>
|
|
|
|
#include <linux/init.h>
|
|
|
|
#include <linux/sched.h>
|
|
|
|
#include <linux/fs.h>
|
|
|
|
#include <linux/tty.h>
|
|
|
|
#include <linux/binfmts.h>
|
|
|
|
#include <linux/security.h>
|
|
|
|
#include <linux/syscalls.h>
|
|
|
|
#include <linux/ptrace.h>
|
2005-05-01 17:59:14 +02:00
|
|
|
#include <linux/signal.h>
|
signal/timer/event: signalfd core
This patch series implements the new signalfd() system call.
I took part of the original Linus code (and you know how badly it can be
broken :), and I added even more breakage ;) Signals are fetched from the same
signal queue used by the process, so signalfd will compete with standard
kernel delivery in dequeue_signal(). If you want to reliably fetch signals on
the signalfd file, you need to block them with sigprocmask(SIG_BLOCK). This
seems to be working fine on my Dual Opteron machine. I made a quick test
program for it:
http://www.xmailserver.org/signafd-test.c
The signalfd() system call implements signal delivery into a file descriptor
receiver. The signalfd file descriptor if created with the following API:
int signalfd(int ufd, const sigset_t *mask, size_t masksize);
The "ufd" parameter allows to change an existing signalfd sigmask, w/out going
to close/create cycle (Linus idea). Use "ufd" == -1 if you want a brand new
signalfd file.
The "mask" allows to specify the signal mask of signals that we are interested
in. The "masksize" parameter is the size of "mask".
The signalfd fd supports the poll(2) and read(2) system calls. The poll(2)
will return POLLIN when signals are available to be dequeued. As a direct
consequence of supporting the Linux poll subsystem, the signalfd fd can use
used together with epoll(2) too.
The read(2) system call will return a "struct signalfd_siginfo" structure in
the userspace supplied buffer. The return value is the number of bytes copied
in the supplied buffer, or -1 in case of error. The read(2) call can also
return 0, in case the sighand structure to which the signalfd was attached,
has been orphaned. The O_NONBLOCK flag is also supported, and read(2) will
return -EAGAIN in case no signal is available.
If the size of the buffer passed to read(2) is lower than sizeof(struct
signalfd_siginfo), -EINVAL is returned. A read from the signalfd can also
return -ERESTARTSYS in case a signal hits the process. The format of the
struct signalfd_siginfo is, and the valid fields depends of the (->code &
__SI_MASK) value, in the same way a struct siginfo would:
struct signalfd_siginfo {
__u32 signo; /* si_signo */
__s32 err; /* si_errno */
__s32 code; /* si_code */
__u32 pid; /* si_pid */
__u32 uid; /* si_uid */
__s32 fd; /* si_fd */
__u32 tid; /* si_fd */
__u32 band; /* si_band */
__u32 overrun; /* si_overrun */
__u32 trapno; /* si_trapno */
__s32 status; /* si_status */
__s32 svint; /* si_int */
__u64 svptr; /* si_ptr */
__u64 utime; /* si_utime */
__u64 stime; /* si_stime */
__u64 addr; /* si_addr */
};
[akpm@linux-foundation.org: fix signalfd_copyinfo() on i386]
Signed-off-by: Davide Libenzi <davidel@xmailserver.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-05-11 07:23:13 +02:00
|
|
|
#include <linux/signalfd.h>
|
2008-07-26 04:45:51 +02:00
|
|
|
#include <linux/tracehook.h>
|
2006-01-11 21:17:46 +01:00
|
|
|
#include <linux/capability.h>
|
2006-12-07 05:34:23 +01:00
|
|
|
#include <linux/freezer.h>
|
2006-12-08 11:38:01 +01:00
|
|
|
#include <linux/pid_namespace.h>
|
|
|
|
#include <linux/nsproxy.h>
|
2009-04-15 01:39:12 +02:00
|
|
|
#include <trace/events/sched.h>
|
2006-12-08 11:38:01 +01:00
|
|
|
|
2005-04-17 00:20:36 +02:00
|
|
|
#include <asm/param.h>
|
|
|
|
#include <asm/uaccess.h>
|
|
|
|
#include <asm/unistd.h>
|
|
|
|
#include <asm/siginfo.h>
|
2006-05-25 16:19:47 +02:00
|
|
|
#include "audit.h" /* audit_signal_info() */
|
2005-04-17 00:20:36 +02:00
|
|
|
|
|
|
|
/*
|
|
|
|
* SLAB caches for signal bits.
|
|
|
|
*/
|
|
|
|
|
2006-12-07 05:33:20 +01:00
|
|
|
static struct kmem_cache *sigqueue_cachep;
|
2005-04-17 00:20:36 +02:00
|
|
|
|
2008-07-26 04:45:51 +02:00
|
|
|
static void __user *sig_handler(struct task_struct *t, int sig)
|
2008-04-30 09:52:39 +02:00
|
|
|
{
|
2008-07-26 04:45:51 +02:00
|
|
|
return t->sighand->action[sig - 1].sa.sa_handler;
|
|
|
|
}
|
2008-04-30 09:52:39 +02:00
|
|
|
|
2008-07-26 04:45:51 +02:00
|
|
|
static int sig_handler_ignored(void __user *handler, int sig)
|
|
|
|
{
|
2008-04-30 09:52:39 +02:00
|
|
|
/* Is it explicitly or implicitly ignored? */
|
|
|
|
return handler == SIG_IGN ||
|
|
|
|
(handler == SIG_DFL && sig_kernel_ignore(sig));
|
|
|
|
}
|
2005-04-17 00:20:36 +02:00
|
|
|
|
2009-04-03 01:58:05 +02:00
|
|
|
static int sig_task_ignored(struct task_struct *t, int sig,
|
|
|
|
int from_ancestor_ns)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
2008-07-26 04:45:51 +02:00
|
|
|
void __user *handler;
|
2005-04-17 00:20:36 +02:00
|
|
|
|
2009-04-03 01:58:02 +02:00
|
|
|
handler = sig_handler(t, sig);
|
|
|
|
|
|
|
|
if (unlikely(t->signal->flags & SIGNAL_UNKILLABLE) &&
|
2009-04-03 01:58:05 +02:00
|
|
|
handler == SIG_DFL && !from_ancestor_ns)
|
2009-04-03 01:58:02 +02:00
|
|
|
return 1;
|
|
|
|
|
|
|
|
return sig_handler_ignored(handler, sig);
|
|
|
|
}
|
|
|
|
|
2009-04-03 01:58:05 +02:00
|
|
|
static int sig_ignored(struct task_struct *t, int sig, int from_ancestor_ns)
|
2009-04-03 01:58:02 +02:00
|
|
|
{
|
2005-04-17 00:20:36 +02:00
|
|
|
/*
|
|
|
|
* Blocked signals are never ignored, since the
|
|
|
|
* signal handler may change by the time it is
|
|
|
|
* unblocked.
|
|
|
|
*/
|
2007-11-13 00:41:55 +01:00
|
|
|
if (sigismember(&t->blocked, sig) || sigismember(&t->real_blocked, sig))
|
2005-04-17 00:20:36 +02:00
|
|
|
return 0;
|
|
|
|
|
2009-04-03 01:58:05 +02:00
|
|
|
if (!sig_task_ignored(t, sig, from_ancestor_ns))
|
2008-07-26 04:45:51 +02:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Tracers may want to know about even ignored signals.
|
|
|
|
*/
|
2009-04-03 01:58:00 +02:00
|
|
|
return !tracehook_consider_ignored_signal(t, sig);
|
2005-04-17 00:20:36 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Re-calculate pending state from the set of locally pending
|
|
|
|
* signals, globally pending signals, and blocked signals.
|
|
|
|
*/
|
|
|
|
static inline int has_pending_signals(sigset_t *signal, sigset_t *blocked)
|
|
|
|
{
|
|
|
|
unsigned long ready;
|
|
|
|
long i;
|
|
|
|
|
|
|
|
switch (_NSIG_WORDS) {
|
|
|
|
default:
|
|
|
|
for (i = _NSIG_WORDS, ready = 0; --i >= 0 ;)
|
|
|
|
ready |= signal->sig[i] &~ blocked->sig[i];
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 4: ready = signal->sig[3] &~ blocked->sig[3];
|
|
|
|
ready |= signal->sig[2] &~ blocked->sig[2];
|
|
|
|
ready |= signal->sig[1] &~ blocked->sig[1];
|
|
|
|
ready |= signal->sig[0] &~ blocked->sig[0];
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 2: ready = signal->sig[1] &~ blocked->sig[1];
|
|
|
|
ready |= signal->sig[0] &~ blocked->sig[0];
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 1: ready = signal->sig[0] &~ blocked->sig[0];
|
|
|
|
}
|
|
|
|
return ready != 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
#define PENDING(p,b) has_pending_signals(&(p)->signal, (b))
|
|
|
|
|
2007-05-23 22:57:44 +02:00
|
|
|
static int recalc_sigpending_tsk(struct task_struct *t)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
|
|
|
if (t->signal->group_stop_count > 0 ||
|
|
|
|
PENDING(&t->pending, &t->blocked) ||
|
2007-05-23 22:57:44 +02:00
|
|
|
PENDING(&t->signal->shared_pending, &t->blocked)) {
|
2005-04-17 00:20:36 +02:00
|
|
|
set_tsk_thread_flag(t, TIF_SIGPENDING);
|
2007-05-23 22:57:44 +02:00
|
|
|
return 1;
|
|
|
|
}
|
2007-06-06 12:59:00 +02:00
|
|
|
/*
|
|
|
|
* We must never clear the flag in another thread, or in current
|
|
|
|
* when it's possible the current syscall is returning -ERESTART*.
|
|
|
|
* So we don't clear it here, and only callers who know they should do.
|
|
|
|
*/
|
2007-05-23 22:57:44 +02:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* After recalculating TIF_SIGPENDING, we need to make sure the task wakes up.
|
|
|
|
* This is superfluous when called on current, the wakeup is a harmless no-op.
|
|
|
|
*/
|
|
|
|
void recalc_sigpending_and_wake(struct task_struct *t)
|
|
|
|
{
|
|
|
|
if (recalc_sigpending_tsk(t))
|
|
|
|
signal_wake_up(t, 0);
|
2005-04-17 00:20:36 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
void recalc_sigpending(void)
|
|
|
|
{
|
2008-07-26 04:45:55 +02:00
|
|
|
if (unlikely(tracehook_force_sigpending()))
|
|
|
|
set_thread_flag(TIF_SIGPENDING);
|
|
|
|
else if (!recalc_sigpending_tsk(current) && !freezing(current))
|
2007-06-06 12:59:00 +02:00
|
|
|
clear_thread_flag(TIF_SIGPENDING);
|
|
|
|
|
2005-04-17 00:20:36 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Given the mask, find the first available signal that should be serviced. */
|
|
|
|
|
signal/timer/event: signalfd core
This patch series implements the new signalfd() system call.
I took part of the original Linus code (and you know how badly it can be
broken :), and I added even more breakage ;) Signals are fetched from the same
signal queue used by the process, so signalfd will compete with standard
kernel delivery in dequeue_signal(). If you want to reliably fetch signals on
the signalfd file, you need to block them with sigprocmask(SIG_BLOCK). This
seems to be working fine on my Dual Opteron machine. I made a quick test
program for it:
http://www.xmailserver.org/signafd-test.c
The signalfd() system call implements signal delivery into a file descriptor
receiver. The signalfd file descriptor if created with the following API:
int signalfd(int ufd, const sigset_t *mask, size_t masksize);
The "ufd" parameter allows to change an existing signalfd sigmask, w/out going
to close/create cycle (Linus idea). Use "ufd" == -1 if you want a brand new
signalfd file.
The "mask" allows to specify the signal mask of signals that we are interested
in. The "masksize" parameter is the size of "mask".
The signalfd fd supports the poll(2) and read(2) system calls. The poll(2)
will return POLLIN when signals are available to be dequeued. As a direct
consequence of supporting the Linux poll subsystem, the signalfd fd can use
used together with epoll(2) too.
The read(2) system call will return a "struct signalfd_siginfo" structure in
the userspace supplied buffer. The return value is the number of bytes copied
in the supplied buffer, or -1 in case of error. The read(2) call can also
return 0, in case the sighand structure to which the signalfd was attached,
has been orphaned. The O_NONBLOCK flag is also supported, and read(2) will
return -EAGAIN in case no signal is available.
If the size of the buffer passed to read(2) is lower than sizeof(struct
signalfd_siginfo), -EINVAL is returned. A read from the signalfd can also
return -ERESTARTSYS in case a signal hits the process. The format of the
struct signalfd_siginfo is, and the valid fields depends of the (->code &
__SI_MASK) value, in the same way a struct siginfo would:
struct signalfd_siginfo {
__u32 signo; /* si_signo */
__s32 err; /* si_errno */
__s32 code; /* si_code */
__u32 pid; /* si_pid */
__u32 uid; /* si_uid */
__s32 fd; /* si_fd */
__u32 tid; /* si_fd */
__u32 band; /* si_band */
__u32 overrun; /* si_overrun */
__u32 trapno; /* si_trapno */
__s32 status; /* si_status */
__s32 svint; /* si_int */
__u64 svptr; /* si_ptr */
__u64 utime; /* si_utime */
__u64 stime; /* si_stime */
__u64 addr; /* si_addr */
};
[akpm@linux-foundation.org: fix signalfd_copyinfo() on i386]
Signed-off-by: Davide Libenzi <davidel@xmailserver.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-05-11 07:23:13 +02:00
|
|
|
int next_signal(struct sigpending *pending, sigset_t *mask)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
|
|
|
unsigned long i, *s, *m, x;
|
|
|
|
int sig = 0;
|
|
|
|
|
|
|
|
s = pending->signal.sig;
|
|
|
|
m = mask->sig;
|
|
|
|
switch (_NSIG_WORDS) {
|
|
|
|
default:
|
|
|
|
for (i = 0; i < _NSIG_WORDS; ++i, ++s, ++m)
|
|
|
|
if ((x = *s &~ *m) != 0) {
|
|
|
|
sig = ffz(~x) + i*_NSIG_BPW + 1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 2: if ((x = s[0] &~ m[0]) != 0)
|
|
|
|
sig = 1;
|
|
|
|
else if ((x = s[1] &~ m[1]) != 0)
|
|
|
|
sig = _NSIG_BPW + 1;
|
|
|
|
else
|
|
|
|
break;
|
|
|
|
sig += ffz(~x);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 1: if ((x = *s &~ *m) != 0)
|
|
|
|
sig = ffz(~x) + 1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
return sig;
|
|
|
|
}
|
|
|
|
|
2008-11-14 00:39:19 +01:00
|
|
|
/*
|
|
|
|
* allocate a new signal queue record
|
|
|
|
* - this may be called without locks if and only if t == current, otherwise an
|
CRED: Inaugurate COW credentials
Inaugurate copy-on-write credentials management. This uses RCU to manage the
credentials pointer in the task_struct with respect to accesses by other tasks.
A process may only modify its own credentials, and so does not need locking to
access or modify its own credentials.
A mutex (cred_replace_mutex) is added to the task_struct to control the effect
of PTRACE_ATTACHED on credential calculations, particularly with respect to
execve().
With this patch, the contents of an active credentials struct may not be
changed directly; rather a new set of credentials must be prepared, modified
and committed using something like the following sequence of events:
struct cred *new = prepare_creds();
int ret = blah(new);
if (ret < 0) {
abort_creds(new);
return ret;
}
return commit_creds(new);
There are some exceptions to this rule: the keyrings pointed to by the active
credentials may be instantiated - keyrings violate the COW rule as managing
COW keyrings is tricky, given that it is possible for a task to directly alter
the keys in a keyring in use by another task.
To help enforce this, various pointers to sets of credentials, such as those in
the task_struct, are declared const. The purpose of this is compile-time
discouragement of altering credentials through those pointers. Once a set of
credentials has been made public through one of these pointers, it may not be
modified, except under special circumstances:
(1) Its reference count may incremented and decremented.
(2) The keyrings to which it points may be modified, but not replaced.
The only safe way to modify anything else is to create a replacement and commit
using the functions described in Documentation/credentials.txt (which will be
added by a later patch).
This patch and the preceding patches have been tested with the LTP SELinux
testsuite.
This patch makes several logical sets of alteration:
(1) execve().
This now prepares and commits credentials in various places in the
security code rather than altering the current creds directly.
(2) Temporary credential overrides.
do_coredump() and sys_faccessat() now prepare their own credentials and
temporarily override the ones currently on the acting thread, whilst
preventing interference from other threads by holding cred_replace_mutex
on the thread being dumped.
This will be replaced in a future patch by something that hands down the
credentials directly to the functions being called, rather than altering
the task's objective credentials.
(3) LSM interface.
A number of functions have been changed, added or removed:
(*) security_capset_check(), ->capset_check()
(*) security_capset_set(), ->capset_set()
Removed in favour of security_capset().
(*) security_capset(), ->capset()
New. This is passed a pointer to the new creds, a pointer to the old
creds and the proposed capability sets. It should fill in the new
creds or return an error. All pointers, barring the pointer to the
new creds, are now const.
(*) security_bprm_apply_creds(), ->bprm_apply_creds()
Changed; now returns a value, which will cause the process to be
killed if it's an error.
(*) security_task_alloc(), ->task_alloc_security()
Removed in favour of security_prepare_creds().
(*) security_cred_free(), ->cred_free()
New. Free security data attached to cred->security.
(*) security_prepare_creds(), ->cred_prepare()
New. Duplicate any security data attached to cred->security.
(*) security_commit_creds(), ->cred_commit()
New. Apply any security effects for the upcoming installation of new
security by commit_creds().
(*) security_task_post_setuid(), ->task_post_setuid()
Removed in favour of security_task_fix_setuid().
(*) security_task_fix_setuid(), ->task_fix_setuid()
Fix up the proposed new credentials for setuid(). This is used by
cap_set_fix_setuid() to implicitly adjust capabilities in line with
setuid() changes. Changes are made to the new credentials, rather
than the task itself as in security_task_post_setuid().
(*) security_task_reparent_to_init(), ->task_reparent_to_init()
Removed. Instead the task being reparented to init is referred
directly to init's credentials.
NOTE! This results in the loss of some state: SELinux's osid no
longer records the sid of the thread that forked it.
(*) security_key_alloc(), ->key_alloc()
(*) security_key_permission(), ->key_permission()
Changed. These now take cred pointers rather than task pointers to
refer to the security context.
(4) sys_capset().
This has been simplified and uses less locking. The LSM functions it
calls have been merged.
(5) reparent_to_kthreadd().
This gives the current thread the same credentials as init by simply using
commit_thread() to point that way.
(6) __sigqueue_alloc() and switch_uid()
__sigqueue_alloc() can't stop the target task from changing its creds
beneath it, so this function gets a reference to the currently applicable
user_struct which it then passes into the sigqueue struct it returns if
successful.
switch_uid() is now called from commit_creds(), and possibly should be
folded into that. commit_creds() should take care of protecting
__sigqueue_alloc().
(7) [sg]et[ug]id() and co and [sg]et_current_groups.
The set functions now all use prepare_creds(), commit_creds() and
abort_creds() to build and check a new set of credentials before applying
it.
security_task_set[ug]id() is called inside the prepared section. This
guarantees that nothing else will affect the creds until we've finished.
The calling of set_dumpable() has been moved into commit_creds().
Much of the functionality of set_user() has been moved into
commit_creds().
The get functions all simply access the data directly.
(8) security_task_prctl() and cap_task_prctl().
security_task_prctl() has been modified to return -ENOSYS if it doesn't
want to handle a function, or otherwise return the return value directly
rather than through an argument.
Additionally, cap_task_prctl() now prepares a new set of credentials, even
if it doesn't end up using it.
(9) Keyrings.
A number of changes have been made to the keyrings code:
(a) switch_uid_keyring(), copy_keys(), exit_keys() and suid_keys() have
all been dropped and built in to the credentials functions directly.
They may want separating out again later.
(b) key_alloc() and search_process_keyrings() now take a cred pointer
rather than a task pointer to specify the security context.
(c) copy_creds() gives a new thread within the same thread group a new
thread keyring if its parent had one, otherwise it discards the thread
keyring.
(d) The authorisation key now points directly to the credentials to extend
the search into rather pointing to the task that carries them.
(e) Installing thread, process or session keyrings causes a new set of
credentials to be created, even though it's not strictly necessary for
process or session keyrings (they're shared).
(10) Usermode helper.
The usermode helper code now carries a cred struct pointer in its
subprocess_info struct instead of a new session keyring pointer. This set
of credentials is derived from init_cred and installed on the new process
after it has been cloned.
call_usermodehelper_setup() allocates the new credentials and
call_usermodehelper_freeinfo() discards them if they haven't been used. A
special cred function (prepare_usermodeinfo_creds()) is provided
specifically for call_usermodehelper_setup() to call.
call_usermodehelper_setkeys() adjusts the credentials to sport the
supplied keyring as the new session keyring.
(11) SELinux.
SELinux has a number of changes, in addition to those to support the LSM
interface changes mentioned above:
(a) selinux_setprocattr() no longer does its check for whether the
current ptracer can access processes with the new SID inside the lock
that covers getting the ptracer's SID. Whilst this lock ensures that
the check is done with the ptracer pinned, the result is only valid
until the lock is released, so there's no point doing it inside the
lock.
(12) is_single_threaded().
This function has been extracted from selinux_setprocattr() and put into
a file of its own in the lib/ directory as join_session_keyring() now
wants to use it too.
The code in SELinux just checked to see whether a task shared mm_structs
with other tasks (CLONE_VM), but that isn't good enough. We really want
to know if they're part of the same thread group (CLONE_THREAD).
(13) nfsd.
The NFS server daemon now has to use the COW credentials to set the
credentials it is going to use. It really needs to pass the credentials
down to the functions it calls, but it can't do that until other patches
in this series have been applied.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: James Morris <jmorris@namei.org>
2008-11-14 00:39:23 +01:00
|
|
|
* appopriate lock must be held to stop the target task from exiting
|
2008-11-14 00:39:19 +01:00
|
|
|
*/
|
2005-10-07 08:46:04 +02:00
|
|
|
static struct sigqueue *__sigqueue_alloc(struct task_struct *t, gfp_t flags,
|
2005-04-17 00:20:36 +02:00
|
|
|
int override_rlimit)
|
|
|
|
{
|
|
|
|
struct sigqueue *q = NULL;
|
2006-11-04 22:03:00 +01:00
|
|
|
struct user_struct *user;
|
2005-04-17 00:20:36 +02:00
|
|
|
|
2006-11-04 22:03:00 +01:00
|
|
|
/*
|
2008-11-14 00:39:19 +01:00
|
|
|
* We won't get problems with the target's UID changing under us
|
|
|
|
* because changing it requires RCU be used, and if t != current, the
|
|
|
|
* caller must be holding the RCU readlock (by way of a spinlock) and
|
|
|
|
* we use RCU protection here
|
2006-11-04 22:03:00 +01:00
|
|
|
*/
|
CRED: Inaugurate COW credentials
Inaugurate copy-on-write credentials management. This uses RCU to manage the
credentials pointer in the task_struct with respect to accesses by other tasks.
A process may only modify its own credentials, and so does not need locking to
access or modify its own credentials.
A mutex (cred_replace_mutex) is added to the task_struct to control the effect
of PTRACE_ATTACHED on credential calculations, particularly with respect to
execve().
With this patch, the contents of an active credentials struct may not be
changed directly; rather a new set of credentials must be prepared, modified
and committed using something like the following sequence of events:
struct cred *new = prepare_creds();
int ret = blah(new);
if (ret < 0) {
abort_creds(new);
return ret;
}
return commit_creds(new);
There are some exceptions to this rule: the keyrings pointed to by the active
credentials may be instantiated - keyrings violate the COW rule as managing
COW keyrings is tricky, given that it is possible for a task to directly alter
the keys in a keyring in use by another task.
To help enforce this, various pointers to sets of credentials, such as those in
the task_struct, are declared const. The purpose of this is compile-time
discouragement of altering credentials through those pointers. Once a set of
credentials has been made public through one of these pointers, it may not be
modified, except under special circumstances:
(1) Its reference count may incremented and decremented.
(2) The keyrings to which it points may be modified, but not replaced.
The only safe way to modify anything else is to create a replacement and commit
using the functions described in Documentation/credentials.txt (which will be
added by a later patch).
This patch and the preceding patches have been tested with the LTP SELinux
testsuite.
This patch makes several logical sets of alteration:
(1) execve().
This now prepares and commits credentials in various places in the
security code rather than altering the current creds directly.
(2) Temporary credential overrides.
do_coredump() and sys_faccessat() now prepare their own credentials and
temporarily override the ones currently on the acting thread, whilst
preventing interference from other threads by holding cred_replace_mutex
on the thread being dumped.
This will be replaced in a future patch by something that hands down the
credentials directly to the functions being called, rather than altering
the task's objective credentials.
(3) LSM interface.
A number of functions have been changed, added or removed:
(*) security_capset_check(), ->capset_check()
(*) security_capset_set(), ->capset_set()
Removed in favour of security_capset().
(*) security_capset(), ->capset()
New. This is passed a pointer to the new creds, a pointer to the old
creds and the proposed capability sets. It should fill in the new
creds or return an error. All pointers, barring the pointer to the
new creds, are now const.
(*) security_bprm_apply_creds(), ->bprm_apply_creds()
Changed; now returns a value, which will cause the process to be
killed if it's an error.
(*) security_task_alloc(), ->task_alloc_security()
Removed in favour of security_prepare_creds().
(*) security_cred_free(), ->cred_free()
New. Free security data attached to cred->security.
(*) security_prepare_creds(), ->cred_prepare()
New. Duplicate any security data attached to cred->security.
(*) security_commit_creds(), ->cred_commit()
New. Apply any security effects for the upcoming installation of new
security by commit_creds().
(*) security_task_post_setuid(), ->task_post_setuid()
Removed in favour of security_task_fix_setuid().
(*) security_task_fix_setuid(), ->task_fix_setuid()
Fix up the proposed new credentials for setuid(). This is used by
cap_set_fix_setuid() to implicitly adjust capabilities in line with
setuid() changes. Changes are made to the new credentials, rather
than the task itself as in security_task_post_setuid().
(*) security_task_reparent_to_init(), ->task_reparent_to_init()
Removed. Instead the task being reparented to init is referred
directly to init's credentials.
NOTE! This results in the loss of some state: SELinux's osid no
longer records the sid of the thread that forked it.
(*) security_key_alloc(), ->key_alloc()
(*) security_key_permission(), ->key_permission()
Changed. These now take cred pointers rather than task pointers to
refer to the security context.
(4) sys_capset().
This has been simplified and uses less locking. The LSM functions it
calls have been merged.
(5) reparent_to_kthreadd().
This gives the current thread the same credentials as init by simply using
commit_thread() to point that way.
(6) __sigqueue_alloc() and switch_uid()
__sigqueue_alloc() can't stop the target task from changing its creds
beneath it, so this function gets a reference to the currently applicable
user_struct which it then passes into the sigqueue struct it returns if
successful.
switch_uid() is now called from commit_creds(), and possibly should be
folded into that. commit_creds() should take care of protecting
__sigqueue_alloc().
(7) [sg]et[ug]id() and co and [sg]et_current_groups.
The set functions now all use prepare_creds(), commit_creds() and
abort_creds() to build and check a new set of credentials before applying
it.
security_task_set[ug]id() is called inside the prepared section. This
guarantees that nothing else will affect the creds until we've finished.
The calling of set_dumpable() has been moved into commit_creds().
Much of the functionality of set_user() has been moved into
commit_creds().
The get functions all simply access the data directly.
(8) security_task_prctl() and cap_task_prctl().
security_task_prctl() has been modified to return -ENOSYS if it doesn't
want to handle a function, or otherwise return the return value directly
rather than through an argument.
Additionally, cap_task_prctl() now prepares a new set of credentials, even
if it doesn't end up using it.
(9) Keyrings.
A number of changes have been made to the keyrings code:
(a) switch_uid_keyring(), copy_keys(), exit_keys() and suid_keys() have
all been dropped and built in to the credentials functions directly.
They may want separating out again later.
(b) key_alloc() and search_process_keyrings() now take a cred pointer
rather than a task pointer to specify the security context.
(c) copy_creds() gives a new thread within the same thread group a new
thread keyring if its parent had one, otherwise it discards the thread
keyring.
(d) The authorisation key now points directly to the credentials to extend
the search into rather pointing to the task that carries them.
(e) Installing thread, process or session keyrings causes a new set of
credentials to be created, even though it's not strictly necessary for
process or session keyrings (they're shared).
(10) Usermode helper.
The usermode helper code now carries a cred struct pointer in its
subprocess_info struct instead of a new session keyring pointer. This set
of credentials is derived from init_cred and installed on the new process
after it has been cloned.
call_usermodehelper_setup() allocates the new credentials and
call_usermodehelper_freeinfo() discards them if they haven't been used. A
special cred function (prepare_usermodeinfo_creds()) is provided
specifically for call_usermodehelper_setup() to call.
call_usermodehelper_setkeys() adjusts the credentials to sport the
supplied keyring as the new session keyring.
(11) SELinux.
SELinux has a number of changes, in addition to those to support the LSM
interface changes mentioned above:
(a) selinux_setprocattr() no longer does its check for whether the
current ptracer can access processes with the new SID inside the lock
that covers getting the ptracer's SID. Whilst this lock ensures that
the check is done with the ptracer pinned, the result is only valid
until the lock is released, so there's no point doing it inside the
lock.
(12) is_single_threaded().
This function has been extracted from selinux_setprocattr() and put into
a file of its own in the lib/ directory as join_session_keyring() now
wants to use it too.
The code in SELinux just checked to see whether a task shared mm_structs
with other tasks (CLONE_VM), but that isn't good enough. We really want
to know if they're part of the same thread group (CLONE_THREAD).
(13) nfsd.
The NFS server daemon now has to use the COW credentials to set the
credentials it is going to use. It really needs to pass the credentials
down to the functions it calls, but it can't do that until other patches
in this series have been applied.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: James Morris <jmorris@namei.org>
2008-11-14 00:39:23 +01:00
|
|
|
user = get_uid(__task_cred(t)->user);
|
2006-11-04 22:03:00 +01:00
|
|
|
atomic_inc(&user->sigpending);
|
2005-04-17 00:20:36 +02:00
|
|
|
if (override_rlimit ||
|
2006-11-04 22:03:00 +01:00
|
|
|
atomic_read(&user->sigpending) <=
|
2005-04-17 00:20:36 +02:00
|
|
|
t->signal->rlim[RLIMIT_SIGPENDING].rlim_cur)
|
|
|
|
q = kmem_cache_alloc(sigqueue_cachep, flags);
|
|
|
|
if (unlikely(q == NULL)) {
|
2006-11-04 22:03:00 +01:00
|
|
|
atomic_dec(&user->sigpending);
|
CRED: Inaugurate COW credentials
Inaugurate copy-on-write credentials management. This uses RCU to manage the
credentials pointer in the task_struct with respect to accesses by other tasks.
A process may only modify its own credentials, and so does not need locking to
access or modify its own credentials.
A mutex (cred_replace_mutex) is added to the task_struct to control the effect
of PTRACE_ATTACHED on credential calculations, particularly with respect to
execve().
With this patch, the contents of an active credentials struct may not be
changed directly; rather a new set of credentials must be prepared, modified
and committed using something like the following sequence of events:
struct cred *new = prepare_creds();
int ret = blah(new);
if (ret < 0) {
abort_creds(new);
return ret;
}
return commit_creds(new);
There are some exceptions to this rule: the keyrings pointed to by the active
credentials may be instantiated - keyrings violate the COW rule as managing
COW keyrings is tricky, given that it is possible for a task to directly alter
the keys in a keyring in use by another task.
To help enforce this, various pointers to sets of credentials, such as those in
the task_struct, are declared const. The purpose of this is compile-time
discouragement of altering credentials through those pointers. Once a set of
credentials has been made public through one of these pointers, it may not be
modified, except under special circumstances:
(1) Its reference count may incremented and decremented.
(2) The keyrings to which it points may be modified, but not replaced.
The only safe way to modify anything else is to create a replacement and commit
using the functions described in Documentation/credentials.txt (which will be
added by a later patch).
This patch and the preceding patches have been tested with the LTP SELinux
testsuite.
This patch makes several logical sets of alteration:
(1) execve().
This now prepares and commits credentials in various places in the
security code rather than altering the current creds directly.
(2) Temporary credential overrides.
do_coredump() and sys_faccessat() now prepare their own credentials and
temporarily override the ones currently on the acting thread, whilst
preventing interference from other threads by holding cred_replace_mutex
on the thread being dumped.
This will be replaced in a future patch by something that hands down the
credentials directly to the functions being called, rather than altering
the task's objective credentials.
(3) LSM interface.
A number of functions have been changed, added or removed:
(*) security_capset_check(), ->capset_check()
(*) security_capset_set(), ->capset_set()
Removed in favour of security_capset().
(*) security_capset(), ->capset()
New. This is passed a pointer to the new creds, a pointer to the old
creds and the proposed capability sets. It should fill in the new
creds or return an error. All pointers, barring the pointer to the
new creds, are now const.
(*) security_bprm_apply_creds(), ->bprm_apply_creds()
Changed; now returns a value, which will cause the process to be
killed if it's an error.
(*) security_task_alloc(), ->task_alloc_security()
Removed in favour of security_prepare_creds().
(*) security_cred_free(), ->cred_free()
New. Free security data attached to cred->security.
(*) security_prepare_creds(), ->cred_prepare()
New. Duplicate any security data attached to cred->security.
(*) security_commit_creds(), ->cred_commit()
New. Apply any security effects for the upcoming installation of new
security by commit_creds().
(*) security_task_post_setuid(), ->task_post_setuid()
Removed in favour of security_task_fix_setuid().
(*) security_task_fix_setuid(), ->task_fix_setuid()
Fix up the proposed new credentials for setuid(). This is used by
cap_set_fix_setuid() to implicitly adjust capabilities in line with
setuid() changes. Changes are made to the new credentials, rather
than the task itself as in security_task_post_setuid().
(*) security_task_reparent_to_init(), ->task_reparent_to_init()
Removed. Instead the task being reparented to init is referred
directly to init's credentials.
NOTE! This results in the loss of some state: SELinux's osid no
longer records the sid of the thread that forked it.
(*) security_key_alloc(), ->key_alloc()
(*) security_key_permission(), ->key_permission()
Changed. These now take cred pointers rather than task pointers to
refer to the security context.
(4) sys_capset().
This has been simplified and uses less locking. The LSM functions it
calls have been merged.
(5) reparent_to_kthreadd().
This gives the current thread the same credentials as init by simply using
commit_thread() to point that way.
(6) __sigqueue_alloc() and switch_uid()
__sigqueue_alloc() can't stop the target task from changing its creds
beneath it, so this function gets a reference to the currently applicable
user_struct which it then passes into the sigqueue struct it returns if
successful.
switch_uid() is now called from commit_creds(), and possibly should be
folded into that. commit_creds() should take care of protecting
__sigqueue_alloc().
(7) [sg]et[ug]id() and co and [sg]et_current_groups.
The set functions now all use prepare_creds(), commit_creds() and
abort_creds() to build and check a new set of credentials before applying
it.
security_task_set[ug]id() is called inside the prepared section. This
guarantees that nothing else will affect the creds until we've finished.
The calling of set_dumpable() has been moved into commit_creds().
Much of the functionality of set_user() has been moved into
commit_creds().
The get functions all simply access the data directly.
(8) security_task_prctl() and cap_task_prctl().
security_task_prctl() has been modified to return -ENOSYS if it doesn't
want to handle a function, or otherwise return the return value directly
rather than through an argument.
Additionally, cap_task_prctl() now prepares a new set of credentials, even
if it doesn't end up using it.
(9) Keyrings.
A number of changes have been made to the keyrings code:
(a) switch_uid_keyring(), copy_keys(), exit_keys() and suid_keys() have
all been dropped and built in to the credentials functions directly.
They may want separating out again later.
(b) key_alloc() and search_process_keyrings() now take a cred pointer
rather than a task pointer to specify the security context.
(c) copy_creds() gives a new thread within the same thread group a new
thread keyring if its parent had one, otherwise it discards the thread
keyring.
(d) The authorisation key now points directly to the credentials to extend
the search into rather pointing to the task that carries them.
(e) Installing thread, process or session keyrings causes a new set of
credentials to be created, even though it's not strictly necessary for
process or session keyrings (they're shared).
(10) Usermode helper.
The usermode helper code now carries a cred struct pointer in its
subprocess_info struct instead of a new session keyring pointer. This set
of credentials is derived from init_cred and installed on the new process
after it has been cloned.
call_usermodehelper_setup() allocates the new credentials and
call_usermodehelper_freeinfo() discards them if they haven't been used. A
special cred function (prepare_usermodeinfo_creds()) is provided
specifically for call_usermodehelper_setup() to call.
call_usermodehelper_setkeys() adjusts the credentials to sport the
supplied keyring as the new session keyring.
(11) SELinux.
SELinux has a number of changes, in addition to those to support the LSM
interface changes mentioned above:
(a) selinux_setprocattr() no longer does its check for whether the
current ptracer can access processes with the new SID inside the lock
that covers getting the ptracer's SID. Whilst this lock ensures that
the check is done with the ptracer pinned, the result is only valid
until the lock is released, so there's no point doing it inside the
lock.
(12) is_single_threaded().
This function has been extracted from selinux_setprocattr() and put into
a file of its own in the lib/ directory as join_session_keyring() now
wants to use it too.
The code in SELinux just checked to see whether a task shared mm_structs
with other tasks (CLONE_VM), but that isn't good enough. We really want
to know if they're part of the same thread group (CLONE_THREAD).
(13) nfsd.
The NFS server daemon now has to use the COW credentials to set the
credentials it is going to use. It really needs to pass the credentials
down to the functions it calls, but it can't do that until other patches
in this series have been applied.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: James Morris <jmorris@namei.org>
2008-11-14 00:39:23 +01:00
|
|
|
free_uid(user);
|
2005-04-17 00:20:36 +02:00
|
|
|
} else {
|
|
|
|
INIT_LIST_HEAD(&q->list);
|
|
|
|
q->flags = 0;
|
CRED: Inaugurate COW credentials
Inaugurate copy-on-write credentials management. This uses RCU to manage the
credentials pointer in the task_struct with respect to accesses by other tasks.
A process may only modify its own credentials, and so does not need locking to
access or modify its own credentials.
A mutex (cred_replace_mutex) is added to the task_struct to control the effect
of PTRACE_ATTACHED on credential calculations, particularly with respect to
execve().
With this patch, the contents of an active credentials struct may not be
changed directly; rather a new set of credentials must be prepared, modified
and committed using something like the following sequence of events:
struct cred *new = prepare_creds();
int ret = blah(new);
if (ret < 0) {
abort_creds(new);
return ret;
}
return commit_creds(new);
There are some exceptions to this rule: the keyrings pointed to by the active
credentials may be instantiated - keyrings violate the COW rule as managing
COW keyrings is tricky, given that it is possible for a task to directly alter
the keys in a keyring in use by another task.
To help enforce this, various pointers to sets of credentials, such as those in
the task_struct, are declared const. The purpose of this is compile-time
discouragement of altering credentials through those pointers. Once a set of
credentials has been made public through one of these pointers, it may not be
modified, except under special circumstances:
(1) Its reference count may incremented and decremented.
(2) The keyrings to which it points may be modified, but not replaced.
The only safe way to modify anything else is to create a replacement and commit
using the functions described in Documentation/credentials.txt (which will be
added by a later patch).
This patch and the preceding patches have been tested with the LTP SELinux
testsuite.
This patch makes several logical sets of alteration:
(1) execve().
This now prepares and commits credentials in various places in the
security code rather than altering the current creds directly.
(2) Temporary credential overrides.
do_coredump() and sys_faccessat() now prepare their own credentials and
temporarily override the ones currently on the acting thread, whilst
preventing interference from other threads by holding cred_replace_mutex
on the thread being dumped.
This will be replaced in a future patch by something that hands down the
credentials directly to the functions being called, rather than altering
the task's objective credentials.
(3) LSM interface.
A number of functions have been changed, added or removed:
(*) security_capset_check(), ->capset_check()
(*) security_capset_set(), ->capset_set()
Removed in favour of security_capset().
(*) security_capset(), ->capset()
New. This is passed a pointer to the new creds, a pointer to the old
creds and the proposed capability sets. It should fill in the new
creds or return an error. All pointers, barring the pointer to the
new creds, are now const.
(*) security_bprm_apply_creds(), ->bprm_apply_creds()
Changed; now returns a value, which will cause the process to be
killed if it's an error.
(*) security_task_alloc(), ->task_alloc_security()
Removed in favour of security_prepare_creds().
(*) security_cred_free(), ->cred_free()
New. Free security data attached to cred->security.
(*) security_prepare_creds(), ->cred_prepare()
New. Duplicate any security data attached to cred->security.
(*) security_commit_creds(), ->cred_commit()
New. Apply any security effects for the upcoming installation of new
security by commit_creds().
(*) security_task_post_setuid(), ->task_post_setuid()
Removed in favour of security_task_fix_setuid().
(*) security_task_fix_setuid(), ->task_fix_setuid()
Fix up the proposed new credentials for setuid(). This is used by
cap_set_fix_setuid() to implicitly adjust capabilities in line with
setuid() changes. Changes are made to the new credentials, rather
than the task itself as in security_task_post_setuid().
(*) security_task_reparent_to_init(), ->task_reparent_to_init()
Removed. Instead the task being reparented to init is referred
directly to init's credentials.
NOTE! This results in the loss of some state: SELinux's osid no
longer records the sid of the thread that forked it.
(*) security_key_alloc(), ->key_alloc()
(*) security_key_permission(), ->key_permission()
Changed. These now take cred pointers rather than task pointers to
refer to the security context.
(4) sys_capset().
This has been simplified and uses less locking. The LSM functions it
calls have been merged.
(5) reparent_to_kthreadd().
This gives the current thread the same credentials as init by simply using
commit_thread() to point that way.
(6) __sigqueue_alloc() and switch_uid()
__sigqueue_alloc() can't stop the target task from changing its creds
beneath it, so this function gets a reference to the currently applicable
user_struct which it then passes into the sigqueue struct it returns if
successful.
switch_uid() is now called from commit_creds(), and possibly should be
folded into that. commit_creds() should take care of protecting
__sigqueue_alloc().
(7) [sg]et[ug]id() and co and [sg]et_current_groups.
The set functions now all use prepare_creds(), commit_creds() and
abort_creds() to build and check a new set of credentials before applying
it.
security_task_set[ug]id() is called inside the prepared section. This
guarantees that nothing else will affect the creds until we've finished.
The calling of set_dumpable() has been moved into commit_creds().
Much of the functionality of set_user() has been moved into
commit_creds().
The get functions all simply access the data directly.
(8) security_task_prctl() and cap_task_prctl().
security_task_prctl() has been modified to return -ENOSYS if it doesn't
want to handle a function, or otherwise return the return value directly
rather than through an argument.
Additionally, cap_task_prctl() now prepares a new set of credentials, even
if it doesn't end up using it.
(9) Keyrings.
A number of changes have been made to the keyrings code:
(a) switch_uid_keyring(), copy_keys(), exit_keys() and suid_keys() have
all been dropped and built in to the credentials functions directly.
They may want separating out again later.
(b) key_alloc() and search_process_keyrings() now take a cred pointer
rather than a task pointer to specify the security context.
(c) copy_creds() gives a new thread within the same thread group a new
thread keyring if its parent had one, otherwise it discards the thread
keyring.
(d) The authorisation key now points directly to the credentials to extend
the search into rather pointing to the task that carries them.
(e) Installing thread, process or session keyrings causes a new set of
credentials to be created, even though it's not strictly necessary for
process or session keyrings (they're shared).
(10) Usermode helper.
The usermode helper code now carries a cred struct pointer in its
subprocess_info struct instead of a new session keyring pointer. This set
of credentials is derived from init_cred and installed on the new process
after it has been cloned.
call_usermodehelper_setup() allocates the new credentials and
call_usermodehelper_freeinfo() discards them if they haven't been used. A
special cred function (prepare_usermodeinfo_creds()) is provided
specifically for call_usermodehelper_setup() to call.
call_usermodehelper_setkeys() adjusts the credentials to sport the
supplied keyring as the new session keyring.
(11) SELinux.
SELinux has a number of changes, in addition to those to support the LSM
interface changes mentioned above:
(a) selinux_setprocattr() no longer does its check for whether the
current ptracer can access processes with the new SID inside the lock
that covers getting the ptracer's SID. Whilst this lock ensures that
the check is done with the ptracer pinned, the result is only valid
until the lock is released, so there's no point doing it inside the
lock.
(12) is_single_threaded().
This function has been extracted from selinux_setprocattr() and put into
a file of its own in the lib/ directory as join_session_keyring() now
wants to use it too.
The code in SELinux just checked to see whether a task shared mm_structs
with other tasks (CLONE_VM), but that isn't good enough. We really want
to know if they're part of the same thread group (CLONE_THREAD).
(13) nfsd.
The NFS server daemon now has to use the COW credentials to set the
credentials it is going to use. It really needs to pass the credentials
down to the functions it calls, but it can't do that until other patches
in this series have been applied.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: James Morris <jmorris@namei.org>
2008-11-14 00:39:23 +01:00
|
|
|
q->user = user;
|
2005-04-17 00:20:36 +02:00
|
|
|
}
|
CRED: Inaugurate COW credentials
Inaugurate copy-on-write credentials management. This uses RCU to manage the
credentials pointer in the task_struct with respect to accesses by other tasks.
A process may only modify its own credentials, and so does not need locking to
access or modify its own credentials.
A mutex (cred_replace_mutex) is added to the task_struct to control the effect
of PTRACE_ATTACHED on credential calculations, particularly with respect to
execve().
With this patch, the contents of an active credentials struct may not be
changed directly; rather a new set of credentials must be prepared, modified
and committed using something like the following sequence of events:
struct cred *new = prepare_creds();
int ret = blah(new);
if (ret < 0) {
abort_creds(new);
return ret;
}
return commit_creds(new);
There are some exceptions to this rule: the keyrings pointed to by the active
credentials may be instantiated - keyrings violate the COW rule as managing
COW keyrings is tricky, given that it is possible for a task to directly alter
the keys in a keyring in use by another task.
To help enforce this, various pointers to sets of credentials, such as those in
the task_struct, are declared const. The purpose of this is compile-time
discouragement of altering credentials through those pointers. Once a set of
credentials has been made public through one of these pointers, it may not be
modified, except under special circumstances:
(1) Its reference count may incremented and decremented.
(2) The keyrings to which it points may be modified, but not replaced.
The only safe way to modify anything else is to create a replacement and commit
using the functions described in Documentation/credentials.txt (which will be
added by a later patch).
This patch and the preceding patches have been tested with the LTP SELinux
testsuite.
This patch makes several logical sets of alteration:
(1) execve().
This now prepares and commits credentials in various places in the
security code rather than altering the current creds directly.
(2) Temporary credential overrides.
do_coredump() and sys_faccessat() now prepare their own credentials and
temporarily override the ones currently on the acting thread, whilst
preventing interference from other threads by holding cred_replace_mutex
on the thread being dumped.
This will be replaced in a future patch by something that hands down the
credentials directly to the functions being called, rather than altering
the task's objective credentials.
(3) LSM interface.
A number of functions have been changed, added or removed:
(*) security_capset_check(), ->capset_check()
(*) security_capset_set(), ->capset_set()
Removed in favour of security_capset().
(*) security_capset(), ->capset()
New. This is passed a pointer to the new creds, a pointer to the old
creds and the proposed capability sets. It should fill in the new
creds or return an error. All pointers, barring the pointer to the
new creds, are now const.
(*) security_bprm_apply_creds(), ->bprm_apply_creds()
Changed; now returns a value, which will cause the process to be
killed if it's an error.
(*) security_task_alloc(), ->task_alloc_security()
Removed in favour of security_prepare_creds().
(*) security_cred_free(), ->cred_free()
New. Free security data attached to cred->security.
(*) security_prepare_creds(), ->cred_prepare()
New. Duplicate any security data attached to cred->security.
(*) security_commit_creds(), ->cred_commit()
New. Apply any security effects for the upcoming installation of new
security by commit_creds().
(*) security_task_post_setuid(), ->task_post_setuid()
Removed in favour of security_task_fix_setuid().
(*) security_task_fix_setuid(), ->task_fix_setuid()
Fix up the proposed new credentials for setuid(). This is used by
cap_set_fix_setuid() to implicitly adjust capabilities in line with
setuid() changes. Changes are made to the new credentials, rather
than the task itself as in security_task_post_setuid().
(*) security_task_reparent_to_init(), ->task_reparent_to_init()
Removed. Instead the task being reparented to init is referred
directly to init's credentials.
NOTE! This results in the loss of some state: SELinux's osid no
longer records the sid of the thread that forked it.
(*) security_key_alloc(), ->key_alloc()
(*) security_key_permission(), ->key_permission()
Changed. These now take cred pointers rather than task pointers to
refer to the security context.
(4) sys_capset().
This has been simplified and uses less locking. The LSM functions it
calls have been merged.
(5) reparent_to_kthreadd().
This gives the current thread the same credentials as init by simply using
commit_thread() to point that way.
(6) __sigqueue_alloc() and switch_uid()
__sigqueue_alloc() can't stop the target task from changing its creds
beneath it, so this function gets a reference to the currently applicable
user_struct which it then passes into the sigqueue struct it returns if
successful.
switch_uid() is now called from commit_creds(), and possibly should be
folded into that. commit_creds() should take care of protecting
__sigqueue_alloc().
(7) [sg]et[ug]id() and co and [sg]et_current_groups.
The set functions now all use prepare_creds(), commit_creds() and
abort_creds() to build and check a new set of credentials before applying
it.
security_task_set[ug]id() is called inside the prepared section. This
guarantees that nothing else will affect the creds until we've finished.
The calling of set_dumpable() has been moved into commit_creds().
Much of the functionality of set_user() has been moved into
commit_creds().
The get functions all simply access the data directly.
(8) security_task_prctl() and cap_task_prctl().
security_task_prctl() has been modified to return -ENOSYS if it doesn't
want to handle a function, or otherwise return the return value directly
rather than through an argument.
Additionally, cap_task_prctl() now prepares a new set of credentials, even
if it doesn't end up using it.
(9) Keyrings.
A number of changes have been made to the keyrings code:
(a) switch_uid_keyring(), copy_keys(), exit_keys() and suid_keys() have
all been dropped and built in to the credentials functions directly.
They may want separating out again later.
(b) key_alloc() and search_process_keyrings() now take a cred pointer
rather than a task pointer to specify the security context.
(c) copy_creds() gives a new thread within the same thread group a new
thread keyring if its parent had one, otherwise it discards the thread
keyring.
(d) The authorisation key now points directly to the credentials to extend
the search into rather pointing to the task that carries them.
(e) Installing thread, process or session keyrings causes a new set of
credentials to be created, even though it's not strictly necessary for
process or session keyrings (they're shared).
(10) Usermode helper.
The usermode helper code now carries a cred struct pointer in its
subprocess_info struct instead of a new session keyring pointer. This set
of credentials is derived from init_cred and installed on the new process
after it has been cloned.
call_usermodehelper_setup() allocates the new credentials and
call_usermodehelper_freeinfo() discards them if they haven't been used. A
special cred function (prepare_usermodeinfo_creds()) is provided
specifically for call_usermodehelper_setup() to call.
call_usermodehelper_setkeys() adjusts the credentials to sport the
supplied keyring as the new session keyring.
(11) SELinux.
SELinux has a number of changes, in addition to those to support the LSM
interface changes mentioned above:
(a) selinux_setprocattr() no longer does its check for whether the
current ptracer can access processes with the new SID inside the lock
that covers getting the ptracer's SID. Whilst this lock ensures that
the check is done with the ptracer pinned, the result is only valid
until the lock is released, so there's no point doing it inside the
lock.
(12) is_single_threaded().
This function has been extracted from selinux_setprocattr() and put into
a file of its own in the lib/ directory as join_session_keyring() now
wants to use it too.
The code in SELinux just checked to see whether a task shared mm_structs
with other tasks (CLONE_VM), but that isn't good enough. We really want
to know if they're part of the same thread group (CLONE_THREAD).
(13) nfsd.
The NFS server daemon now has to use the COW credentials to set the
credentials it is going to use. It really needs to pass the credentials
down to the functions it calls, but it can't do that until other patches
in this series have been applied.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: James Morris <jmorris@namei.org>
2008-11-14 00:39:23 +01:00
|
|
|
|
|
|
|
return q;
|
2005-04-17 00:20:36 +02:00
|
|
|
}
|
|
|
|
|
2006-02-03 12:04:41 +01:00
|
|
|
static void __sigqueue_free(struct sigqueue *q)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
|
|
|
if (q->flags & SIGQUEUE_PREALLOC)
|
|
|
|
return;
|
|
|
|
atomic_dec(&q->user->sigpending);
|
|
|
|
free_uid(q->user);
|
|
|
|
kmem_cache_free(sigqueue_cachep, q);
|
|
|
|
}
|
|
|
|
|
2006-03-29 02:11:18 +02:00
|
|
|
void flush_sigqueue(struct sigpending *queue)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
|
|
|
struct sigqueue *q;
|
|
|
|
|
|
|
|
sigemptyset(&queue->signal);
|
|
|
|
while (!list_empty(&queue->list)) {
|
|
|
|
q = list_entry(queue->list.next, struct sigqueue , list);
|
|
|
|
list_del_init(&q->list);
|
|
|
|
__sigqueue_free(q);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Flush all pending signals for a task.
|
|
|
|
*/
|
2009-04-29 14:45:05 +02:00
|
|
|
void __flush_signals(struct task_struct *t)
|
|
|
|
{
|
|
|
|
clear_tsk_thread_flag(t, TIF_SIGPENDING);
|
|
|
|
flush_sigqueue(&t->pending);
|
|
|
|
flush_sigqueue(&t->signal->shared_pending);
|
|
|
|
}
|
|
|
|
|
2006-03-29 02:11:17 +02:00
|
|
|
void flush_signals(struct task_struct *t)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
|
|
|
unsigned long flags;
|
|
|
|
|
|
|
|
spin_lock_irqsave(&t->sighand->siglock, flags);
|
2009-04-29 14:45:05 +02:00
|
|
|
__flush_signals(t);
|
2005-04-17 00:20:36 +02:00
|
|
|
spin_unlock_irqrestore(&t->sighand->siglock, flags);
|
|
|
|
}
|
|
|
|
|
2008-05-26 18:55:42 +02:00
|
|
|
static void __flush_itimer_signals(struct sigpending *pending)
|
|
|
|
{
|
|
|
|
sigset_t signal, retain;
|
|
|
|
struct sigqueue *q, *n;
|
|
|
|
|
|
|
|
signal = pending->signal;
|
|
|
|
sigemptyset(&retain);
|
|
|
|
|
|
|
|
list_for_each_entry_safe(q, n, &pending->list, list) {
|
|
|
|
int sig = q->info.si_signo;
|
|
|
|
|
|
|
|
if (likely(q->info.si_code != SI_TIMER)) {
|
|
|
|
sigaddset(&retain, sig);
|
|
|
|
} else {
|
|
|
|
sigdelset(&signal, sig);
|
|
|
|
list_del_init(&q->list);
|
|
|
|
__sigqueue_free(q);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
sigorsets(&pending->signal, &signal, &retain);
|
|
|
|
}
|
|
|
|
|
|
|
|
void flush_itimer_signals(void)
|
|
|
|
{
|
|
|
|
struct task_struct *tsk = current;
|
|
|
|
unsigned long flags;
|
|
|
|
|
|
|
|
spin_lock_irqsave(&tsk->sighand->siglock, flags);
|
|
|
|
__flush_itimer_signals(&tsk->pending);
|
|
|
|
__flush_itimer_signals(&tsk->signal->shared_pending);
|
|
|
|
spin_unlock_irqrestore(&tsk->sighand->siglock, flags);
|
|
|
|
}
|
|
|
|
|
2007-05-09 11:34:37 +02:00
|
|
|
void ignore_signals(struct task_struct *t)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
|
|
|
for (i = 0; i < _NSIG; ++i)
|
|
|
|
t->sighand->action[i].sa.sa_handler = SIG_IGN;
|
|
|
|
|
|
|
|
flush_signals(t);
|
|
|
|
}
|
|
|
|
|
2005-04-17 00:20:36 +02:00
|
|
|
/*
|
|
|
|
* Flush all handlers for a task.
|
|
|
|
*/
|
|
|
|
|
|
|
|
void
|
|
|
|
flush_signal_handlers(struct task_struct *t, int force_default)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
struct k_sigaction *ka = &t->sighand->action[0];
|
|
|
|
for (i = _NSIG ; i != 0 ; i--) {
|
|
|
|
if (force_default || ka->sa.sa_handler != SIG_IGN)
|
|
|
|
ka->sa.sa_handler = SIG_DFL;
|
|
|
|
ka->sa.sa_flags = 0;
|
|
|
|
sigemptyset(&ka->sa.sa_mask);
|
|
|
|
ka++;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2007-07-22 11:12:28 +02:00
|
|
|
int unhandled_signal(struct task_struct *tsk, int sig)
|
|
|
|
{
|
2008-07-26 04:45:52 +02:00
|
|
|
void __user *handler = tsk->sighand->action[sig-1].sa.sa_handler;
|
2007-10-19 08:39:52 +02:00
|
|
|
if (is_global_init(tsk))
|
2007-07-22 11:12:28 +02:00
|
|
|
return 1;
|
2008-07-26 04:45:52 +02:00
|
|
|
if (handler != SIG_IGN && handler != SIG_DFL)
|
2007-07-22 11:12:28 +02:00
|
|
|
return 0;
|
2009-04-03 01:58:00 +02:00
|
|
|
return !tracehook_consider_fatal_signal(tsk, sig);
|
2007-07-22 11:12:28 +02:00
|
|
|
}
|
|
|
|
|
2005-04-17 00:20:36 +02:00
|
|
|
|
|
|
|
/* Notify the system that a driver wants to block all signals for this
|
|
|
|
* process, and wants to be notified if any signals at all were to be
|
|
|
|
* sent/acted upon. If the notifier routine returns non-zero, then the
|
|
|
|
* signal will be acted upon after all. If the notifier routine returns 0,
|
|
|
|
* then then signal will be blocked. Only one block per process is
|
|
|
|
* allowed. priv is a pointer to private data that the notifier routine
|
|
|
|
* can use to determine if the signal should be blocked or not. */
|
|
|
|
|
|
|
|
void
|
|
|
|
block_all_signals(int (*notifier)(void *priv), void *priv, sigset_t *mask)
|
|
|
|
{
|
|
|
|
unsigned long flags;
|
|
|
|
|
|
|
|
spin_lock_irqsave(¤t->sighand->siglock, flags);
|
|
|
|
current->notifier_mask = mask;
|
|
|
|
current->notifier_data = priv;
|
|
|
|
current->notifier = notifier;
|
|
|
|
spin_unlock_irqrestore(¤t->sighand->siglock, flags);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Notify the system that blocking has ended. */
|
|
|
|
|
|
|
|
void
|
|
|
|
unblock_all_signals(void)
|
|
|
|
{
|
|
|
|
unsigned long flags;
|
|
|
|
|
|
|
|
spin_lock_irqsave(¤t->sighand->siglock, flags);
|
|
|
|
current->notifier = NULL;
|
|
|
|
current->notifier_data = NULL;
|
|
|
|
recalc_sigpending();
|
|
|
|
spin_unlock_irqrestore(¤t->sighand->siglock, flags);
|
|
|
|
}
|
|
|
|
|
2008-07-25 10:47:29 +02:00
|
|
|
static void collect_signal(int sig, struct sigpending *list, siginfo_t *info)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
|
|
|
struct sigqueue *q, *first = NULL;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Collect the siginfo appropriate to this signal. Check if
|
|
|
|
* there is another siginfo for the same signal.
|
|
|
|
*/
|
|
|
|
list_for_each_entry(q, &list->list, list) {
|
|
|
|
if (q->info.si_signo == sig) {
|
2008-07-25 10:47:28 +02:00
|
|
|
if (first)
|
|
|
|
goto still_pending;
|
2005-04-17 00:20:36 +02:00
|
|
|
first = q;
|
|
|
|
}
|
|
|
|
}
|
2008-07-25 10:47:28 +02:00
|
|
|
|
|
|
|
sigdelset(&list->signal, sig);
|
|
|
|
|
2005-04-17 00:20:36 +02:00
|
|
|
if (first) {
|
2008-07-25 10:47:28 +02:00
|
|
|
still_pending:
|
2005-04-17 00:20:36 +02:00
|
|
|
list_del_init(&first->list);
|
|
|
|
copy_siginfo(info, &first->info);
|
|
|
|
__sigqueue_free(first);
|
|
|
|
} else {
|
|
|
|
/* Ok, it wasn't in the queue. This must be
|
|
|
|
a fast-pathed signal or we must have been
|
|
|
|
out of queue space. So zero out the info.
|
|
|
|
*/
|
|
|
|
info->si_signo = sig;
|
|
|
|
info->si_errno = 0;
|
|
|
|
info->si_code = 0;
|
|
|
|
info->si_pid = 0;
|
|
|
|
info->si_uid = 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static int __dequeue_signal(struct sigpending *pending, sigset_t *mask,
|
|
|
|
siginfo_t *info)
|
|
|
|
{
|
2006-09-29 11:00:31 +02:00
|
|
|
int sig = next_signal(pending, mask);
|
2005-04-17 00:20:36 +02:00
|
|
|
|
|
|
|
if (sig) {
|
|
|
|
if (current->notifier) {
|
|
|
|
if (sigismember(current->notifier_mask, sig)) {
|
|
|
|
if (!(current->notifier)(current->notifier_data)) {
|
|
|
|
clear_thread_flag(TIF_SIGPENDING);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2008-07-25 10:47:29 +02:00
|
|
|
collect_signal(sig, pending, info);
|
2005-04-17 00:20:36 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
return sig;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Dequeue a signal and return the element to the caller, which is
|
|
|
|
* expected to free it.
|
|
|
|
*
|
|
|
|
* All callers have to hold the siglock.
|
|
|
|
*/
|
|
|
|
int dequeue_signal(struct task_struct *tsk, sigset_t *mask, siginfo_t *info)
|
|
|
|
{
|
2008-04-30 09:52:40 +02:00
|
|
|
int signr;
|
2007-06-12 00:16:18 +02:00
|
|
|
|
|
|
|
/* We only dequeue private signals from ourselves, we don't let
|
|
|
|
* signalfd steal them
|
|
|
|
*/
|
2007-09-20 21:40:16 +02:00
|
|
|
signr = __dequeue_signal(&tsk->pending, mask, info);
|
2007-02-16 10:28:12 +01:00
|
|
|
if (!signr) {
|
2005-04-17 00:20:36 +02:00
|
|
|
signr = __dequeue_signal(&tsk->signal->shared_pending,
|
|
|
|
mask, info);
|
2007-02-16 10:28:12 +01:00
|
|
|
/*
|
|
|
|
* itimer signal ?
|
|
|
|
*
|
|
|
|
* itimers are process shared and we restart periodic
|
|
|
|
* itimers in the signal delivery path to prevent DoS
|
|
|
|
* attacks in the high resolution timer case. This is
|
|
|
|
* compliant with the old way of self restarting
|
|
|
|
* itimers, as the SIGALRM is a legacy signal and only
|
|
|
|
* queued once. Changing the restart behaviour to
|
|
|
|
* restart the timer in the signal dequeue path is
|
|
|
|
* reducing the timer noise on heavy loaded !highres
|
|
|
|
* systems too.
|
|
|
|
*/
|
|
|
|
if (unlikely(signr == SIGALRM)) {
|
|
|
|
struct hrtimer *tmr = &tsk->signal->real_timer;
|
|
|
|
|
|
|
|
if (!hrtimer_is_queued(tmr) &&
|
|
|
|
tsk->signal->it_real_incr.tv64 != 0) {
|
|
|
|
hrtimer_forward(tmr, tmr->base->get_time(),
|
|
|
|
tsk->signal->it_real_incr);
|
|
|
|
hrtimer_restart(tmr);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2008-04-30 09:52:40 +02:00
|
|
|
|
2007-09-20 21:40:16 +02:00
|
|
|
recalc_sigpending();
|
2008-04-30 09:52:40 +02:00
|
|
|
if (!signr)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
if (unlikely(sig_kernel_stop(signr))) {
|
2007-02-16 10:28:12 +01:00
|
|
|
/*
|
|
|
|
* Set a marker that we have dequeued a stop signal. Our
|
|
|
|
* caller might release the siglock and then the pending
|
|
|
|
* stop signal it is about to process is no longer in the
|
|
|
|
* pending bitmasks, but must still be cleared by a SIGCONT
|
|
|
|
* (and overruled by a SIGKILL). So those cases clear this
|
|
|
|
* shared flag after we've set it. Note that this flag may
|
|
|
|
* remain set after the signal we return is ignored or
|
|
|
|
* handled. That doesn't matter because its only purpose
|
|
|
|
* is to alert stop-signal processing code when another
|
|
|
|
* processor has come along and cleared the flag.
|
|
|
|
*/
|
2008-07-25 10:47:30 +02:00
|
|
|
tsk->signal->flags |= SIGNAL_STOP_DEQUEUED;
|
2007-02-16 10:28:12 +01:00
|
|
|
}
|
2008-04-30 09:52:40 +02:00
|
|
|
if ((info->si_code & __SI_MASK) == __SI_TIMER && info->si_sys_private) {
|
2005-04-17 00:20:36 +02:00
|
|
|
/*
|
|
|
|
* Release the siglock to ensure proper locking order
|
|
|
|
* of timer locks outside of siglocks. Note, we leave
|
|
|
|
* irqs disabled here, since the posix-timers code is
|
|
|
|
* about to disable them again anyway.
|
|
|
|
*/
|
|
|
|
spin_unlock(&tsk->sighand->siglock);
|
|
|
|
do_schedule_next_timer(info);
|
|
|
|
spin_lock(&tsk->sighand->siglock);
|
|
|
|
}
|
|
|
|
return signr;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Tell a process that it has a new active signal..
|
|
|
|
*
|
|
|
|
* NOTE! we rely on the previous spin_lock to
|
|
|
|
* lock interrupts for us! We can only be called with
|
|
|
|
* "siglock" held, and the local interrupt must
|
|
|
|
* have been disabled when that got acquired!
|
|
|
|
*
|
|
|
|
* No need to set need_resched since signal event passing
|
|
|
|
* goes through ->blocked
|
|
|
|
*/
|
|
|
|
void signal_wake_up(struct task_struct *t, int resume)
|
|
|
|
{
|
|
|
|
unsigned int mask;
|
|
|
|
|
|
|
|
set_tsk_thread_flag(t, TIF_SIGPENDING);
|
|
|
|
|
|
|
|
/*
|
2007-12-06 17:13:16 +01:00
|
|
|
* For SIGKILL, we want to wake it up in the stopped/traced/killable
|
|
|
|
* case. We don't check t->state here because there is a race with it
|
2005-04-17 00:20:36 +02:00
|
|
|
* executing another processor and just now entering stopped state.
|
|
|
|
* By using wake_up_state, we ensure the process will wake up and
|
|
|
|
* handle its death signal.
|
|
|
|
*/
|
|
|
|
mask = TASK_INTERRUPTIBLE;
|
|
|
|
if (resume)
|
2007-12-06 17:13:16 +01:00
|
|
|
mask |= TASK_WAKEKILL;
|
2005-04-17 00:20:36 +02:00
|
|
|
if (!wake_up_state(t, mask))
|
|
|
|
kick_process(t);
|
|
|
|
}
|
|
|
|
|
2006-01-08 10:02:48 +01:00
|
|
|
/*
|
|
|
|
* Remove signals in mask from the pending set and queue.
|
|
|
|
* Returns 1 if any signals were found.
|
|
|
|
*
|
|
|
|
* All callers must be holding the siglock.
|
|
|
|
*
|
|
|
|
* This version takes a sigset mask and looks at all signals,
|
|
|
|
* not just those in the first mask word.
|
|
|
|
*/
|
|
|
|
static int rm_from_queue_full(sigset_t *mask, struct sigpending *s)
|
|
|
|
{
|
|
|
|
struct sigqueue *q, *n;
|
|
|
|
sigset_t m;
|
|
|
|
|
|
|
|
sigandsets(&m, mask, &s->signal);
|
|
|
|
if (sigisemptyset(&m))
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
signandsets(&s->signal, &s->signal, mask);
|
|
|
|
list_for_each_entry_safe(q, n, &s->list, list) {
|
|
|
|
if (sigismember(mask, q->info.si_signo)) {
|
|
|
|
list_del_init(&q->list);
|
|
|
|
__sigqueue_free(q);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return 1;
|
|
|
|
}
|
2005-04-17 00:20:36 +02:00
|
|
|
/*
|
|
|
|
* Remove signals in mask from the pending set and queue.
|
|
|
|
* Returns 1 if any signals were found.
|
|
|
|
*
|
|
|
|
* All callers must be holding the siglock.
|
|
|
|
*/
|
|
|
|
static int rm_from_queue(unsigned long mask, struct sigpending *s)
|
|
|
|
{
|
|
|
|
struct sigqueue *q, *n;
|
|
|
|
|
|
|
|
if (!sigtestsetmask(&s->signal, mask))
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
sigdelsetmask(&s->signal, mask);
|
|
|
|
list_for_each_entry_safe(q, n, &s->list, list) {
|
|
|
|
if (q->info.si_signo < SIGRTMIN &&
|
|
|
|
(mask & sigmask(q->info.si_signo))) {
|
|
|
|
list_del_init(&q->list);
|
|
|
|
__sigqueue_free(q);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Bad permissions for sending the signal
|
2008-11-14 00:39:19 +01:00
|
|
|
* - the caller must hold at least the RCU read lock
|
2005-04-17 00:20:36 +02:00
|
|
|
*/
|
|
|
|
static int check_kill_permission(int sig, struct siginfo *info,
|
|
|
|
struct task_struct *t)
|
|
|
|
{
|
2008-11-14 00:39:19 +01:00
|
|
|
const struct cred *cred = current_cred(), *tcred;
|
2008-04-30 09:53:01 +02:00
|
|
|
struct pid *sid;
|
2008-04-30 09:52:42 +02:00
|
|
|
int error;
|
|
|
|
|
2005-05-01 17:59:14 +02:00
|
|
|
if (!valid_signal(sig))
|
2008-04-30 09:52:42 +02:00
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
if (info != SEND_SIG_NOINFO && (is_si_special(info) || SI_FROMKERNEL(info)))
|
|
|
|
return 0;
|
2007-03-30 00:01:04 +02:00
|
|
|
|
2008-04-30 09:52:42 +02:00
|
|
|
error = audit_signal_info(sig, t); /* Let audit system see the signal */
|
|
|
|
if (error)
|
2005-04-17 00:20:36 +02:00
|
|
|
return error;
|
2008-04-30 09:52:42 +02:00
|
|
|
|
2008-11-14 00:39:19 +01:00
|
|
|
tcred = __task_cred(t);
|
|
|
|
if ((cred->euid ^ tcred->suid) &&
|
|
|
|
(cred->euid ^ tcred->uid) &&
|
|
|
|
(cred->uid ^ tcred->suid) &&
|
|
|
|
(cred->uid ^ tcred->uid) &&
|
2008-04-30 09:53:01 +02:00
|
|
|
!capable(CAP_KILL)) {
|
|
|
|
switch (sig) {
|
|
|
|
case SIGCONT:
|
|
|
|
sid = task_session(t);
|
|
|
|
/*
|
|
|
|
* We don't return the error if sid == NULL. The
|
|
|
|
* task was unhashed, the caller must notice this.
|
|
|
|
*/
|
|
|
|
if (!sid || sid == task_session(current))
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
return -EPERM;
|
|
|
|
}
|
|
|
|
}
|
2005-05-06 13:38:39 +02:00
|
|
|
|
2007-03-30 00:01:04 +02:00
|
|
|
return security_task_kill(t, info, sig, 0);
|
2005-04-17 00:20:36 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2008-04-30 09:52:59 +02:00
|
|
|
* Handle magic process-wide effects of stop/continue signals. Unlike
|
|
|
|
* the signal actions, these happen immediately at signal-generation
|
2005-04-17 00:20:36 +02:00
|
|
|
* time regardless of blocking, ignoring, or handling. This does the
|
|
|
|
* actual continuing for SIGCONT, but not the actual stopping for stop
|
2008-04-30 09:52:59 +02:00
|
|
|
* signals. The process stop is done as a signal action for SIG_DFL.
|
|
|
|
*
|
|
|
|
* Returns true if the signal should be actually delivered, otherwise
|
|
|
|
* it should be dropped.
|
2005-04-17 00:20:36 +02:00
|
|
|
*/
|
2009-04-03 01:58:05 +02:00
|
|
|
static int prepare_signal(int sig, struct task_struct *p, int from_ancestor_ns)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
2008-04-30 09:52:46 +02:00
|
|
|
struct signal_struct *signal = p->signal;
|
2005-04-17 00:20:36 +02:00
|
|
|
struct task_struct *t;
|
|
|
|
|
2008-04-30 09:52:59 +02:00
|
|
|
if (unlikely(signal->flags & SIGNAL_GROUP_EXIT)) {
|
2005-04-17 00:20:36 +02:00
|
|
|
/*
|
2008-04-30 09:52:59 +02:00
|
|
|
* The process is in the middle of dying, nothing to do.
|
2005-04-17 00:20:36 +02:00
|
|
|
*/
|
2008-04-30 09:52:59 +02:00
|
|
|
} else if (sig_kernel_stop(sig)) {
|
2005-04-17 00:20:36 +02:00
|
|
|
/*
|
|
|
|
* This is a stop signal. Remove SIGCONT from all queues.
|
|
|
|
*/
|
2008-04-30 09:52:46 +02:00
|
|
|
rm_from_queue(sigmask(SIGCONT), &signal->shared_pending);
|
2005-04-17 00:20:36 +02:00
|
|
|
t = p;
|
|
|
|
do {
|
|
|
|
rm_from_queue(sigmask(SIGCONT), &t->pending);
|
2008-04-30 09:52:46 +02:00
|
|
|
} while_each_thread(p, t);
|
2005-04-17 00:20:36 +02:00
|
|
|
} else if (sig == SIGCONT) {
|
2008-04-30 09:52:46 +02:00
|
|
|
unsigned int why;
|
2005-04-17 00:20:36 +02:00
|
|
|
/*
|
|
|
|
* Remove all stop signals from all queues,
|
|
|
|
* and wake all threads.
|
|
|
|
*/
|
2008-04-30 09:52:46 +02:00
|
|
|
rm_from_queue(SIG_KERNEL_STOP_MASK, &signal->shared_pending);
|
2005-04-17 00:20:36 +02:00
|
|
|
t = p;
|
|
|
|
do {
|
|
|
|
unsigned int state;
|
|
|
|
rm_from_queue(SIG_KERNEL_STOP_MASK, &t->pending);
|
|
|
|
/*
|
|
|
|
* If there is a handler for SIGCONT, we must make
|
|
|
|
* sure that no thread returns to user mode before
|
|
|
|
* we post the signal, in case it was the only
|
|
|
|
* thread eligible to run the signal handler--then
|
|
|
|
* it must not do anything between resuming and
|
|
|
|
* running the handler. With the TIF_SIGPENDING
|
|
|
|
* flag set, the thread will pause and acquire the
|
|
|
|
* siglock that we hold now and until we've queued
|
2008-04-30 09:52:46 +02:00
|
|
|
* the pending signal.
|
2005-04-17 00:20:36 +02:00
|
|
|
*
|
|
|
|
* Wake up the stopped thread _after_ setting
|
|
|
|
* TIF_SIGPENDING
|
|
|
|
*/
|
2007-12-06 17:13:16 +01:00
|
|
|
state = __TASK_STOPPED;
|
2005-04-17 00:20:36 +02:00
|
|
|
if (sig_user_defined(t, SIGCONT) && !sigismember(&t->blocked, SIGCONT)) {
|
|
|
|
set_tsk_thread_flag(t, TIF_SIGPENDING);
|
|
|
|
state |= TASK_INTERRUPTIBLE;
|
|
|
|
}
|
|
|
|
wake_up_state(t, state);
|
2008-04-30 09:52:46 +02:00
|
|
|
} while_each_thread(p, t);
|
2005-04-17 00:20:36 +02:00
|
|
|
|
2008-04-30 09:52:46 +02:00
|
|
|
/*
|
|
|
|
* Notify the parent with CLD_CONTINUED if we were stopped.
|
|
|
|
*
|
|
|
|
* If we were in the middle of a group stop, we pretend it
|
|
|
|
* was already finished, and then continued. Since SIGCHLD
|
|
|
|
* doesn't queue we report only CLD_STOPPED, as if the next
|
|
|
|
* CLD_CONTINUED was dropped.
|
|
|
|
*/
|
|
|
|
why = 0;
|
2008-04-30 09:52:46 +02:00
|
|
|
if (signal->flags & SIGNAL_STOP_STOPPED)
|
2008-04-30 09:52:46 +02:00
|
|
|
why |= SIGNAL_CLD_CONTINUED;
|
2008-04-30 09:52:46 +02:00
|
|
|
else if (signal->group_stop_count)
|
2008-04-30 09:52:46 +02:00
|
|
|
why |= SIGNAL_CLD_STOPPED;
|
|
|
|
|
|
|
|
if (why) {
|
2008-04-30 09:53:00 +02:00
|
|
|
/*
|
2009-09-24 00:56:53 +02:00
|
|
|
* The first thread which returns from do_signal_stop()
|
2008-04-30 09:53:00 +02:00
|
|
|
* will take ->siglock, notice SIGNAL_CLD_MASK, and
|
|
|
|
* notify its parent. See get_signal_to_deliver().
|
|
|
|
*/
|
2008-04-30 09:52:46 +02:00
|
|
|
signal->flags = why | SIGNAL_STOP_CONTINUED;
|
|
|
|
signal->group_stop_count = 0;
|
|
|
|
signal->group_exit_code = 0;
|
2005-04-17 00:20:36 +02:00
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* We are not stopped, but there could be a stop
|
|
|
|
* signal in the middle of being processed after
|
|
|
|
* being removed from the queue. Clear that too.
|
|
|
|
*/
|
2008-04-30 09:52:46 +02:00
|
|
|
signal->flags &= ~SIGNAL_STOP_DEQUEUED;
|
2005-04-17 00:20:36 +02:00
|
|
|
}
|
|
|
|
}
|
2008-04-30 09:52:59 +02:00
|
|
|
|
2009-04-03 01:58:05 +02:00
|
|
|
return !sig_ignored(p, sig, from_ancestor_ns);
|
2005-04-17 00:20:36 +02:00
|
|
|
}
|
|
|
|
|
2008-04-30 09:52:53 +02:00
|
|
|
/*
|
|
|
|
* Test if P wants to take SIG. After we've checked all threads with this,
|
|
|
|
* it's equivalent to finding no threads not blocking SIG. Any threads not
|
|
|
|
* blocking SIG were ruled out because they are not running and already
|
|
|
|
* have pending signals. Such threads will dequeue from the shared queue
|
|
|
|
* as soon as they're available, so putting the signal on the shared queue
|
|
|
|
* will be equivalent to sending it to one such thread.
|
|
|
|
*/
|
|
|
|
static inline int wants_signal(int sig, struct task_struct *p)
|
|
|
|
{
|
|
|
|
if (sigismember(&p->blocked, sig))
|
|
|
|
return 0;
|
|
|
|
if (p->flags & PF_EXITING)
|
|
|
|
return 0;
|
|
|
|
if (sig == SIGKILL)
|
|
|
|
return 1;
|
|
|
|
if (task_is_stopped_or_traced(p))
|
|
|
|
return 0;
|
|
|
|
return task_curr(p) || !signal_pending(p);
|
|
|
|
}
|
|
|
|
|
2008-04-30 09:52:55 +02:00
|
|
|
static void complete_signal(int sig, struct task_struct *p, int group)
|
2008-04-30 09:52:53 +02:00
|
|
|
{
|
|
|
|
struct signal_struct *signal = p->signal;
|
|
|
|
struct task_struct *t;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Now find a thread we can wake up to take the signal off the queue.
|
|
|
|
*
|
|
|
|
* If the main thread wants the signal, it gets first crack.
|
|
|
|
* Probably the least surprising to the average bear.
|
|
|
|
*/
|
|
|
|
if (wants_signal(sig, p))
|
|
|
|
t = p;
|
2008-04-30 09:52:55 +02:00
|
|
|
else if (!group || thread_group_empty(p))
|
2008-04-30 09:52:53 +02:00
|
|
|
/*
|
|
|
|
* There is just one thread and it does not need to be woken.
|
|
|
|
* It will dequeue unblocked signals before it runs again.
|
|
|
|
*/
|
|
|
|
return;
|
|
|
|
else {
|
|
|
|
/*
|
|
|
|
* Otherwise try to find a suitable thread.
|
|
|
|
*/
|
|
|
|
t = signal->curr_target;
|
|
|
|
while (!wants_signal(sig, t)) {
|
|
|
|
t = next_thread(t);
|
|
|
|
if (t == signal->curr_target)
|
|
|
|
/*
|
|
|
|
* No thread needs to be woken.
|
|
|
|
* Any eligible threads will see
|
|
|
|
* the signal in the queue soon.
|
|
|
|
*/
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
signal->curr_target = t;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Found a killable thread. If the signal will be fatal,
|
|
|
|
* then start taking the whole group down immediately.
|
|
|
|
*/
|
2008-04-30 09:53:03 +02:00
|
|
|
if (sig_fatal(p, sig) &&
|
|
|
|
!(signal->flags & (SIGNAL_UNKILLABLE | SIGNAL_GROUP_EXIT)) &&
|
2008-04-30 09:52:53 +02:00
|
|
|
!sigismember(&t->real_blocked, sig) &&
|
2008-07-26 04:45:52 +02:00
|
|
|
(sig == SIGKILL ||
|
2009-04-03 01:58:00 +02:00
|
|
|
!tracehook_consider_fatal_signal(t, sig))) {
|
2008-04-30 09:52:53 +02:00
|
|
|
/*
|
|
|
|
* This signal will be fatal to the whole group.
|
|
|
|
*/
|
|
|
|
if (!sig_kernel_coredump(sig)) {
|
|
|
|
/*
|
|
|
|
* Start a group exit and wake everybody up.
|
|
|
|
* This way we don't have other threads
|
|
|
|
* running and doing things after a slower
|
|
|
|
* thread has the fatal signal pending.
|
|
|
|
*/
|
|
|
|
signal->flags = SIGNAL_GROUP_EXIT;
|
|
|
|
signal->group_exit_code = sig;
|
|
|
|
signal->group_stop_count = 0;
|
|
|
|
t = p;
|
|
|
|
do {
|
|
|
|
sigaddset(&t->pending.signal, SIGKILL);
|
|
|
|
signal_wake_up(t, 1);
|
|
|
|
} while_each_thread(p, t);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* The signal is already in the shared-pending queue.
|
|
|
|
* Tell the chosen thread to wake up and dequeue it.
|
|
|
|
*/
|
|
|
|
signal_wake_up(t, sig == SIGKILL);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2008-04-30 09:52:34 +02:00
|
|
|
static inline int legacy_queue(struct sigpending *signals, int sig)
|
|
|
|
{
|
|
|
|
return (sig < SIGRTMIN) && sigismember(&signals->signal, sig);
|
|
|
|
}
|
|
|
|
|
2009-04-03 01:58:04 +02:00
|
|
|
static int __send_signal(int sig, struct siginfo *info, struct task_struct *t,
|
|
|
|
int group, int from_ancestor_ns)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
2008-04-30 09:52:54 +02:00
|
|
|
struct sigpending *pending;
|
2008-04-30 09:52:50 +02:00
|
|
|
struct sigqueue *q;
|
2009-05-16 11:28:33 +02:00
|
|
|
int override_rlimit;
|
2005-04-17 00:20:36 +02:00
|
|
|
|
tracing, sched: LTTng instrumentation - scheduler
Instrument the scheduler activity (sched_switch, migration, wakeups,
wait for a task, signal delivery) and process/thread
creation/destruction (fork, exit, kthread stop). Actually, kthread
creation is not instrumented in this patch because it is architecture
dependent. It allows to connect tracers such as ftrace which detects
scheduling latencies, good/bad scheduler decisions. Tools like LTTng can
export this scheduler information along with instrumentation of the rest
of the kernel activity to perform post-mortem analysis on the scheduler
activity.
About the performance impact of tracepoints (which is comparable to
markers), even without immediate values optimizations, tests done by
Hideo Aoki on ia64 show no regression. His test case was using hackbench
on a kernel where scheduler instrumentation (about 5 events in code
scheduler code) was added. See the "Tracepoints" patch header for
performance result detail.
Changelog :
- Change instrumentation location and parameter to match ftrace
instrumentation, previously done with kernel markers.
[ mingo@elte.hu: conflict resolutions ]
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@polymtl.ca>
Acked-by: 'Peter Zijlstra' <peterz@infradead.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-07-18 18:16:17 +02:00
|
|
|
trace_sched_signal_send(sig, t);
|
|
|
|
|
2008-04-30 09:52:50 +02:00
|
|
|
assert_spin_locked(&t->sighand->siglock);
|
2009-04-03 01:58:05 +02:00
|
|
|
|
|
|
|
if (!prepare_signal(sig, t, from_ancestor_ns))
|
2008-04-30 09:52:59 +02:00
|
|
|
return 0;
|
2008-04-30 09:52:54 +02:00
|
|
|
|
|
|
|
pending = group ? &t->signal->shared_pending : &t->pending;
|
2008-04-30 09:52:35 +02:00
|
|
|
/*
|
|
|
|
* Short-circuit ignored signals and support queuing
|
|
|
|
* exactly one non-rt signal, so that we can get more
|
|
|
|
* detailed information about the cause of the signal.
|
|
|
|
*/
|
2008-04-30 09:52:59 +02:00
|
|
|
if (legacy_queue(pending, sig))
|
2008-04-30 09:52:35 +02:00
|
|
|
return 0;
|
2005-04-17 00:20:36 +02:00
|
|
|
/*
|
|
|
|
* fast-pathed signals for kernel-internal things like SIGSTOP
|
|
|
|
* or SIGKILL.
|
|
|
|
*/
|
2005-10-31 00:03:44 +01:00
|
|
|
if (info == SEND_SIG_FORCED)
|
2005-04-17 00:20:36 +02:00
|
|
|
goto out_set;
|
|
|
|
|
|
|
|
/* Real-time signals must be queued if sent by sigqueue, or
|
|
|
|
some other real-time mechanism. It is implementation
|
|
|
|
defined whether kill() does so. We attempt to do so, on
|
|
|
|
the principle of least surprise, but since kill is not
|
|
|
|
allowed to fail with EAGAIN when low on memory we just
|
|
|
|
make sure at least one signal gets delivered and don't
|
|
|
|
pass on the info struct. */
|
|
|
|
|
2009-05-16 11:28:33 +02:00
|
|
|
if (sig < SIGRTMIN)
|
|
|
|
override_rlimit = (is_si_special(info) || info->si_code >= 0);
|
|
|
|
else
|
|
|
|
override_rlimit = 0;
|
|
|
|
|
|
|
|
q = __sigqueue_alloc(t, GFP_ATOMIC | __GFP_NOTRACK_FALSE_POSITIVE,
|
|
|
|
override_rlimit);
|
2005-04-17 00:20:36 +02:00
|
|
|
if (q) {
|
2008-04-30 09:52:54 +02:00
|
|
|
list_add_tail(&q->list, &pending->list);
|
2005-04-17 00:20:36 +02:00
|
|
|
switch ((unsigned long) info) {
|
2005-10-31 00:03:44 +01:00
|
|
|
case (unsigned long) SEND_SIG_NOINFO:
|
2005-04-17 00:20:36 +02:00
|
|
|
q->info.si_signo = sig;
|
|
|
|
q->info.si_errno = 0;
|
|
|
|
q->info.si_code = SI_USER;
|
2009-01-06 23:42:46 +01:00
|
|
|
q->info.si_pid = task_tgid_nr_ns(current,
|
2009-01-06 23:42:45 +01:00
|
|
|
task_active_pid_ns(t));
|
2008-11-14 00:39:12 +01:00
|
|
|
q->info.si_uid = current_uid();
|
2005-04-17 00:20:36 +02:00
|
|
|
break;
|
2005-10-31 00:03:44 +01:00
|
|
|
case (unsigned long) SEND_SIG_PRIV:
|
2005-04-17 00:20:36 +02:00
|
|
|
q->info.si_signo = sig;
|
|
|
|
q->info.si_errno = 0;
|
|
|
|
q->info.si_code = SI_KERNEL;
|
|
|
|
q->info.si_pid = 0;
|
|
|
|
q->info.si_uid = 0;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
copy_siginfo(&q->info, info);
|
2009-04-03 01:58:09 +02:00
|
|
|
if (from_ancestor_ns)
|
|
|
|
q->info.si_pid = 0;
|
2005-04-17 00:20:36 +02:00
|
|
|
break;
|
|
|
|
}
|
2005-10-31 00:03:45 +01:00
|
|
|
} else if (!is_si_special(info)) {
|
|
|
|
if (sig >= SIGRTMIN && info->si_code != SI_USER)
|
2005-04-17 00:20:36 +02:00
|
|
|
/*
|
|
|
|
* Queue overflow, abort. We may abort if the signal was rt
|
|
|
|
* and sent by user using something other than kill().
|
|
|
|
*/
|
|
|
|
return -EAGAIN;
|
|
|
|
}
|
|
|
|
|
|
|
|
out_set:
|
2008-04-30 09:53:00 +02:00
|
|
|
signalfd_notify(t, sig);
|
2008-04-30 09:52:54 +02:00
|
|
|
sigaddset(&pending->signal, sig);
|
2008-04-30 09:52:55 +02:00
|
|
|
complete_signal(sig, t, group);
|
|
|
|
return 0;
|
2005-04-17 00:20:36 +02:00
|
|
|
}
|
|
|
|
|
2009-04-03 01:58:04 +02:00
|
|
|
static int send_signal(int sig, struct siginfo *info, struct task_struct *t,
|
|
|
|
int group)
|
|
|
|
{
|
2009-04-03 01:58:05 +02:00
|
|
|
int from_ancestor_ns = 0;
|
|
|
|
|
|
|
|
#ifdef CONFIG_PID_NS
|
|
|
|
if (!is_si_special(info) && SI_FROMUSER(info) &&
|
|
|
|
task_pid_nr_ns(current, task_active_pid_ns(t)) <= 0)
|
|
|
|
from_ancestor_ns = 1;
|
|
|
|
#endif
|
|
|
|
|
|
|
|
return __send_signal(sig, info, t, group, from_ancestor_ns);
|
2009-04-03 01:58:04 +02:00
|
|
|
}
|
|
|
|
|
2007-07-16 08:40:10 +02:00
|
|
|
int print_fatal_signals;
|
|
|
|
|
|
|
|
static void print_fatal_signal(struct pt_regs *regs, int signr)
|
|
|
|
{
|
|
|
|
printk("%s/%d: potentially unexpected fatal signal %d.\n",
|
2007-10-19 08:40:40 +02:00
|
|
|
current->comm, task_pid_nr(current), signr);
|
2007-07-16 08:40:10 +02:00
|
|
|
|
2007-10-29 05:31:16 +01:00
|
|
|
#if defined(__i386__) && !defined(__arch_um__)
|
2008-01-30 13:30:56 +01:00
|
|
|
printk("code at %08lx: ", regs->ip);
|
2007-07-16 08:40:10 +02:00
|
|
|
{
|
|
|
|
int i;
|
|
|
|
for (i = 0; i < 16; i++) {
|
|
|
|
unsigned char insn;
|
|
|
|
|
2008-01-30 13:30:56 +01:00
|
|
|
__get_user(insn, (unsigned char *)(regs->ip + i));
|
2007-07-16 08:40:10 +02:00
|
|
|
printk("%02x ", insn);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
printk("\n");
|
2009-01-27 00:33:31 +01:00
|
|
|
preempt_disable();
|
2007-07-16 08:40:10 +02:00
|
|
|
show_regs(regs);
|
2009-01-27 00:33:31 +01:00
|
|
|
preempt_enable();
|
2007-07-16 08:40:10 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
static int __init setup_print_fatal_signals(char *str)
|
|
|
|
{
|
|
|
|
get_option (&str, &print_fatal_signals);
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
__setup("print-fatal-signals=", setup_print_fatal_signals);
|
2005-04-17 00:20:36 +02:00
|
|
|
|
2008-04-30 09:52:55 +02:00
|
|
|
int
|
|
|
|
__group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
|
|
|
|
{
|
|
|
|
return send_signal(sig, info, p, 1);
|
|
|
|
}
|
|
|
|
|
2005-04-17 00:20:36 +02:00
|
|
|
static int
|
|
|
|
specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t)
|
|
|
|
{
|
2008-04-30 09:52:55 +02:00
|
|
|
return send_signal(sig, info, t, 0);
|
2005-04-17 00:20:36 +02:00
|
|
|
}
|
|
|
|
|
2009-09-24 00:57:00 +02:00
|
|
|
int do_send_sig_info(int sig, struct siginfo *info, struct task_struct *p,
|
|
|
|
bool group)
|
|
|
|
{
|
|
|
|
unsigned long flags;
|
|
|
|
int ret = -ESRCH;
|
|
|
|
|
|
|
|
if (lock_task_sighand(p, &flags)) {
|
|
|
|
ret = send_signal(sig, info, p, group);
|
|
|
|
unlock_task_sighand(p, &flags);
|
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2005-04-17 00:20:36 +02:00
|
|
|
/*
|
|
|
|
* Force a signal that the process can't ignore: if necessary
|
|
|
|
* we unblock the signal and change any SIG_IGN to SIG_DFL.
|
2006-08-03 05:17:49 +02:00
|
|
|
*
|
|
|
|
* Note: If we unblock the signal, we always reset it to SIG_DFL,
|
|
|
|
* since we do not want to have a signal handler that was blocked
|
|
|
|
* be invoked when user space had explicitly blocked it.
|
|
|
|
*
|
2008-04-30 09:53:05 +02:00
|
|
|
* We don't want to have recursive SIGSEGV's etc, for example,
|
|
|
|
* that is why we also clear SIGNAL_UNKILLABLE.
|
2005-04-17 00:20:36 +02:00
|
|
|
*/
|
|
|
|
int
|
|
|
|
force_sig_info(int sig, struct siginfo *info, struct task_struct *t)
|
|
|
|
{
|
|
|
|
unsigned long int flags;
|
2006-08-03 05:17:49 +02:00
|
|
|
int ret, blocked, ignored;
|
|
|
|
struct k_sigaction *action;
|
2005-04-17 00:20:36 +02:00
|
|
|
|
|
|
|
spin_lock_irqsave(&t->sighand->siglock, flags);
|
2006-08-03 05:17:49 +02:00
|
|
|
action = &t->sighand->action[sig-1];
|
|
|
|
ignored = action->sa.sa_handler == SIG_IGN;
|
|
|
|
blocked = sigismember(&t->blocked, sig);
|
|
|
|
if (blocked || ignored) {
|
|
|
|
action->sa.sa_handler = SIG_DFL;
|
|
|
|
if (blocked) {
|
|
|
|
sigdelset(&t->blocked, sig);
|
2007-05-23 22:57:44 +02:00
|
|
|
recalc_sigpending_and_wake(t);
|
2006-08-03 05:17:49 +02:00
|
|
|
}
|
2005-04-17 00:20:36 +02:00
|
|
|
}
|
2008-04-30 09:53:05 +02:00
|
|
|
if (action->sa.sa_handler == SIG_DFL)
|
|
|
|
t->signal->flags &= ~SIGNAL_UNKILLABLE;
|
2005-04-17 00:20:36 +02:00
|
|
|
ret = specific_send_sig_info(sig, info, t);
|
|
|
|
spin_unlock_irqrestore(&t->sighand->siglock, flags);
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
force_sig_specific(int sig, struct task_struct *t)
|
|
|
|
{
|
2005-10-31 00:03:46 +01:00
|
|
|
force_sig_info(sig, SEND_SIG_FORCED, t);
|
2005-04-17 00:20:36 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Nuke all other threads in the group.
|
|
|
|
*/
|
|
|
|
void zap_other_threads(struct task_struct *p)
|
|
|
|
{
|
|
|
|
struct task_struct *t;
|
|
|
|
|
|
|
|
p->signal->group_stop_count = 0;
|
|
|
|
|
|
|
|
for (t = next_thread(p); t != p; t = next_thread(t)) {
|
|
|
|
/*
|
|
|
|
* Don't bother with already dead threads
|
|
|
|
*/
|
|
|
|
if (t->exit_state)
|
|
|
|
continue;
|
|
|
|
|
[PATCH] ptrace/coredump/exit_group deadlock
I could seldom reproduce a deadlock with a task not killable in T state
(TASK_STOPPED, not TASK_TRACED) by attaching a NPTL threaded program to
gdb, by segfaulting the task and triggering a core dump while some other
task is executing exit_group and while one task is in ptrace_attached
TASK_STOPPED state (not TASK_TRACED yet). This originated from a gdb
bugreport (the fact gdb was segfaulting the task wasn't a kernel bug), but
I just incidentally noticed the gdb bug triggered a real kernel bug as
well.
Most threads hangs in exit_mm because the core_dumping is still going, the
core dumping hangs because the stopped task doesn't exit, the stopped task
can't wakeup because it has SIGNAL_GROUP_EXIT set, hence the deadlock.
To me it seems that the problem is that the force_sig_specific(SIGKILL) in
zap_threads is a noop if the task has PF_PTRACED set (like in this case
because gdb is attached). The __ptrace_unlink does nothing because the
signal->flags is set to SIGNAL_GROUP_EXIT|SIGNAL_STOP_DEQUEUED (verified).
The above info also shows that the stopped task hit a race and got the stop
signal (presumably by the ptrace_attach, only the attach, state is still
TASK_STOPPED and gdb hangs waiting the core before it can set it to
TASK_TRACED) after one of the thread invoked the core dump (it's the core
dump that sets signal->flags to SIGNAL_GROUP_EXIT).
So beside the fact nobody would wakeup the task in __ptrace_unlink (the
state is _not_ TASK_TRACED), there's a secondary problem in the signal
handling code, where a task should ignore the ptrace-sigstops as long as
SIGNAL_GROUP_EXIT is set (or the wakeup in __ptrace_unlink path wouldn't be
enough).
So I attempted to make this patch that seems to fix the problem. There
were various ways to fix it, perhaps you prefer a different one, I just
opted to the one that looked safer to me.
I also removed the clearing of the stopped bits from the zap_other_threads
(zap_other_threads was safe unlike zap_threads). I don't like useless
code, this whole NPTL signal/ptrace thing is already unreadable enough and
full of corner cases without confusing useless code into it to make it even
less readable. And if this code is really needed, then you may want to
explain why it's not being done in the other paths that sets
SIGNAL_GROUP_EXIT at least.
Even after this patch I still wonder who serializes the read of
p->ptrace in zap_threads.
Patch is called ptrace-core_dump-exit_group-deadlock-1.
This was the trace I've got:
test T ffff81003e8118c0 0 14305 1 14311 14309 (NOTLB)
ffff810058ccdde8 0000000000000082 000001f4000037e1 ffff810000000013
00000000000000f8 ffff81003e811b00 ffff81003e8118c0 ffff810011362100
0000000000000012 ffff810017ca4180
Call Trace:<ffffffff801317ed>{try_to_wake_up+893} <ffffffff80141677>{finish_stop+87}
<ffffffff8014367f>{get_signal_to_deliver+1359} <ffffffff8010d3ad>{do_signal+157}
<ffffffff8013deee>{ptrace_check_attach+222} <ffffffff80111575>{sys_ptrace+2293}
<ffffffff80131810>{default_wake_function+0} <ffffffff80196399>{sys_ioctl+73}
<ffffffff8010dd27>{sysret_signal+28} <ffffffff8010e00f>{ptregscall_common+103}
test D ffff810011362100 0 14309 1 14305 14312 (NOTLB)
ffff810053c81cf8 0000000000000082 0000000000000286 0000000000000001
0000000000000195 ffff810011362340 ffff810011362100 ffff81002e338040
ffff810001e0ca80 0000000000000001
Call Trace:<ffffffff801317ed>{try_to_wake_up+893} <ffffffff8044677d>{wait_for_completion+173}
<ffffffff80131810>{default_wake_function+0} <ffffffff80137435>{exit_mm+149}
<ffffffff801381af>{do_exit+479} <ffffffff80138d0c>{do_group_exit+252}
<ffffffff801436db>{get_signal_to_deliver+1451} <ffffffff8010d3ad>{do_signal+157}
<ffffffff8013deee>{ptrace_check_attach+222} <ffffffff80140850>{specific_send_sig_info+2
<ffffffff8014208a>{force_sig_info+186} <ffffffff804479a0>{do_int3+112}
<ffffffff8010e308>{retint_signal+61}
test D ffff81002e338040 0 14311 1 14716 14305 (NOTLB)
ffff81005ca8dcf8 0000000000000082 0000000000000286 0000000000000001
0000000000000120 ffff81002e338280 ffff81002e338040 ffff8100481cb740
ffff810001e0ca80 0000000000000001
Call Trace:<ffffffff801317ed>{try_to_wake_up+893} <ffffffff8044677d>{wait_for_completion+173}
<ffffffff80131810>{default_wake_function+0} <ffffffff80137435>{exit_mm+149}
<ffffffff801381af>{do_exit+479} <ffffffff80142d0e>{__dequeue_signal+558}
<ffffffff80138d0c>{do_group_exit+252} <ffffffff801436db>{get_signal_to_deliver+1451}
<ffffffff8010d3ad>{do_signal+157} <ffffffff8013deee>{ptrace_check_attach+222}
<ffffffff80140850>{specific_send_sig_info+208} <ffffffff8014208a>{force_sig_info+186}
<ffffffff804479a0>{do_int3+112} <ffffffff8010e308>{retint_signal+61}
test D ffff810017ca4180 0 14312 1 14309 13882 (NOTLB)
ffff81005d15fcb8 0000000000000082 ffff81005d15fc58 ffffffff80130816
0000000000000897 ffff810017ca43c0 ffff810017ca4180 ffff81003e8118c0
0000000000000082 ffffffff801317ed
Call Trace:<ffffffff80130816>{activate_task+150} <ffffffff801317ed>{try_to_wake_up+893}
<ffffffff8044677d>{wait_for_completion+173} <ffffffff80131810>{default_wake_function+0}
<ffffffff8018cdc3>{do_coredump+819} <ffffffff80445f52>{thread_return+82}
<ffffffff801436d4>{get_signal_to_deliver+1444} <ffffffff8010d3ad>{do_signal+157}
<ffffffff8013deee>{ptrace_check_attach+222} <ffffffff80140850>{specific_send_sig_info+2
<ffffffff804472e5>{_spin_unlock_irqrestore+5} <ffffffff8014208a>{force_sig_info+186}
<ffffffff804476ff>{do_general_protection+159} <ffffffff8010e308>{retint_signal+61}
Signed-off-by: Andrea Arcangeli <andrea@suse.de>
Cc: Roland McGrath <roland@redhat.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Linus Torvalds <torvalds@osdl.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-10-31 00:02:38 +01:00
|
|
|
/* SIGKILL will be handled before any pending SIGSTOP */
|
2005-04-17 00:20:36 +02:00
|
|
|
sigaddset(&t->pending.signal, SIGKILL);
|
|
|
|
signal_wake_up(t, 1);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2006-03-29 02:11:13 +02:00
|
|
|
struct sighand_struct *lock_task_sighand(struct task_struct *tsk, unsigned long *flags)
|
|
|
|
{
|
|
|
|
struct sighand_struct *sighand;
|
|
|
|
|
2008-04-30 09:52:37 +02:00
|
|
|
rcu_read_lock();
|
2006-03-29 02:11:13 +02:00
|
|
|
for (;;) {
|
|
|
|
sighand = rcu_dereference(tsk->sighand);
|
|
|
|
if (unlikely(sighand == NULL))
|
|
|
|
break;
|
|
|
|
|
|
|
|
spin_lock_irqsave(&sighand->siglock, *flags);
|
|
|
|
if (likely(sighand == tsk->sighand))
|
|
|
|
break;
|
|
|
|
spin_unlock_irqrestore(&sighand->siglock, *flags);
|
|
|
|
}
|
2008-04-30 09:52:37 +02:00
|
|
|
rcu_read_unlock();
|
2006-03-29 02:11:13 +02:00
|
|
|
|
|
|
|
return sighand;
|
|
|
|
}
|
|
|
|
|
2008-11-14 00:39:19 +01:00
|
|
|
/*
|
|
|
|
* send signal info to all the members of a group
|
|
|
|
* - the caller must hold the RCU read lock at least
|
|
|
|
*/
|
2005-04-17 00:20:36 +02:00
|
|
|
int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
|
|
|
|
{
|
2009-09-24 00:57:00 +02:00
|
|
|
int ret = check_kill_permission(sig, info, p);
|
2006-03-29 02:11:13 +02:00
|
|
|
|
2009-09-24 00:57:00 +02:00
|
|
|
if (!ret && sig)
|
|
|
|
ret = do_send_sig_info(sig, info, p, true);
|
2005-04-17 00:20:36 +02:00
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2008-02-08 13:19:22 +01:00
|
|
|
* __kill_pgrp_info() sends a signal to a process group: this is what the tty
|
2005-04-17 00:20:36 +02:00
|
|
|
* control characters do (^C, ^Z etc)
|
2008-11-14 00:39:19 +01:00
|
|
|
* - the caller must hold at least a readlock on tasklist_lock
|
2005-04-17 00:20:36 +02:00
|
|
|
*/
|
2006-10-02 11:17:10 +02:00
|
|
|
int __kill_pgrp_info(int sig, struct siginfo *info, struct pid *pgrp)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
|
|
|
struct task_struct *p = NULL;
|
|
|
|
int retval, success;
|
|
|
|
|
|
|
|
success = 0;
|
|
|
|
retval = -ESRCH;
|
2006-10-02 11:17:10 +02:00
|
|
|
do_each_pid_task(pgrp, PIDTYPE_PGID, p) {
|
2005-04-17 00:20:36 +02:00
|
|
|
int err = group_send_sig_info(sig, info, p);
|
|
|
|
success |= !err;
|
|
|
|
retval = err;
|
2006-10-02 11:17:10 +02:00
|
|
|
} while_each_pid_task(pgrp, PIDTYPE_PGID, p);
|
2005-04-17 00:20:36 +02:00
|
|
|
return success ? 0 : retval;
|
|
|
|
}
|
|
|
|
|
2006-10-02 11:17:10 +02:00
|
|
|
int kill_pid_info(int sig, struct siginfo *info, struct pid *pid)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
2008-02-08 13:19:18 +01:00
|
|
|
int error = -ESRCH;
|
2005-04-17 00:20:36 +02:00
|
|
|
struct task_struct *p;
|
|
|
|
|
2006-01-08 10:01:37 +01:00
|
|
|
rcu_read_lock();
|
2008-02-08 13:19:18 +01:00
|
|
|
retry:
|
2006-10-02 11:17:10 +02:00
|
|
|
p = pid_task(pid, PIDTYPE_PID);
|
2008-02-08 13:19:18 +01:00
|
|
|
if (p) {
|
2005-04-17 00:20:36 +02:00
|
|
|
error = group_send_sig_info(sig, info, p);
|
2008-02-08 13:19:18 +01:00
|
|
|
if (unlikely(error == -ESRCH))
|
|
|
|
/*
|
|
|
|
* The task was unhashed in between, try again.
|
|
|
|
* If it is dead, pid_task() will return NULL,
|
|
|
|
* if we race with de_thread() it will find the
|
|
|
|
* new leader.
|
|
|
|
*/
|
|
|
|
goto retry;
|
|
|
|
}
|
2006-01-08 10:01:37 +01:00
|
|
|
rcu_read_unlock();
|
2008-04-30 09:52:45 +02:00
|
|
|
|
2005-04-17 00:20:36 +02:00
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
2007-02-09 16:11:47 +01:00
|
|
|
int
|
|
|
|
kill_proc_info(int sig, struct siginfo *info, pid_t pid)
|
2006-10-02 11:17:10 +02:00
|
|
|
{
|
|
|
|
int error;
|
|
|
|
rcu_read_lock();
|
2007-10-19 08:40:14 +02:00
|
|
|
error = kill_pid_info(sig, info, find_vpid(pid));
|
2006-10-02 11:17:10 +02:00
|
|
|
rcu_read_unlock();
|
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
2006-10-02 11:17:28 +02:00
|
|
|
/* like kill_pid_info(), but doesn't use uid/euid of "current" */
|
|
|
|
int kill_pid_info_as_uid(int sig, struct siginfo *info, struct pid *pid,
|
2006-06-30 10:55:47 +02:00
|
|
|
uid_t uid, uid_t euid, u32 secid)
|
2005-10-10 19:44:29 +02:00
|
|
|
{
|
|
|
|
int ret = -EINVAL;
|
|
|
|
struct task_struct *p;
|
2008-11-14 00:39:19 +01:00
|
|
|
const struct cred *pcred;
|
2005-10-10 19:44:29 +02:00
|
|
|
|
|
|
|
if (!valid_signal(sig))
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
read_lock(&tasklist_lock);
|
2006-10-02 11:17:28 +02:00
|
|
|
p = pid_task(pid, PIDTYPE_PID);
|
2005-10-10 19:44:29 +02:00
|
|
|
if (!p) {
|
|
|
|
ret = -ESRCH;
|
|
|
|
goto out_unlock;
|
|
|
|
}
|
2008-11-14 00:39:19 +01:00
|
|
|
pcred = __task_cred(p);
|
|
|
|
if ((info == SEND_SIG_NOINFO ||
|
|
|
|
(!is_si_special(info) && SI_FROMUSER(info))) &&
|
|
|
|
euid != pcred->suid && euid != pcred->uid &&
|
|
|
|
uid != pcred->suid && uid != pcred->uid) {
|
2005-10-10 19:44:29 +02:00
|
|
|
ret = -EPERM;
|
|
|
|
goto out_unlock;
|
|
|
|
}
|
2006-06-30 10:55:47 +02:00
|
|
|
ret = security_task_kill(p, info, sig, secid);
|
|
|
|
if (ret)
|
|
|
|
goto out_unlock;
|
2005-10-10 19:44:29 +02:00
|
|
|
if (sig && p->sighand) {
|
|
|
|
unsigned long flags;
|
|
|
|
spin_lock_irqsave(&p->sighand->siglock, flags);
|
2009-04-03 01:58:04 +02:00
|
|
|
ret = __send_signal(sig, info, p, 1, 0);
|
2005-10-10 19:44:29 +02:00
|
|
|
spin_unlock_irqrestore(&p->sighand->siglock, flags);
|
|
|
|
}
|
|
|
|
out_unlock:
|
|
|
|
read_unlock(&tasklist_lock);
|
|
|
|
return ret;
|
|
|
|
}
|
2006-10-02 11:17:28 +02:00
|
|
|
EXPORT_SYMBOL_GPL(kill_pid_info_as_uid);
|
2005-04-17 00:20:36 +02:00
|
|
|
|
|
|
|
/*
|
|
|
|
* kill_something_info() interprets pid in interesting ways just like kill(2).
|
|
|
|
*
|
|
|
|
* POSIX specifies that kill(-1,sig) is unspecified, but what we have
|
|
|
|
* is probably wrong. Should make it like BSD or SYSV.
|
|
|
|
*/
|
|
|
|
|
2008-07-25 10:47:33 +02:00
|
|
|
static int kill_something_info(int sig, struct siginfo *info, pid_t pid)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
2007-02-12 09:52:55 +01:00
|
|
|
int ret;
|
2008-02-08 13:19:22 +01:00
|
|
|
|
|
|
|
if (pid > 0) {
|
|
|
|
rcu_read_lock();
|
|
|
|
ret = kill_pid_info(sig, info, find_vpid(pid));
|
|
|
|
rcu_read_unlock();
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
read_lock(&tasklist_lock);
|
|
|
|
if (pid != -1) {
|
|
|
|
ret = __kill_pgrp_info(sig, info,
|
|
|
|
pid ? find_vpid(-pid) : task_pgrp(current));
|
|
|
|
} else {
|
2005-04-17 00:20:36 +02:00
|
|
|
int retval = 0, count = 0;
|
|
|
|
struct task_struct * p;
|
|
|
|
|
|
|
|
for_each_process(p) {
|
2008-10-29 22:01:11 +01:00
|
|
|
if (task_pid_vnr(p) > 1 &&
|
|
|
|
!same_thread_group(p, current)) {
|
2005-04-17 00:20:36 +02:00
|
|
|
int err = group_send_sig_info(sig, info, p);
|
|
|
|
++count;
|
|
|
|
if (err != -EPERM)
|
|
|
|
retval = err;
|
|
|
|
}
|
|
|
|
}
|
2007-02-12 09:52:55 +01:00
|
|
|
ret = count ? retval : -ESRCH;
|
2005-04-17 00:20:36 +02:00
|
|
|
}
|
2008-02-08 13:19:22 +01:00
|
|
|
read_unlock(&tasklist_lock);
|
|
|
|
|
2007-02-12 09:52:55 +01:00
|
|
|
return ret;
|
2005-04-17 00:20:36 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* These are for backward compatibility with the rest of the kernel source.
|
|
|
|
*/
|
|
|
|
|
|
|
|
int
|
|
|
|
send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
* Make sure legacy kernel users don't send in bad values
|
|
|
|
* (normal paths check this in check_kill_permission).
|
|
|
|
*/
|
2005-05-01 17:59:14 +02:00
|
|
|
if (!valid_signal(sig))
|
2005-04-17 00:20:36 +02:00
|
|
|
return -EINVAL;
|
|
|
|
|
2009-09-24 00:57:00 +02:00
|
|
|
return do_send_sig_info(sig, info, p, false);
|
2005-04-17 00:20:36 +02:00
|
|
|
}
|
|
|
|
|
2005-10-31 00:03:44 +01:00
|
|
|
#define __si_special(priv) \
|
|
|
|
((priv) ? SEND_SIG_PRIV : SEND_SIG_NOINFO)
|
|
|
|
|
2005-04-17 00:20:36 +02:00
|
|
|
int
|
|
|
|
send_sig(int sig, struct task_struct *p, int priv)
|
|
|
|
{
|
2005-10-31 00:03:44 +01:00
|
|
|
return send_sig_info(sig, __si_special(priv), p);
|
2005-04-17 00:20:36 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
force_sig(int sig, struct task_struct *p)
|
|
|
|
{
|
2005-10-31 00:03:44 +01:00
|
|
|
force_sig_info(sig, SEND_SIG_PRIV, p);
|
2005-04-17 00:20:36 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* When things go south during signal handling, we
|
|
|
|
* will force a SIGSEGV. And if the signal that caused
|
|
|
|
* the problem was already a SIGSEGV, we'll want to
|
|
|
|
* make sure we don't even try to deliver the signal..
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
force_sigsegv(int sig, struct task_struct *p)
|
|
|
|
{
|
|
|
|
if (sig == SIGSEGV) {
|
|
|
|
unsigned long flags;
|
|
|
|
spin_lock_irqsave(&p->sighand->siglock, flags);
|
|
|
|
p->sighand->action[sig - 1].sa.sa_handler = SIG_DFL;
|
|
|
|
spin_unlock_irqrestore(&p->sighand->siglock, flags);
|
|
|
|
}
|
|
|
|
force_sig(SIGSEGV, p);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2006-10-02 11:17:10 +02:00
|
|
|
int kill_pgrp(struct pid *pid, int sig, int priv)
|
|
|
|
{
|
2008-02-08 13:19:22 +01:00
|
|
|
int ret;
|
|
|
|
|
|
|
|
read_lock(&tasklist_lock);
|
|
|
|
ret = __kill_pgrp_info(sig, __si_special(priv), pid);
|
|
|
|
read_unlock(&tasklist_lock);
|
|
|
|
|
|
|
|
return ret;
|
2006-10-02 11:17:10 +02:00
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(kill_pgrp);
|
|
|
|
|
|
|
|
int kill_pid(struct pid *pid, int sig, int priv)
|
|
|
|
{
|
|
|
|
return kill_pid_info(sig, __si_special(priv), pid);
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(kill_pid);
|
|
|
|
|
2005-04-17 00:20:36 +02:00
|
|
|
/*
|
|
|
|
* These functions support sending signals using preallocated sigqueue
|
|
|
|
* structures. This is needed "because realtime applications cannot
|
|
|
|
* afford to lose notifications of asynchronous events, like timer
|
|
|
|
* expirations or I/O completions". In the case of Posix Timers
|
|
|
|
* we allocate the sigqueue structure from the timer_create. If this
|
|
|
|
* allocation fails we are able to report the failure to the application
|
|
|
|
* with an EAGAIN error.
|
|
|
|
*/
|
|
|
|
|
|
|
|
struct sigqueue *sigqueue_alloc(void)
|
|
|
|
{
|
|
|
|
struct sigqueue *q;
|
|
|
|
|
|
|
|
if ((q = __sigqueue_alloc(current, GFP_KERNEL, 0)))
|
|
|
|
q->flags |= SIGQUEUE_PREALLOC;
|
|
|
|
return(q);
|
|
|
|
}
|
|
|
|
|
|
|
|
void sigqueue_free(struct sigqueue *q)
|
|
|
|
{
|
|
|
|
unsigned long flags;
|
2007-08-31 08:56:35 +02:00
|
|
|
spinlock_t *lock = ¤t->sighand->siglock;
|
|
|
|
|
2005-04-17 00:20:36 +02:00
|
|
|
BUG_ON(!(q->flags & SIGQUEUE_PREALLOC));
|
|
|
|
/*
|
2008-05-26 18:55:42 +02:00
|
|
|
* We must hold ->siglock while testing q->list
|
|
|
|
* to serialize with collect_signal() or with
|
2008-05-23 22:04:41 +02:00
|
|
|
* __exit_signal()->flush_sigqueue().
|
2005-04-17 00:20:36 +02:00
|
|
|
*/
|
2007-08-31 08:56:35 +02:00
|
|
|
spin_lock_irqsave(lock, flags);
|
2008-05-26 18:55:42 +02:00
|
|
|
q->flags &= ~SIGQUEUE_PREALLOC;
|
|
|
|
/*
|
|
|
|
* If it is queued it will be freed when dequeued,
|
|
|
|
* like the "regular" sigqueue.
|
|
|
|
*/
|
2007-08-31 08:56:35 +02:00
|
|
|
if (!list_empty(&q->list))
|
2008-05-26 18:55:42 +02:00
|
|
|
q = NULL;
|
2007-08-31 08:56:35 +02:00
|
|
|
spin_unlock_irqrestore(lock, flags);
|
|
|
|
|
2008-05-26 18:55:42 +02:00
|
|
|
if (q)
|
|
|
|
__sigqueue_free(q);
|
2005-04-17 00:20:36 +02:00
|
|
|
}
|
|
|
|
|
2008-04-30 09:52:57 +02:00
|
|
|
int send_sigqueue(struct sigqueue *q, struct task_struct *t, int group)
|
2008-04-30 09:52:41 +02:00
|
|
|
{
|
2008-04-30 09:52:56 +02:00
|
|
|
int sig = q->info.si_signo;
|
2008-04-30 09:52:54 +02:00
|
|
|
struct sigpending *pending;
|
2008-04-30 09:52:56 +02:00
|
|
|
unsigned long flags;
|
|
|
|
int ret;
|
2008-04-30 09:52:54 +02:00
|
|
|
|
2008-04-30 09:52:55 +02:00
|
|
|
BUG_ON(!(q->flags & SIGQUEUE_PREALLOC));
|
2008-04-30 09:52:56 +02:00
|
|
|
|
|
|
|
ret = -1;
|
|
|
|
if (!likely(lock_task_sighand(t, &flags)))
|
|
|
|
goto ret;
|
|
|
|
|
2008-04-30 09:52:59 +02:00
|
|
|
ret = 1; /* the signal is ignored */
|
2009-04-03 01:58:05 +02:00
|
|
|
if (!prepare_signal(sig, t, 0))
|
2008-04-30 09:52:56 +02:00
|
|
|
goto out;
|
|
|
|
|
|
|
|
ret = 0;
|
2008-04-30 09:52:41 +02:00
|
|
|
if (unlikely(!list_empty(&q->list))) {
|
|
|
|
/*
|
|
|
|
* If an SI_TIMER entry is already queue just increment
|
|
|
|
* the overrun count.
|
|
|
|
*/
|
|
|
|
BUG_ON(q->info.si_code != SI_TIMER);
|
|
|
|
q->info.si_overrun++;
|
2008-04-30 09:52:56 +02:00
|
|
|
goto out;
|
2008-04-30 09:52:41 +02:00
|
|
|
}
|
posix-timers: fix posix_timer_event() vs dequeue_signal() race
The bug was reported and analysed by Mark McLoughlin <markmc@redhat.com>,
the patch is based on his and Roland's suggestions.
posix_timer_event() always rewrites the pre-allocated siginfo before sending
the signal. Most of the written info is the same all the time, but memset(0)
is very wrong. If ->sigq is queued we can race with collect_signal() which
can fail to find this siginfo looking at .si_signo, or copy_siginfo() can
copy the wrong .si_code/si_tid/etc.
In short, sys_timer_settime() can in fact stop the active timer, or the user
can receive the siginfo with the wrong .si_xxx values.
Move "memset(->info, 0)" from posix_timer_event() to alloc_posix_timer(),
change send_sigqueue() to set .si_overrun = 0 when ->sigq is not queued.
It would be nice to move the whole sigq->info initialization from send to
create path, but this is not easy to do without uglifying timer_create()
further.
As Roland rightly pointed out, we need more cleanups/fixes here, see the
"FIXME" comment in the patch. Hopefully this patch makes sense anyway, and
it can mask the most bad implications.
Reported-by: Mark McLoughlin <markmc@redhat.com>
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Mark McLoughlin <markmc@redhat.com>
Cc: Oliver Pinter <oliver.pntr@gmail.com>
Cc: Roland McGrath <roland@redhat.com>
Cc: stable@kernel.org
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
kernel/posix-timers.c | 17 +++++++++++++----
kernel/signal.c | 1 +
2 files changed, 14 insertions(+), 4 deletions(-)
2008-07-23 18:52:05 +02:00
|
|
|
q->info.si_overrun = 0;
|
2008-04-30 09:52:41 +02:00
|
|
|
|
|
|
|
signalfd_notify(t, sig);
|
2008-04-30 09:52:54 +02:00
|
|
|
pending = group ? &t->signal->shared_pending : &t->pending;
|
2008-04-30 09:52:41 +02:00
|
|
|
list_add_tail(&q->list, &pending->list);
|
|
|
|
sigaddset(&pending->signal, sig);
|
2008-04-30 09:52:55 +02:00
|
|
|
complete_signal(sig, t, group);
|
2008-04-30 09:52:56 +02:00
|
|
|
out:
|
|
|
|
unlock_task_sighand(t, &flags);
|
|
|
|
ret:
|
|
|
|
return ret;
|
2008-04-30 09:52:41 +02:00
|
|
|
}
|
|
|
|
|
2005-04-17 00:20:36 +02:00
|
|
|
/*
|
|
|
|
* Let a parent know about the death of a child.
|
|
|
|
* For a stopped/continued status change, use do_notify_parent_cldstop instead.
|
2008-07-26 04:45:54 +02:00
|
|
|
*
|
|
|
|
* Returns -1 if our parent ignored us and so we've switched to
|
|
|
|
* self-reaping, or else @sig.
|
2005-04-17 00:20:36 +02:00
|
|
|
*/
|
2008-07-26 04:45:54 +02:00
|
|
|
int do_notify_parent(struct task_struct *tsk, int sig)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
|
|
|
struct siginfo info;
|
|
|
|
unsigned long flags;
|
|
|
|
struct sighand_struct *psig;
|
2008-08-20 05:37:07 +02:00
|
|
|
int ret = sig;
|
2005-04-17 00:20:36 +02:00
|
|
|
|
|
|
|
BUG_ON(sig == -1);
|
|
|
|
|
|
|
|
/* do_notify_parent_cldstop should have been called instead. */
|
2007-12-06 17:07:35 +01:00
|
|
|
BUG_ON(task_is_stopped_or_traced(tsk));
|
2005-04-17 00:20:36 +02:00
|
|
|
|
2009-06-18 01:27:30 +02:00
|
|
|
BUG_ON(!task_ptrace(tsk) &&
|
2005-04-17 00:20:36 +02:00
|
|
|
(tsk->group_leader != tsk || !thread_group_empty(tsk)));
|
|
|
|
|
|
|
|
info.si_signo = sig;
|
|
|
|
info.si_errno = 0;
|
2007-10-19 08:40:14 +02:00
|
|
|
/*
|
|
|
|
* we are under tasklist_lock here so our parent is tied to
|
|
|
|
* us and cannot exit and release its namespace.
|
|
|
|
*
|
|
|
|
* the only it can is to switch its nsproxy with sys_unshare,
|
|
|
|
* bu uncharing pid namespaces is not allowed, so we'll always
|
|
|
|
* see relevant namespace
|
|
|
|
*
|
|
|
|
* write_lock() currently calls preempt_disable() which is the
|
|
|
|
* same as rcu_read_lock(), but according to Oleg, this is not
|
|
|
|
* correct to rely on this
|
|
|
|
*/
|
|
|
|
rcu_read_lock();
|
|
|
|
info.si_pid = task_pid_nr_ns(tsk, tsk->parent->nsproxy->pid_ns);
|
2008-11-14 00:39:19 +01:00
|
|
|
info.si_uid = __task_cred(tsk)->uid;
|
2007-10-19 08:40:14 +02:00
|
|
|
rcu_read_unlock();
|
|
|
|
|
2009-02-05 12:24:15 +01:00
|
|
|
info.si_utime = cputime_to_clock_t(cputime_add(tsk->utime,
|
|
|
|
tsk->signal->utime));
|
|
|
|
info.si_stime = cputime_to_clock_t(cputime_add(tsk->stime,
|
|
|
|
tsk->signal->stime));
|
2005-04-17 00:20:36 +02:00
|
|
|
|
|
|
|
info.si_status = tsk->exit_code & 0x7f;
|
|
|
|
if (tsk->exit_code & 0x80)
|
|
|
|
info.si_code = CLD_DUMPED;
|
|
|
|
else if (tsk->exit_code & 0x7f)
|
|
|
|
info.si_code = CLD_KILLED;
|
|
|
|
else {
|
|
|
|
info.si_code = CLD_EXITED;
|
|
|
|
info.si_status = tsk->exit_code >> 8;
|
|
|
|
}
|
|
|
|
|
|
|
|
psig = tsk->parent->sighand;
|
|
|
|
spin_lock_irqsave(&psig->siglock, flags);
|
2009-06-18 01:27:30 +02:00
|
|
|
if (!task_ptrace(tsk) && sig == SIGCHLD &&
|
2005-04-17 00:20:36 +02:00
|
|
|
(psig->action[SIGCHLD-1].sa.sa_handler == SIG_IGN ||
|
|
|
|
(psig->action[SIGCHLD-1].sa.sa_flags & SA_NOCLDWAIT))) {
|
|
|
|
/*
|
|
|
|
* We are exiting and our parent doesn't care. POSIX.1
|
|
|
|
* defines special semantics for setting SIGCHLD to SIG_IGN
|
|
|
|
* or setting the SA_NOCLDWAIT flag: we should be reaped
|
|
|
|
* automatically and not left for our parent's wait4 call.
|
|
|
|
* Rather than having the parent do it as a magic kind of
|
|
|
|
* signal handler, we just set this to tell do_exit that we
|
|
|
|
* can be cleaned up without becoming a zombie. Note that
|
|
|
|
* we still call __wake_up_parent in this case, because a
|
|
|
|
* blocked sys_wait4 might now return -ECHILD.
|
|
|
|
*
|
|
|
|
* Whether we send SIGCHLD or not for SA_NOCLDWAIT
|
|
|
|
* is implementation-defined: we do (if you don't want
|
|
|
|
* it, just use SIG_IGN instead).
|
|
|
|
*/
|
2008-08-20 05:37:07 +02:00
|
|
|
ret = tsk->exit_signal = -1;
|
2005-04-17 00:20:36 +02:00
|
|
|
if (psig->action[SIGCHLD-1].sa.sa_handler == SIG_IGN)
|
2008-07-26 04:45:54 +02:00
|
|
|
sig = -1;
|
2005-04-17 00:20:36 +02:00
|
|
|
}
|
2005-05-01 17:59:14 +02:00
|
|
|
if (valid_signal(sig) && sig > 0)
|
2005-04-17 00:20:36 +02:00
|
|
|
__group_send_sig_info(sig, &info, tsk->parent);
|
|
|
|
__wake_up_parent(tsk, tsk->parent);
|
|
|
|
spin_unlock_irqrestore(&psig->siglock, flags);
|
2008-07-26 04:45:54 +02:00
|
|
|
|
2008-08-20 05:37:07 +02:00
|
|
|
return ret;
|
2005-04-17 00:20:36 +02:00
|
|
|
}
|
|
|
|
|
2006-03-29 02:11:29 +02:00
|
|
|
static void do_notify_parent_cldstop(struct task_struct *tsk, int why)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
|
|
|
struct siginfo info;
|
|
|
|
unsigned long flags;
|
2005-09-07 00:17:32 +02:00
|
|
|
struct task_struct *parent;
|
2005-04-17 00:20:36 +02:00
|
|
|
struct sighand_struct *sighand;
|
|
|
|
|
2009-06-18 01:27:30 +02:00
|
|
|
if (task_ptrace(tsk))
|
2005-09-07 00:17:32 +02:00
|
|
|
parent = tsk->parent;
|
|
|
|
else {
|
|
|
|
tsk = tsk->group_leader;
|
|
|
|
parent = tsk->real_parent;
|
|
|
|
}
|
|
|
|
|
2005-04-17 00:20:36 +02:00
|
|
|
info.si_signo = SIGCHLD;
|
|
|
|
info.si_errno = 0;
|
2007-10-19 08:40:14 +02:00
|
|
|
/*
|
|
|
|
* see comment in do_notify_parent() abot the following 3 lines
|
|
|
|
*/
|
|
|
|
rcu_read_lock();
|
2009-06-18 01:27:35 +02:00
|
|
|
info.si_pid = task_pid_nr_ns(tsk, parent->nsproxy->pid_ns);
|
2008-11-14 00:39:19 +01:00
|
|
|
info.si_uid = __task_cred(tsk)->uid;
|
2007-10-19 08:40:14 +02:00
|
|
|
rcu_read_unlock();
|
|
|
|
|
2008-07-25 10:47:32 +02:00
|
|
|
info.si_utime = cputime_to_clock_t(tsk->utime);
|
|
|
|
info.si_stime = cputime_to_clock_t(tsk->stime);
|
2005-04-17 00:20:36 +02:00
|
|
|
|
|
|
|
info.si_code = why;
|
|
|
|
switch (why) {
|
|
|
|
case CLD_CONTINUED:
|
|
|
|
info.si_status = SIGCONT;
|
|
|
|
break;
|
|
|
|
case CLD_STOPPED:
|
|
|
|
info.si_status = tsk->signal->group_exit_code & 0x7f;
|
|
|
|
break;
|
|
|
|
case CLD_TRAPPED:
|
|
|
|
info.si_status = tsk->exit_code & 0x7f;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
BUG();
|
|
|
|
}
|
|
|
|
|
|
|
|
sighand = parent->sighand;
|
|
|
|
spin_lock_irqsave(&sighand->siglock, flags);
|
|
|
|
if (sighand->action[SIGCHLD-1].sa.sa_handler != SIG_IGN &&
|
|
|
|
!(sighand->action[SIGCHLD-1].sa.sa_flags & SA_NOCLDSTOP))
|
|
|
|
__group_send_sig_info(SIGCHLD, &info, parent);
|
|
|
|
/*
|
|
|
|
* Even if SIGCHLD is not generated, we must wake up wait4 calls.
|
|
|
|
*/
|
|
|
|
__wake_up_parent(tsk, parent);
|
|
|
|
spin_unlock_irqrestore(&sighand->siglock, flags);
|
|
|
|
}
|
|
|
|
|
2006-06-26 09:26:07 +02:00
|
|
|
static inline int may_ptrace_stop(void)
|
|
|
|
{
|
2009-06-18 01:27:30 +02:00
|
|
|
if (!likely(task_ptrace(current)))
|
2006-06-26 09:26:07 +02:00
|
|
|
return 0;
|
|
|
|
/*
|
|
|
|
* Are we in the middle of do_coredump?
|
|
|
|
* If so and our tracer is also part of the coredump stopping
|
|
|
|
* is a deadlock situation, and pointless because our tracer
|
|
|
|
* is dead so don't allow us to stop.
|
|
|
|
* If SIGKILL was already sent before the caller unlocked
|
2008-07-25 10:47:41 +02:00
|
|
|
* ->siglock we must see ->core_state != NULL. Otherwise it
|
2006-06-26 09:26:07 +02:00
|
|
|
* is safe to enter schedule().
|
|
|
|
*/
|
2008-07-25 10:47:41 +02:00
|
|
|
if (unlikely(current->mm->core_state) &&
|
2006-06-26 09:26:07 +02:00
|
|
|
unlikely(current->mm == current->parent->mm))
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2008-02-06 10:37:37 +01:00
|
|
|
/*
|
|
|
|
* Return nonzero if there is a SIGKILL that should be waking us up.
|
|
|
|
* Called with the siglock held.
|
|
|
|
*/
|
|
|
|
static int sigkill_pending(struct task_struct *tsk)
|
|
|
|
{
|
2008-07-25 10:47:37 +02:00
|
|
|
return sigismember(&tsk->pending.signal, SIGKILL) ||
|
|
|
|
sigismember(&tsk->signal->shared_pending.signal, SIGKILL);
|
2008-02-06 10:37:37 +01:00
|
|
|
}
|
|
|
|
|
2005-04-17 00:20:36 +02:00
|
|
|
/*
|
|
|
|
* This must be called with current->sighand->siglock held.
|
|
|
|
*
|
|
|
|
* This should be the path for all ptrace stops.
|
|
|
|
* We always set current->last_siginfo while stopped here.
|
|
|
|
* That makes it a way to test a stopped process for
|
|
|
|
* being ptrace-stopped vs being job-control-stopped.
|
|
|
|
*
|
2008-02-08 13:19:03 +01:00
|
|
|
* If we actually decide not to stop at all because the tracer
|
|
|
|
* is gone, we keep current->exit_code unless clear_code.
|
2005-04-17 00:20:36 +02:00
|
|
|
*/
|
2008-02-08 13:19:03 +01:00
|
|
|
static void ptrace_stop(int exit_code, int clear_code, siginfo_t *info)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
2008-02-06 10:37:37 +01:00
|
|
|
if (arch_ptrace_stop_needed(exit_code, info)) {
|
|
|
|
/*
|
|
|
|
* The arch code has something special to do before a
|
|
|
|
* ptrace stop. This is allowed to block, e.g. for faults
|
|
|
|
* on user stack pages. We can't keep the siglock while
|
|
|
|
* calling arch_ptrace_stop, so we must release it now.
|
|
|
|
* To preserve proper semantics, we must do this before
|
|
|
|
* any signal bookkeeping like checking group_stop_count.
|
|
|
|
* Meanwhile, a SIGKILL could come in before we retake the
|
|
|
|
* siglock. That must prevent us from sleeping in TASK_TRACED.
|
|
|
|
* So after regaining the lock, we must check for SIGKILL.
|
|
|
|
*/
|
|
|
|
spin_unlock_irq(¤t->sighand->siglock);
|
|
|
|
arch_ptrace_stop(exit_code, info);
|
|
|
|
spin_lock_irq(¤t->sighand->siglock);
|
2008-07-25 10:47:37 +02:00
|
|
|
if (sigkill_pending(current))
|
|
|
|
return;
|
2008-02-06 10:37:37 +01:00
|
|
|
}
|
|
|
|
|
2005-04-17 00:20:36 +02:00
|
|
|
/*
|
|
|
|
* If there is a group stop in progress,
|
|
|
|
* we must participate in the bookkeeping.
|
|
|
|
*/
|
|
|
|
if (current->signal->group_stop_count > 0)
|
|
|
|
--current->signal->group_stop_count;
|
|
|
|
|
|
|
|
current->last_siginfo = info;
|
|
|
|
current->exit_code = exit_code;
|
|
|
|
|
|
|
|
/* Let the debugger run. */
|
2008-02-06 10:36:13 +01:00
|
|
|
__set_current_state(TASK_TRACED);
|
2005-04-17 00:20:36 +02:00
|
|
|
spin_unlock_irq(¤t->sighand->siglock);
|
|
|
|
read_lock(&tasklist_lock);
|
2008-07-25 10:47:37 +02:00
|
|
|
if (may_ptrace_stop()) {
|
2006-03-29 02:11:29 +02:00
|
|
|
do_notify_parent_cldstop(current, CLD_TRAPPED);
|
2009-03-23 16:07:24 +01:00
|
|
|
/*
|
|
|
|
* Don't want to allow preemption here, because
|
|
|
|
* sys_ptrace() needs this task to be inactive.
|
|
|
|
*
|
|
|
|
* XXX: implement read_unlock_no_resched().
|
|
|
|
*/
|
|
|
|
preempt_disable();
|
2005-04-17 00:20:36 +02:00
|
|
|
read_unlock(&tasklist_lock);
|
2009-03-23 16:07:24 +01:00
|
|
|
preempt_enable_no_resched();
|
2005-04-17 00:20:36 +02:00
|
|
|
schedule();
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* By the time we got the lock, our tracer went away.
|
2008-02-08 13:19:00 +01:00
|
|
|
* Don't drop the lock yet, another tracer may come.
|
2005-04-17 00:20:36 +02:00
|
|
|
*/
|
2008-02-08 13:19:00 +01:00
|
|
|
__set_current_state(TASK_RUNNING);
|
2008-02-08 13:19:03 +01:00
|
|
|
if (clear_code)
|
|
|
|
current->exit_code = 0;
|
2008-02-08 13:19:00 +01:00
|
|
|
read_unlock(&tasklist_lock);
|
2005-04-17 00:20:36 +02:00
|
|
|
}
|
|
|
|
|
2008-03-04 05:22:05 +01:00
|
|
|
/*
|
|
|
|
* While in TASK_TRACED, we were considered "frozen enough".
|
|
|
|
* Now that we woke up, it's crucial if we're supposed to be
|
|
|
|
* frozen that we freeze now before running anything substantial.
|
|
|
|
*/
|
|
|
|
try_to_freeze();
|
|
|
|
|
2005-04-17 00:20:36 +02:00
|
|
|
/*
|
|
|
|
* We are back. Now reacquire the siglock before touching
|
|
|
|
* last_siginfo, so that we are sure to have synchronized with
|
|
|
|
* any signal-sending on another CPU that wants to examine it.
|
|
|
|
*/
|
|
|
|
spin_lock_irq(¤t->sighand->siglock);
|
|
|
|
current->last_siginfo = NULL;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Queued signals ignored us while we were stopped for tracing.
|
|
|
|
* So check for any that we should take before resuming user mode.
|
2007-06-06 12:59:00 +02:00
|
|
|
* This sets TIF_SIGPENDING, but never clears it.
|
2005-04-17 00:20:36 +02:00
|
|
|
*/
|
2007-06-06 12:59:00 +02:00
|
|
|
recalc_sigpending_tsk(current);
|
2005-04-17 00:20:36 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
void ptrace_notify(int exit_code)
|
|
|
|
{
|
|
|
|
siginfo_t info;
|
|
|
|
|
|
|
|
BUG_ON((exit_code & (0x7f | ~0xffff)) != SIGTRAP);
|
|
|
|
|
|
|
|
memset(&info, 0, sizeof info);
|
|
|
|
info.si_signo = SIGTRAP;
|
|
|
|
info.si_code = exit_code;
|
2007-10-19 08:40:14 +02:00
|
|
|
info.si_pid = task_pid_vnr(current);
|
2008-11-14 00:39:12 +01:00
|
|
|
info.si_uid = current_uid();
|
2005-04-17 00:20:36 +02:00
|
|
|
|
|
|
|
/* Let the debugger run. */
|
|
|
|
spin_lock_irq(¤t->sighand->siglock);
|
2008-02-08 13:19:03 +01:00
|
|
|
ptrace_stop(exit_code, 1, &info);
|
2005-04-17 00:20:36 +02:00
|
|
|
spin_unlock_irq(¤t->sighand->siglock);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* This performs the stopping for SIGSTOP and other stop signals.
|
|
|
|
* We have to stop all threads in the thread group.
|
|
|
|
* Returns nonzero if we've actually stopped and released the siglock.
|
|
|
|
* Returns zero if we didn't stop and still hold the siglock.
|
|
|
|
*/
|
2006-03-29 02:11:22 +02:00
|
|
|
static int do_signal_stop(int signr)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
|
|
|
struct signal_struct *sig = current->signal;
|
2009-09-24 00:56:53 +02:00
|
|
|
int notify;
|
2005-04-17 00:20:36 +02:00
|
|
|
|
2009-09-24 00:56:53 +02:00
|
|
|
if (!sig->group_stop_count) {
|
2008-02-05 07:27:24 +01:00
|
|
|
struct task_struct *t;
|
|
|
|
|
2008-07-25 10:47:31 +02:00
|
|
|
if (!likely(sig->flags & SIGNAL_STOP_DEQUEUED) ||
|
2008-04-30 09:52:36 +02:00
|
|
|
unlikely(signal_group_exit(sig)))
|
2008-02-05 07:27:24 +01:00
|
|
|
return 0;
|
2005-04-17 00:20:36 +02:00
|
|
|
/*
|
|
|
|
* There is no group stop already in progress.
|
2006-03-29 02:11:22 +02:00
|
|
|
* We must initiate one now.
|
2005-04-17 00:20:36 +02:00
|
|
|
*/
|
2006-03-29 02:11:22 +02:00
|
|
|
sig->group_exit_code = signr;
|
2005-04-17 00:20:36 +02:00
|
|
|
|
2009-09-24 00:56:53 +02:00
|
|
|
sig->group_stop_count = 1;
|
2006-03-29 02:11:22 +02:00
|
|
|
for (t = next_thread(current); t != current; t = next_thread(t))
|
2005-04-17 00:20:36 +02:00
|
|
|
/*
|
2006-03-29 02:11:22 +02:00
|
|
|
* Setting state to TASK_STOPPED for a group
|
|
|
|
* stop is always done with the siglock held,
|
|
|
|
* so this check has no races.
|
2005-04-17 00:20:36 +02:00
|
|
|
*/
|
2008-02-08 13:19:12 +01:00
|
|
|
if (!(t->flags & PF_EXITING) &&
|
2007-12-06 17:07:35 +01:00
|
|
|
!task_is_stopped_or_traced(t)) {
|
2009-09-24 00:56:53 +02:00
|
|
|
sig->group_stop_count++;
|
2006-03-29 02:11:22 +02:00
|
|
|
signal_wake_up(t, 0);
|
|
|
|
}
|
2005-04-17 00:20:36 +02:00
|
|
|
}
|
2009-09-24 00:56:53 +02:00
|
|
|
/*
|
|
|
|
* If there are no other threads in the group, or if there is
|
|
|
|
* a group stop in progress and we are the last to stop, report
|
|
|
|
* to the parent. When ptraced, every thread reports itself.
|
|
|
|
*/
|
|
|
|
notify = sig->group_stop_count == 1 ? CLD_STOPPED : 0;
|
|
|
|
notify = tracehook_notify_jctl(notify, CLD_STOPPED);
|
|
|
|
/*
|
|
|
|
* tracehook_notify_jctl() can drop and reacquire siglock, so
|
|
|
|
* we keep ->group_stop_count != 0 before the call. If SIGCONT
|
|
|
|
* or SIGKILL comes in between ->group_stop_count == 0.
|
|
|
|
*/
|
|
|
|
if (sig->group_stop_count) {
|
|
|
|
if (!--sig->group_stop_count)
|
|
|
|
sig->flags = SIGNAL_STOP_STOPPED;
|
|
|
|
current->exit_code = sig->group_exit_code;
|
|
|
|
__set_current_state(TASK_STOPPED);
|
|
|
|
}
|
|
|
|
spin_unlock_irq(¤t->sighand->siglock);
|
2005-04-17 00:20:36 +02:00
|
|
|
|
2009-09-24 00:56:53 +02:00
|
|
|
if (notify) {
|
|
|
|
read_lock(&tasklist_lock);
|
|
|
|
do_notify_parent_cldstop(current, notify);
|
|
|
|
read_unlock(&tasklist_lock);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Now we don't run again until woken by SIGCONT or SIGKILL */
|
|
|
|
do {
|
|
|
|
schedule();
|
|
|
|
} while (try_to_freeze());
|
|
|
|
|
|
|
|
tracehook_finish_jctl();
|
|
|
|
current->exit_code = 0;
|
2006-03-29 02:11:28 +02:00
|
|
|
|
2005-04-17 00:20:36 +02:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2008-04-18 03:44:38 +02:00
|
|
|
static int ptrace_signal(int signr, siginfo_t *info,
|
|
|
|
struct pt_regs *regs, void *cookie)
|
|
|
|
{
|
2009-06-18 01:27:30 +02:00
|
|
|
if (!task_ptrace(current))
|
2008-04-18 03:44:38 +02:00
|
|
|
return signr;
|
|
|
|
|
|
|
|
ptrace_signal_deliver(regs, cookie);
|
|
|
|
|
|
|
|
/* Let the debugger run. */
|
|
|
|
ptrace_stop(signr, 0, info);
|
|
|
|
|
|
|
|
/* We're back. Did the debugger cancel the sig? */
|
|
|
|
signr = current->exit_code;
|
|
|
|
if (signr == 0)
|
|
|
|
return signr;
|
|
|
|
|
|
|
|
current->exit_code = 0;
|
|
|
|
|
|
|
|
/* Update the siginfo structure if the signal has
|
|
|
|
changed. If the debugger wanted something
|
|
|
|
specific in the siginfo structure then it should
|
|
|
|
have updated *info via PTRACE_SETSIGINFO. */
|
|
|
|
if (signr != info->si_signo) {
|
|
|
|
info->si_signo = signr;
|
|
|
|
info->si_errno = 0;
|
|
|
|
info->si_code = SI_USER;
|
|
|
|
info->si_pid = task_pid_vnr(current->parent);
|
2008-11-14 00:39:19 +01:00
|
|
|
info->si_uid = task_uid(current->parent);
|
2008-04-18 03:44:38 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/* If the (new) signal is now blocked, requeue it. */
|
|
|
|
if (sigismember(¤t->blocked, signr)) {
|
|
|
|
specific_send_sig_info(signr, info, current);
|
|
|
|
signr = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
return signr;
|
|
|
|
}
|
|
|
|
|
2005-04-17 00:20:36 +02:00
|
|
|
int get_signal_to_deliver(siginfo_t *info, struct k_sigaction *return_ka,
|
|
|
|
struct pt_regs *regs, void *cookie)
|
|
|
|
{
|
2008-04-30 09:52:47 +02:00
|
|
|
struct sighand_struct *sighand = current->sighand;
|
|
|
|
struct signal_struct *signal = current->signal;
|
|
|
|
int signr;
|
2005-04-17 00:20:36 +02:00
|
|
|
|
2008-03-04 05:22:05 +01:00
|
|
|
relock:
|
|
|
|
/*
|
|
|
|
* We'll jump back here after any time we were stopped in TASK_STOPPED.
|
|
|
|
* While in TASK_STOPPED, we were considered "frozen enough".
|
|
|
|
* Now that we woke up, it's crucial if we're supposed to be
|
|
|
|
* frozen that we freeze now before running anything substantial.
|
|
|
|
*/
|
2006-03-23 12:00:05 +01:00
|
|
|
try_to_freeze();
|
|
|
|
|
2008-04-30 09:52:47 +02:00
|
|
|
spin_lock_irq(&sighand->siglock);
|
2008-04-30 09:53:00 +02:00
|
|
|
/*
|
|
|
|
* Every stopped thread goes here after wakeup. Check to see if
|
|
|
|
* we should notify the parent, prepare_signal(SIGCONT) encodes
|
|
|
|
* the CLD_ si_code into SIGNAL_CLD_MASK bits.
|
|
|
|
*/
|
2008-04-30 09:52:47 +02:00
|
|
|
if (unlikely(signal->flags & SIGNAL_CLD_MASK)) {
|
|
|
|
int why = (signal->flags & SIGNAL_STOP_CONTINUED)
|
2008-04-30 09:52:44 +02:00
|
|
|
? CLD_CONTINUED : CLD_STOPPED;
|
2008-04-30 09:52:47 +02:00
|
|
|
signal->flags &= ~SIGNAL_CLD_MASK;
|
2008-04-30 09:52:44 +02:00
|
|
|
|
2009-09-24 00:56:53 +02:00
|
|
|
why = tracehook_notify_jctl(why, CLD_CONTINUED);
|
|
|
|
spin_unlock_irq(&sighand->siglock);
|
2008-07-26 04:45:54 +02:00
|
|
|
|
2009-09-24 00:56:53 +02:00
|
|
|
if (why) {
|
|
|
|
read_lock(&tasklist_lock);
|
|
|
|
do_notify_parent_cldstop(current->group_leader, why);
|
|
|
|
read_unlock(&tasklist_lock);
|
|
|
|
}
|
2008-04-30 09:52:44 +02:00
|
|
|
goto relock;
|
|
|
|
}
|
|
|
|
|
2005-04-17 00:20:36 +02:00
|
|
|
for (;;) {
|
|
|
|
struct k_sigaction *ka;
|
|
|
|
|
2008-04-30 09:52:47 +02:00
|
|
|
if (unlikely(signal->group_stop_count > 0) &&
|
2008-02-05 07:27:24 +01:00
|
|
|
do_signal_stop(0))
|
2005-04-17 00:20:36 +02:00
|
|
|
goto relock;
|
|
|
|
|
2008-07-26 04:45:53 +02:00
|
|
|
/*
|
|
|
|
* Tracing can induce an artifical signal and choose sigaction.
|
|
|
|
* The return value in @signr determines the default action,
|
|
|
|
* but @info->si_signo is the signal number we will report.
|
|
|
|
*/
|
|
|
|
signr = tracehook_get_signal(current, regs, info, return_ka);
|
|
|
|
if (unlikely(signr < 0))
|
|
|
|
goto relock;
|
|
|
|
if (unlikely(signr != 0))
|
|
|
|
ka = return_ka;
|
|
|
|
else {
|
|
|
|
signr = dequeue_signal(current, ¤t->blocked,
|
|
|
|
info);
|
2005-04-17 00:20:36 +02:00
|
|
|
|
2008-04-18 03:44:38 +02:00
|
|
|
if (!signr)
|
2008-07-26 04:45:53 +02:00
|
|
|
break; /* will return 0 */
|
|
|
|
|
|
|
|
if (signr != SIGKILL) {
|
|
|
|
signr = ptrace_signal(signr, info,
|
|
|
|
regs, cookie);
|
|
|
|
if (!signr)
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
ka = &sighand->action[signr-1];
|
2005-04-17 00:20:36 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if (ka->sa.sa_handler == SIG_IGN) /* Do nothing. */
|
|
|
|
continue;
|
|
|
|
if (ka->sa.sa_handler != SIG_DFL) {
|
|
|
|
/* Run the handler. */
|
|
|
|
*return_ka = *ka;
|
|
|
|
|
|
|
|
if (ka->sa.sa_flags & SA_ONESHOT)
|
|
|
|
ka->sa.sa_handler = SIG_DFL;
|
|
|
|
|
|
|
|
break; /* will return non-zero "signr" value */
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Now we are doing the default action for this signal.
|
|
|
|
*/
|
|
|
|
if (sig_kernel_ignore(signr)) /* Default is nothing. */
|
|
|
|
continue;
|
|
|
|
|
2006-12-08 11:38:01 +01:00
|
|
|
/*
|
2007-10-19 08:40:13 +02:00
|
|
|
* Global init gets no signals it doesn't want.
|
2009-04-03 01:58:08 +02:00
|
|
|
* Container-init gets no signals it doesn't want from same
|
|
|
|
* container.
|
|
|
|
*
|
|
|
|
* Note that if global/container-init sees a sig_kernel_only()
|
|
|
|
* signal here, the signal must have been generated internally
|
|
|
|
* or must have come from an ancestor namespace. In either
|
|
|
|
* case, the signal cannot be dropped.
|
2006-12-08 11:38:01 +01:00
|
|
|
*/
|
2008-04-30 09:53:03 +02:00
|
|
|
if (unlikely(signal->flags & SIGNAL_UNKILLABLE) &&
|
2009-04-03 01:58:08 +02:00
|
|
|
!sig_kernel_only(signr))
|
2005-04-17 00:20:36 +02:00
|
|
|
continue;
|
|
|
|
|
|
|
|
if (sig_kernel_stop(signr)) {
|
|
|
|
/*
|
|
|
|
* The default action is to stop all threads in
|
|
|
|
* the thread group. The job control signals
|
|
|
|
* do nothing in an orphaned pgrp, but SIGSTOP
|
|
|
|
* always works. Note that siglock needs to be
|
|
|
|
* dropped during the call to is_orphaned_pgrp()
|
|
|
|
* because of lock ordering with tasklist_lock.
|
|
|
|
* This allows an intervening SIGCONT to be posted.
|
|
|
|
* We need to check for that and bail out if necessary.
|
|
|
|
*/
|
|
|
|
if (signr != SIGSTOP) {
|
2008-04-30 09:52:47 +02:00
|
|
|
spin_unlock_irq(&sighand->siglock);
|
2005-04-17 00:20:36 +02:00
|
|
|
|
|
|
|
/* signals can be posted during this window */
|
|
|
|
|
2007-02-12 09:52:58 +01:00
|
|
|
if (is_current_pgrp_orphaned())
|
2005-04-17 00:20:36 +02:00
|
|
|
goto relock;
|
|
|
|
|
2008-04-30 09:52:47 +02:00
|
|
|
spin_lock_irq(&sighand->siglock);
|
2005-04-17 00:20:36 +02:00
|
|
|
}
|
|
|
|
|
2008-07-26 04:45:53 +02:00
|
|
|
if (likely(do_signal_stop(info->si_signo))) {
|
2005-04-17 00:20:36 +02:00
|
|
|
/* It released the siglock. */
|
|
|
|
goto relock;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* We didn't actually stop, due to a race
|
|
|
|
* with SIGCONT or something like that.
|
|
|
|
*/
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
2008-04-30 09:52:47 +02:00
|
|
|
spin_unlock_irq(&sighand->siglock);
|
2005-04-17 00:20:36 +02:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Anything else is fatal, maybe with a core dump.
|
|
|
|
*/
|
|
|
|
current->flags |= PF_SIGNALED;
|
2008-04-30 09:52:58 +02:00
|
|
|
|
2005-04-17 00:20:36 +02:00
|
|
|
if (sig_kernel_coredump(signr)) {
|
2008-04-30 09:52:58 +02:00
|
|
|
if (print_fatal_signals)
|
2008-07-26 04:45:53 +02:00
|
|
|
print_fatal_signal(regs, info->si_signo);
|
2005-04-17 00:20:36 +02:00
|
|
|
/*
|
|
|
|
* If it was able to dump core, this kills all
|
|
|
|
* other threads in the group and synchronizes with
|
|
|
|
* their demise. If we lost the race with another
|
|
|
|
* thread getting here, it set group_exit_code
|
|
|
|
* first and our do_group_exit call below will use
|
|
|
|
* that value and ignore the one we pass it.
|
|
|
|
*/
|
2008-07-26 04:45:53 +02:00
|
|
|
do_coredump(info->si_signo, info->si_signo, regs);
|
2005-04-17 00:20:36 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Death signals, no core dump.
|
|
|
|
*/
|
2008-07-26 04:45:53 +02:00
|
|
|
do_group_exit(info->si_signo);
|
2005-04-17 00:20:36 +02:00
|
|
|
/* NOTREACHED */
|
|
|
|
}
|
2008-04-30 09:52:47 +02:00
|
|
|
spin_unlock_irq(&sighand->siglock);
|
2005-04-17 00:20:36 +02:00
|
|
|
return signr;
|
|
|
|
}
|
|
|
|
|
2008-02-08 13:19:12 +01:00
|
|
|
void exit_signals(struct task_struct *tsk)
|
|
|
|
{
|
|
|
|
int group_stop = 0;
|
2008-02-08 13:19:13 +01:00
|
|
|
struct task_struct *t;
|
2008-02-08 13:19:12 +01:00
|
|
|
|
2008-02-08 13:19:13 +01:00
|
|
|
if (thread_group_empty(tsk) || signal_group_exit(tsk->signal)) {
|
|
|
|
tsk->flags |= PF_EXITING;
|
|
|
|
return;
|
2008-02-08 13:19:12 +01:00
|
|
|
}
|
|
|
|
|
2008-02-08 13:19:13 +01:00
|
|
|
spin_lock_irq(&tsk->sighand->siglock);
|
2008-02-08 13:19:12 +01:00
|
|
|
/*
|
|
|
|
* From now this task is not visible for group-wide signals,
|
|
|
|
* see wants_signal(), do_signal_stop().
|
|
|
|
*/
|
|
|
|
tsk->flags |= PF_EXITING;
|
2008-02-08 13:19:13 +01:00
|
|
|
if (!signal_pending(tsk))
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
/* It could be that __group_complete_signal() choose us to
|
|
|
|
* notify about group-wide signal. Another thread should be
|
|
|
|
* woken now to take the signal since we will not.
|
|
|
|
*/
|
|
|
|
for (t = tsk; (t = next_thread(t)) != tsk; )
|
|
|
|
if (!signal_pending(t) && !(t->flags & PF_EXITING))
|
|
|
|
recalc_sigpending_and_wake(t);
|
|
|
|
|
|
|
|
if (unlikely(tsk->signal->group_stop_count) &&
|
|
|
|
!--tsk->signal->group_stop_count) {
|
|
|
|
tsk->signal->flags = SIGNAL_STOP_STOPPED;
|
2009-09-24 00:56:53 +02:00
|
|
|
group_stop = tracehook_notify_jctl(CLD_STOPPED, CLD_STOPPED);
|
2008-02-08 13:19:13 +01:00
|
|
|
}
|
|
|
|
out:
|
2008-02-08 13:19:12 +01:00
|
|
|
spin_unlock_irq(&tsk->sighand->siglock);
|
|
|
|
|
2009-09-24 00:56:53 +02:00
|
|
|
if (unlikely(group_stop)) {
|
2008-02-08 13:19:12 +01:00
|
|
|
read_lock(&tasklist_lock);
|
2009-09-24 00:56:53 +02:00
|
|
|
do_notify_parent_cldstop(tsk, group_stop);
|
2008-02-08 13:19:12 +01:00
|
|
|
read_unlock(&tasklist_lock);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2005-04-17 00:20:36 +02:00
|
|
|
EXPORT_SYMBOL(recalc_sigpending);
|
|
|
|
EXPORT_SYMBOL_GPL(dequeue_signal);
|
|
|
|
EXPORT_SYMBOL(flush_signals);
|
|
|
|
EXPORT_SYMBOL(force_sig);
|
|
|
|
EXPORT_SYMBOL(send_sig);
|
|
|
|
EXPORT_SYMBOL(send_sig_info);
|
|
|
|
EXPORT_SYMBOL(sigprocmask);
|
|
|
|
EXPORT_SYMBOL(block_all_signals);
|
|
|
|
EXPORT_SYMBOL(unblock_all_signals);
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
* System call entry points.
|
|
|
|
*/
|
|
|
|
|
2009-01-14 14:14:09 +01:00
|
|
|
SYSCALL_DEFINE0(restart_syscall)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
|
|
|
struct restart_block *restart = ¤t_thread_info()->restart_block;
|
|
|
|
return restart->fn(restart);
|
|
|
|
}
|
|
|
|
|
|
|
|
long do_no_restart_syscall(struct restart_block *param)
|
|
|
|
{
|
|
|
|
return -EINTR;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* We don't need to get the kernel lock - this is all local to this
|
|
|
|
* particular thread.. (and that's good, because this is _heavily_
|
|
|
|
* used by various programs)
|
|
|
|
*/
|
|
|
|
|
|
|
|
/*
|
|
|
|
* This is also useful for kernel threads that want to temporarily
|
|
|
|
* (or permanently) block certain signals.
|
|
|
|
*
|
|
|
|
* NOTE! Unlike the user-mode sys_sigprocmask(), the kernel
|
|
|
|
* interface happily blocks "unblockable" signals like SIGKILL
|
|
|
|
* and friends.
|
|
|
|
*/
|
|
|
|
int sigprocmask(int how, sigset_t *set, sigset_t *oldset)
|
|
|
|
{
|
|
|
|
int error;
|
|
|
|
|
|
|
|
spin_lock_irq(¤t->sighand->siglock);
|
2006-03-23 12:00:49 +01:00
|
|
|
if (oldset)
|
|
|
|
*oldset = current->blocked;
|
|
|
|
|
2005-04-17 00:20:36 +02:00
|
|
|
error = 0;
|
|
|
|
switch (how) {
|
|
|
|
case SIG_BLOCK:
|
|
|
|
sigorsets(¤t->blocked, ¤t->blocked, set);
|
|
|
|
break;
|
|
|
|
case SIG_UNBLOCK:
|
|
|
|
signandsets(¤t->blocked, ¤t->blocked, set);
|
|
|
|
break;
|
|
|
|
case SIG_SETMASK:
|
|
|
|
current->blocked = *set;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
error = -EINVAL;
|
|
|
|
}
|
|
|
|
recalc_sigpending();
|
|
|
|
spin_unlock_irq(¤t->sighand->siglock);
|
2006-03-23 12:00:49 +01:00
|
|
|
|
2005-04-17 00:20:36 +02:00
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
2009-01-14 14:14:10 +01:00
|
|
|
SYSCALL_DEFINE4(rt_sigprocmask, int, how, sigset_t __user *, set,
|
|
|
|
sigset_t __user *, oset, size_t, sigsetsize)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
|
|
|
int error = -EINVAL;
|
|
|
|
sigset_t old_set, new_set;
|
|
|
|
|
|
|
|
/* XXX: Don't preclude handling different sized sigset_t's. */
|
|
|
|
if (sigsetsize != sizeof(sigset_t))
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
if (set) {
|
|
|
|
error = -EFAULT;
|
|
|
|
if (copy_from_user(&new_set, set, sizeof(*set)))
|
|
|
|
goto out;
|
|
|
|
sigdelsetmask(&new_set, sigmask(SIGKILL)|sigmask(SIGSTOP));
|
|
|
|
|
|
|
|
error = sigprocmask(how, &new_set, &old_set);
|
|
|
|
if (error)
|
|
|
|
goto out;
|
|
|
|
if (oset)
|
|
|
|
goto set_old;
|
|
|
|
} else if (oset) {
|
|
|
|
spin_lock_irq(¤t->sighand->siglock);
|
|
|
|
old_set = current->blocked;
|
|
|
|
spin_unlock_irq(¤t->sighand->siglock);
|
|
|
|
|
|
|
|
set_old:
|
|
|
|
error = -EFAULT;
|
|
|
|
if (copy_to_user(oset, &old_set, sizeof(*oset)))
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
error = 0;
|
|
|
|
out:
|
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
|
|
|
long do_sigpending(void __user *set, unsigned long sigsetsize)
|
|
|
|
{
|
|
|
|
long error = -EINVAL;
|
|
|
|
sigset_t pending;
|
|
|
|
|
|
|
|
if (sigsetsize > sizeof(sigset_t))
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
spin_lock_irq(¤t->sighand->siglock);
|
|
|
|
sigorsets(&pending, ¤t->pending.signal,
|
|
|
|
¤t->signal->shared_pending.signal);
|
|
|
|
spin_unlock_irq(¤t->sighand->siglock);
|
|
|
|
|
|
|
|
/* Outside the lock because only this thread touches it. */
|
|
|
|
sigandsets(&pending, ¤t->blocked, &pending);
|
|
|
|
|
|
|
|
error = -EFAULT;
|
|
|
|
if (!copy_to_user(set, &pending, sigsetsize))
|
|
|
|
error = 0;
|
|
|
|
|
|
|
|
out:
|
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
2009-01-14 14:14:10 +01:00
|
|
|
SYSCALL_DEFINE2(rt_sigpending, sigset_t __user *, set, size_t, sigsetsize)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
|
|
|
return do_sigpending(set, sigsetsize);
|
|
|
|
}
|
|
|
|
|
|
|
|
#ifndef HAVE_ARCH_COPY_SIGINFO_TO_USER
|
|
|
|
|
|
|
|
int copy_siginfo_to_user(siginfo_t __user *to, siginfo_t *from)
|
|
|
|
{
|
|
|
|
int err;
|
|
|
|
|
|
|
|
if (!access_ok (VERIFY_WRITE, to, sizeof(siginfo_t)))
|
|
|
|
return -EFAULT;
|
|
|
|
if (from->si_code < 0)
|
|
|
|
return __copy_to_user(to, from, sizeof(siginfo_t))
|
|
|
|
? -EFAULT : 0;
|
|
|
|
/*
|
|
|
|
* If you change siginfo_t structure, please be sure
|
|
|
|
* this code is fixed accordingly.
|
signal/timer/event: signalfd core
This patch series implements the new signalfd() system call.
I took part of the original Linus code (and you know how badly it can be
broken :), and I added even more breakage ;) Signals are fetched from the same
signal queue used by the process, so signalfd will compete with standard
kernel delivery in dequeue_signal(). If you want to reliably fetch signals on
the signalfd file, you need to block them with sigprocmask(SIG_BLOCK). This
seems to be working fine on my Dual Opteron machine. I made a quick test
program for it:
http://www.xmailserver.org/signafd-test.c
The signalfd() system call implements signal delivery into a file descriptor
receiver. The signalfd file descriptor if created with the following API:
int signalfd(int ufd, const sigset_t *mask, size_t masksize);
The "ufd" parameter allows to change an existing signalfd sigmask, w/out going
to close/create cycle (Linus idea). Use "ufd" == -1 if you want a brand new
signalfd file.
The "mask" allows to specify the signal mask of signals that we are interested
in. The "masksize" parameter is the size of "mask".
The signalfd fd supports the poll(2) and read(2) system calls. The poll(2)
will return POLLIN when signals are available to be dequeued. As a direct
consequence of supporting the Linux poll subsystem, the signalfd fd can use
used together with epoll(2) too.
The read(2) system call will return a "struct signalfd_siginfo" structure in
the userspace supplied buffer. The return value is the number of bytes copied
in the supplied buffer, or -1 in case of error. The read(2) call can also
return 0, in case the sighand structure to which the signalfd was attached,
has been orphaned. The O_NONBLOCK flag is also supported, and read(2) will
return -EAGAIN in case no signal is available.
If the size of the buffer passed to read(2) is lower than sizeof(struct
signalfd_siginfo), -EINVAL is returned. A read from the signalfd can also
return -ERESTARTSYS in case a signal hits the process. The format of the
struct signalfd_siginfo is, and the valid fields depends of the (->code &
__SI_MASK) value, in the same way a struct siginfo would:
struct signalfd_siginfo {
__u32 signo; /* si_signo */
__s32 err; /* si_errno */
__s32 code; /* si_code */
__u32 pid; /* si_pid */
__u32 uid; /* si_uid */
__s32 fd; /* si_fd */
__u32 tid; /* si_fd */
__u32 band; /* si_band */
__u32 overrun; /* si_overrun */
__u32 trapno; /* si_trapno */
__s32 status; /* si_status */
__s32 svint; /* si_int */
__u64 svptr; /* si_ptr */
__u64 utime; /* si_utime */
__u64 stime; /* si_stime */
__u64 addr; /* si_addr */
};
[akpm@linux-foundation.org: fix signalfd_copyinfo() on i386]
Signed-off-by: Davide Libenzi <davidel@xmailserver.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-05-11 07:23:13 +02:00
|
|
|
* Please remember to update the signalfd_copyinfo() function
|
|
|
|
* inside fs/signalfd.c too, in case siginfo_t changes.
|
2005-04-17 00:20:36 +02:00
|
|
|
* It should never copy any pad contained in the structure
|
|
|
|
* to avoid security leaks, but must copy the generic
|
|
|
|
* 3 ints plus the relevant union member.
|
|
|
|
*/
|
|
|
|
err = __put_user(from->si_signo, &to->si_signo);
|
|
|
|
err |= __put_user(from->si_errno, &to->si_errno);
|
|
|
|
err |= __put_user((short)from->si_code, &to->si_code);
|
|
|
|
switch (from->si_code & __SI_MASK) {
|
|
|
|
case __SI_KILL:
|
|
|
|
err |= __put_user(from->si_pid, &to->si_pid);
|
|
|
|
err |= __put_user(from->si_uid, &to->si_uid);
|
|
|
|
break;
|
|
|
|
case __SI_TIMER:
|
|
|
|
err |= __put_user(from->si_tid, &to->si_tid);
|
|
|
|
err |= __put_user(from->si_overrun, &to->si_overrun);
|
|
|
|
err |= __put_user(from->si_ptr, &to->si_ptr);
|
|
|
|
break;
|
|
|
|
case __SI_POLL:
|
|
|
|
err |= __put_user(from->si_band, &to->si_band);
|
|
|
|
err |= __put_user(from->si_fd, &to->si_fd);
|
|
|
|
break;
|
|
|
|
case __SI_FAULT:
|
|
|
|
err |= __put_user(from->si_addr, &to->si_addr);
|
|
|
|
#ifdef __ARCH_SI_TRAPNO
|
|
|
|
err |= __put_user(from->si_trapno, &to->si_trapno);
|
|
|
|
#endif
|
|
|
|
break;
|
|
|
|
case __SI_CHLD:
|
|
|
|
err |= __put_user(from->si_pid, &to->si_pid);
|
|
|
|
err |= __put_user(from->si_uid, &to->si_uid);
|
|
|
|
err |= __put_user(from->si_status, &to->si_status);
|
|
|
|
err |= __put_user(from->si_utime, &to->si_utime);
|
|
|
|
err |= __put_user(from->si_stime, &to->si_stime);
|
|
|
|
break;
|
|
|
|
case __SI_RT: /* This is not generated by the kernel as of now. */
|
|
|
|
case __SI_MESGQ: /* But this is */
|
|
|
|
err |= __put_user(from->si_pid, &to->si_pid);
|
|
|
|
err |= __put_user(from->si_uid, &to->si_uid);
|
|
|
|
err |= __put_user(from->si_ptr, &to->si_ptr);
|
|
|
|
break;
|
|
|
|
default: /* this is just in case for now ... */
|
|
|
|
err |= __put_user(from->si_pid, &to->si_pid);
|
|
|
|
err |= __put_user(from->si_uid, &to->si_uid);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
|
|
|
#endif
|
|
|
|
|
2009-01-14 14:14:10 +01:00
|
|
|
SYSCALL_DEFINE4(rt_sigtimedwait, const sigset_t __user *, uthese,
|
|
|
|
siginfo_t __user *, uinfo, const struct timespec __user *, uts,
|
|
|
|
size_t, sigsetsize)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
|
|
|
int ret, sig;
|
|
|
|
sigset_t these;
|
|
|
|
struct timespec ts;
|
|
|
|
siginfo_t info;
|
|
|
|
long timeout = 0;
|
|
|
|
|
|
|
|
/* XXX: Don't preclude handling different sized sigset_t's. */
|
|
|
|
if (sigsetsize != sizeof(sigset_t))
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
if (copy_from_user(&these, uthese, sizeof(these)))
|
|
|
|
return -EFAULT;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Invert the set of allowed signals to get those we
|
|
|
|
* want to block.
|
|
|
|
*/
|
|
|
|
sigdelsetmask(&these, sigmask(SIGKILL)|sigmask(SIGSTOP));
|
|
|
|
signotset(&these);
|
|
|
|
|
|
|
|
if (uts) {
|
|
|
|
if (copy_from_user(&ts, uts, sizeof(ts)))
|
|
|
|
return -EFAULT;
|
|
|
|
if (ts.tv_nsec >= 1000000000L || ts.tv_nsec < 0
|
|
|
|
|| ts.tv_sec < 0)
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
spin_lock_irq(¤t->sighand->siglock);
|
|
|
|
sig = dequeue_signal(current, &these, &info);
|
|
|
|
if (!sig) {
|
|
|
|
timeout = MAX_SCHEDULE_TIMEOUT;
|
|
|
|
if (uts)
|
|
|
|
timeout = (timespec_to_jiffies(&ts)
|
|
|
|
+ (ts.tv_sec || ts.tv_nsec));
|
|
|
|
|
|
|
|
if (timeout) {
|
|
|
|
/* None ready -- temporarily unblock those we're
|
|
|
|
* interested while we are sleeping in so that we'll
|
|
|
|
* be awakened when they arrive. */
|
|
|
|
current->real_blocked = current->blocked;
|
|
|
|
sigandsets(¤t->blocked, ¤t->blocked, &these);
|
|
|
|
recalc_sigpending();
|
|
|
|
spin_unlock_irq(¤t->sighand->siglock);
|
|
|
|
|
2005-09-10 09:27:24 +02:00
|
|
|
timeout = schedule_timeout_interruptible(timeout);
|
2005-04-17 00:20:36 +02:00
|
|
|
|
|
|
|
spin_lock_irq(¤t->sighand->siglock);
|
|
|
|
sig = dequeue_signal(current, &these, &info);
|
|
|
|
current->blocked = current->real_blocked;
|
|
|
|
siginitset(¤t->real_blocked, 0);
|
|
|
|
recalc_sigpending();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
spin_unlock_irq(¤t->sighand->siglock);
|
|
|
|
|
|
|
|
if (sig) {
|
|
|
|
ret = sig;
|
|
|
|
if (uinfo) {
|
|
|
|
if (copy_siginfo_to_user(uinfo, &info))
|
|
|
|
ret = -EFAULT;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
ret = -EAGAIN;
|
|
|
|
if (timeout)
|
|
|
|
ret = -EINTR;
|
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2009-01-14 14:14:10 +01:00
|
|
|
SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
|
|
|
struct siginfo info;
|
|
|
|
|
|
|
|
info.si_signo = sig;
|
|
|
|
info.si_errno = 0;
|
|
|
|
info.si_code = SI_USER;
|
2007-10-19 08:40:14 +02:00
|
|
|
info.si_pid = task_tgid_vnr(current);
|
2008-11-14 00:39:12 +01:00
|
|
|
info.si_uid = current_uid();
|
2005-04-17 00:20:36 +02:00
|
|
|
|
|
|
|
return kill_something_info(sig, &info, pid);
|
|
|
|
}
|
|
|
|
|
2009-04-04 23:01:01 +02:00
|
|
|
static int
|
|
|
|
do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
|
|
|
struct task_struct *p;
|
2009-04-04 23:01:01 +02:00
|
|
|
int error = -ESRCH;
|
2005-04-17 00:20:36 +02:00
|
|
|
|
2008-04-30 09:52:51 +02:00
|
|
|
rcu_read_lock();
|
2007-10-19 08:40:16 +02:00
|
|
|
p = find_task_by_vpid(pid);
|
2007-10-19 08:40:14 +02:00
|
|
|
if (p && (tgid <= 0 || task_tgid_vnr(p) == tgid)) {
|
2009-04-04 23:01:01 +02:00
|
|
|
error = check_kill_permission(sig, info, p);
|
2005-04-17 00:20:36 +02:00
|
|
|
/*
|
|
|
|
* The null signal is a permissions and process existence
|
|
|
|
* probe. No signal is actually delivered.
|
|
|
|
*/
|
2009-09-24 00:57:00 +02:00
|
|
|
if (!error && sig) {
|
|
|
|
error = do_send_sig_info(sig, info, p, false);
|
|
|
|
/*
|
|
|
|
* If lock_task_sighand() failed we pretend the task
|
|
|
|
* dies after receiving the signal. The window is tiny,
|
|
|
|
* and the signal is private anyway.
|
|
|
|
*/
|
|
|
|
if (unlikely(error == -ESRCH))
|
|
|
|
error = 0;
|
2005-04-17 00:20:36 +02:00
|
|
|
}
|
|
|
|
}
|
2008-04-30 09:52:51 +02:00
|
|
|
rcu_read_unlock();
|
2005-10-31 00:02:18 +01:00
|
|
|
|
2005-04-17 00:20:36 +02:00
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
2009-04-04 23:01:01 +02:00
|
|
|
static int do_tkill(pid_t tgid, pid_t pid, int sig)
|
|
|
|
{
|
|
|
|
struct siginfo info;
|
|
|
|
|
|
|
|
info.si_signo = sig;
|
|
|
|
info.si_errno = 0;
|
|
|
|
info.si_code = SI_TKILL;
|
|
|
|
info.si_pid = task_tgid_vnr(current);
|
|
|
|
info.si_uid = current_uid();
|
|
|
|
|
|
|
|
return do_send_specific(tgid, pid, sig, &info);
|
|
|
|
}
|
|
|
|
|
2005-10-31 00:02:18 +01:00
|
|
|
/**
|
|
|
|
* sys_tgkill - send signal to one specific thread
|
|
|
|
* @tgid: the thread group ID of the thread
|
|
|
|
* @pid: the PID of the thread
|
|
|
|
* @sig: signal to be sent
|
|
|
|
*
|
2007-02-10 10:45:59 +01:00
|
|
|
* This syscall also checks the @tgid and returns -ESRCH even if the PID
|
2005-10-31 00:02:18 +01:00
|
|
|
* exists but it's not belonging to the target process anymore. This
|
|
|
|
* method solves the problem of threads exiting and PIDs getting reused.
|
|
|
|
*/
|
2009-01-14 14:14:11 +01:00
|
|
|
SYSCALL_DEFINE3(tgkill, pid_t, tgid, pid_t, pid, int, sig)
|
2005-10-31 00:02:18 +01:00
|
|
|
{
|
|
|
|
/* This is only valid for single tasks */
|
|
|
|
if (pid <= 0 || tgid <= 0)
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
return do_tkill(tgid, pid, sig);
|
|
|
|
}
|
|
|
|
|
2005-04-17 00:20:36 +02:00
|
|
|
/*
|
|
|
|
* Send a signal to only one task, even if it's a CLONE_THREAD task.
|
|
|
|
*/
|
2009-01-14 14:14:11 +01:00
|
|
|
SYSCALL_DEFINE2(tkill, pid_t, pid, int, sig)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
|
|
|
/* This is only valid for single tasks */
|
|
|
|
if (pid <= 0)
|
|
|
|
return -EINVAL;
|
|
|
|
|
2005-10-31 00:02:18 +01:00
|
|
|
return do_tkill(0, pid, sig);
|
2005-04-17 00:20:36 +02:00
|
|
|
}
|
|
|
|
|
2009-01-14 14:14:11 +01:00
|
|
|
SYSCALL_DEFINE3(rt_sigqueueinfo, pid_t, pid, int, sig,
|
|
|
|
siginfo_t __user *, uinfo)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
|
|
|
siginfo_t info;
|
|
|
|
|
|
|
|
if (copy_from_user(&info, uinfo, sizeof(siginfo_t)))
|
|
|
|
return -EFAULT;
|
|
|
|
|
|
|
|
/* Not even root can pretend to send signals from the kernel.
|
|
|
|
Nor can they impersonate a kill(), which adds source info. */
|
|
|
|
if (info.si_code >= 0)
|
|
|
|
return -EPERM;
|
|
|
|
info.si_signo = sig;
|
|
|
|
|
|
|
|
/* POSIX.1b doesn't mention process groups. */
|
|
|
|
return kill_proc_info(sig, &info, pid);
|
|
|
|
}
|
|
|
|
|
2009-04-04 23:01:06 +02:00
|
|
|
long do_rt_tgsigqueueinfo(pid_t tgid, pid_t pid, int sig, siginfo_t *info)
|
|
|
|
{
|
|
|
|
/* This is only valid for single tasks */
|
|
|
|
if (pid <= 0 || tgid <= 0)
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
/* Not even root can pretend to send signals from the kernel.
|
|
|
|
Nor can they impersonate a kill(), which adds source info. */
|
|
|
|
if (info->si_code >= 0)
|
|
|
|
return -EPERM;
|
|
|
|
info->si_signo = sig;
|
|
|
|
|
|
|
|
return do_send_specific(tgid, pid, sig, info);
|
|
|
|
}
|
|
|
|
|
|
|
|
SYSCALL_DEFINE4(rt_tgsigqueueinfo, pid_t, tgid, pid_t, pid, int, sig,
|
|
|
|
siginfo_t __user *, uinfo)
|
|
|
|
{
|
|
|
|
siginfo_t info;
|
|
|
|
|
|
|
|
if (copy_from_user(&info, uinfo, sizeof(siginfo_t)))
|
|
|
|
return -EFAULT;
|
|
|
|
|
|
|
|
return do_rt_tgsigqueueinfo(tgid, pid, sig, &info);
|
|
|
|
}
|
|
|
|
|
2006-03-29 02:11:24 +02:00
|
|
|
int do_sigaction(int sig, struct k_sigaction *act, struct k_sigaction *oact)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
2008-04-30 09:52:39 +02:00
|
|
|
struct task_struct *t = current;
|
2005-04-17 00:20:36 +02:00
|
|
|
struct k_sigaction *k;
|
2006-01-08 10:02:48 +01:00
|
|
|
sigset_t mask;
|
2005-04-17 00:20:36 +02:00
|
|
|
|
2005-05-01 17:59:14 +02:00
|
|
|
if (!valid_signal(sig) || sig < 1 || (act && sig_kernel_only(sig)))
|
2005-04-17 00:20:36 +02:00
|
|
|
return -EINVAL;
|
|
|
|
|
2008-04-30 09:52:39 +02:00
|
|
|
k = &t->sighand->action[sig-1];
|
2005-04-17 00:20:36 +02:00
|
|
|
|
|
|
|
spin_lock_irq(¤t->sighand->siglock);
|
|
|
|
if (oact)
|
|
|
|
*oact = *k;
|
|
|
|
|
|
|
|
if (act) {
|
2006-02-09 20:41:50 +01:00
|
|
|
sigdelsetmask(&act->sa.sa_mask,
|
|
|
|
sigmask(SIGKILL) | sigmask(SIGSTOP));
|
2006-03-29 02:11:24 +02:00
|
|
|
*k = *act;
|
2005-04-17 00:20:36 +02:00
|
|
|
/*
|
|
|
|
* POSIX 3.3.1.3:
|
|
|
|
* "Setting a signal action to SIG_IGN for a signal that is
|
|
|
|
* pending shall cause the pending signal to be discarded,
|
|
|
|
* whether or not it is blocked."
|
|
|
|
*
|
|
|
|
* "Setting a signal action to SIG_DFL for a signal that is
|
|
|
|
* pending and whose default action is to ignore the signal
|
|
|
|
* (for example, SIGCHLD), shall cause the pending signal to
|
|
|
|
* be discarded, whether or not it is blocked"
|
|
|
|
*/
|
2008-07-26 04:45:51 +02:00
|
|
|
if (sig_handler_ignored(sig_handler(t, sig), sig)) {
|
2006-01-08 10:02:48 +01:00
|
|
|
sigemptyset(&mask);
|
|
|
|
sigaddset(&mask, sig);
|
|
|
|
rm_from_queue_full(&mask, &t->signal->shared_pending);
|
2005-04-17 00:20:36 +02:00
|
|
|
do {
|
2006-01-08 10:02:48 +01:00
|
|
|
rm_from_queue_full(&mask, &t->pending);
|
2005-04-17 00:20:36 +02:00
|
|
|
t = next_thread(t);
|
|
|
|
} while (t != current);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
spin_unlock_irq(¤t->sighand->siglock);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
do_sigaltstack (const stack_t __user *uss, stack_t __user *uoss, unsigned long sp)
|
|
|
|
{
|
|
|
|
stack_t oss;
|
|
|
|
int error;
|
|
|
|
|
2009-08-01 19:34:56 +02:00
|
|
|
oss.ss_sp = (void __user *) current->sas_ss_sp;
|
|
|
|
oss.ss_size = current->sas_ss_size;
|
|
|
|
oss.ss_flags = sas_ss_flags(sp);
|
2005-04-17 00:20:36 +02:00
|
|
|
|
|
|
|
if (uss) {
|
|
|
|
void __user *ss_sp;
|
|
|
|
size_t ss_size;
|
|
|
|
int ss_flags;
|
|
|
|
|
|
|
|
error = -EFAULT;
|
2009-08-01 20:18:56 +02:00
|
|
|
if (!access_ok(VERIFY_READ, uss, sizeof(*uss)))
|
|
|
|
goto out;
|
|
|
|
error = __get_user(ss_sp, &uss->ss_sp) |
|
|
|
|
__get_user(ss_flags, &uss->ss_flags) |
|
|
|
|
__get_user(ss_size, &uss->ss_size);
|
|
|
|
if (error)
|
2005-04-17 00:20:36 +02:00
|
|
|
goto out;
|
|
|
|
|
|
|
|
error = -EPERM;
|
|
|
|
if (on_sig_stack(sp))
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
error = -EINVAL;
|
|
|
|
/*
|
|
|
|
*
|
|
|
|
* Note - this code used to test ss_flags incorrectly
|
|
|
|
* old code may have been written using ss_flags==0
|
|
|
|
* to mean ss_flags==SS_ONSTACK (as this was the only
|
|
|
|
* way that worked) - this fix preserves that older
|
|
|
|
* mechanism
|
|
|
|
*/
|
|
|
|
if (ss_flags != SS_DISABLE && ss_flags != SS_ONSTACK && ss_flags != 0)
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
if (ss_flags == SS_DISABLE) {
|
|
|
|
ss_size = 0;
|
|
|
|
ss_sp = NULL;
|
|
|
|
} else {
|
|
|
|
error = -ENOMEM;
|
|
|
|
if (ss_size < MINSIGSTKSZ)
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
current->sas_ss_sp = (unsigned long) ss_sp;
|
|
|
|
current->sas_ss_size = ss_size;
|
|
|
|
}
|
|
|
|
|
2009-08-01 19:34:56 +02:00
|
|
|
error = 0;
|
2005-04-17 00:20:36 +02:00
|
|
|
if (uoss) {
|
|
|
|
error = -EFAULT;
|
2009-08-01 19:34:56 +02:00
|
|
|
if (!access_ok(VERIFY_WRITE, uoss, sizeof(*uoss)))
|
2005-04-17 00:20:36 +02:00
|
|
|
goto out;
|
2009-08-01 19:34:56 +02:00
|
|
|
error = __put_user(oss.ss_sp, &uoss->ss_sp) |
|
|
|
|
__put_user(oss.ss_size, &uoss->ss_size) |
|
|
|
|
__put_user(oss.ss_flags, &uoss->ss_flags);
|
2005-04-17 00:20:36 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
out:
|
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
|
|
|
#ifdef __ARCH_WANT_SYS_SIGPENDING
|
|
|
|
|
2009-01-14 14:14:06 +01:00
|
|
|
SYSCALL_DEFINE1(sigpending, old_sigset_t __user *, set)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
|
|
|
return do_sigpending(set, sizeof(*set));
|
|
|
|
}
|
|
|
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef __ARCH_WANT_SYS_SIGPROCMASK
|
|
|
|
/* Some platforms have their own version with special arguments others
|
|
|
|
support only sys_rt_sigprocmask. */
|
|
|
|
|
2009-01-14 14:14:06 +01:00
|
|
|
SYSCALL_DEFINE3(sigprocmask, int, how, old_sigset_t __user *, set,
|
|
|
|
old_sigset_t __user *, oset)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
|
|
|
int error;
|
|
|
|
old_sigset_t old_set, new_set;
|
|
|
|
|
|
|
|
if (set) {
|
|
|
|
error = -EFAULT;
|
|
|
|
if (copy_from_user(&new_set, set, sizeof(*set)))
|
|
|
|
goto out;
|
|
|
|
new_set &= ~(sigmask(SIGKILL) | sigmask(SIGSTOP));
|
|
|
|
|
|
|
|
spin_lock_irq(¤t->sighand->siglock);
|
|
|
|
old_set = current->blocked.sig[0];
|
|
|
|
|
|
|
|
error = 0;
|
|
|
|
switch (how) {
|
|
|
|
default:
|
|
|
|
error = -EINVAL;
|
|
|
|
break;
|
|
|
|
case SIG_BLOCK:
|
|
|
|
sigaddsetmask(¤t->blocked, new_set);
|
|
|
|
break;
|
|
|
|
case SIG_UNBLOCK:
|
|
|
|
sigdelsetmask(¤t->blocked, new_set);
|
|
|
|
break;
|
|
|
|
case SIG_SETMASK:
|
|
|
|
current->blocked.sig[0] = new_set;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
recalc_sigpending();
|
|
|
|
spin_unlock_irq(¤t->sighand->siglock);
|
|
|
|
if (error)
|
|
|
|
goto out;
|
|
|
|
if (oset)
|
|
|
|
goto set_old;
|
|
|
|
} else if (oset) {
|
|
|
|
old_set = current->blocked.sig[0];
|
|
|
|
set_old:
|
|
|
|
error = -EFAULT;
|
|
|
|
if (copy_to_user(oset, &old_set, sizeof(*oset)))
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
error = 0;
|
|
|
|
out:
|
|
|
|
return error;
|
|
|
|
}
|
|
|
|
#endif /* __ARCH_WANT_SYS_SIGPROCMASK */
|
|
|
|
|
|
|
|
#ifdef __ARCH_WANT_SYS_RT_SIGACTION
|
2009-01-14 14:14:34 +01:00
|
|
|
SYSCALL_DEFINE4(rt_sigaction, int, sig,
|
|
|
|
const struct sigaction __user *, act,
|
|
|
|
struct sigaction __user *, oact,
|
|
|
|
size_t, sigsetsize)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
|
|
|
struct k_sigaction new_sa, old_sa;
|
|
|
|
int ret = -EINVAL;
|
|
|
|
|
|
|
|
/* XXX: Don't preclude handling different sized sigset_t's. */
|
|
|
|
if (sigsetsize != sizeof(sigset_t))
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
if (act) {
|
|
|
|
if (copy_from_user(&new_sa.sa, act, sizeof(new_sa.sa)))
|
|
|
|
return -EFAULT;
|
|
|
|
}
|
|
|
|
|
|
|
|
ret = do_sigaction(sig, act ? &new_sa : NULL, oact ? &old_sa : NULL);
|
|
|
|
|
|
|
|
if (!ret && oact) {
|
|
|
|
if (copy_to_user(oact, &old_sa.sa, sizeof(old_sa.sa)))
|
|
|
|
return -EFAULT;
|
|
|
|
}
|
|
|
|
out:
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
#endif /* __ARCH_WANT_SYS_RT_SIGACTION */
|
|
|
|
|
|
|
|
#ifdef __ARCH_WANT_SYS_SGETMASK
|
|
|
|
|
|
|
|
/*
|
|
|
|
* For backwards compatibility. Functionality superseded by sigprocmask.
|
|
|
|
*/
|
2009-01-14 14:14:11 +01:00
|
|
|
SYSCALL_DEFINE0(sgetmask)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
|
|
|
/* SMP safe */
|
|
|
|
return current->blocked.sig[0];
|
|
|
|
}
|
|
|
|
|
2009-01-14 14:14:11 +01:00
|
|
|
SYSCALL_DEFINE1(ssetmask, int, newmask)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
|
|
|
int old;
|
|
|
|
|
|
|
|
spin_lock_irq(¤t->sighand->siglock);
|
|
|
|
old = current->blocked.sig[0];
|
|
|
|
|
|
|
|
siginitset(¤t->blocked, newmask & ~(sigmask(SIGKILL)|
|
|
|
|
sigmask(SIGSTOP)));
|
|
|
|
recalc_sigpending();
|
|
|
|
spin_unlock_irq(¤t->sighand->siglock);
|
|
|
|
|
|
|
|
return old;
|
|
|
|
}
|
|
|
|
#endif /* __ARCH_WANT_SGETMASK */
|
|
|
|
|
|
|
|
#ifdef __ARCH_WANT_SYS_SIGNAL
|
|
|
|
/*
|
|
|
|
* For backwards compatibility. Functionality superseded by sigaction.
|
|
|
|
*/
|
2009-01-14 14:14:11 +01:00
|
|
|
SYSCALL_DEFINE2(signal, int, sig, __sighandler_t, handler)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
|
|
|
struct k_sigaction new_sa, old_sa;
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
new_sa.sa.sa_handler = handler;
|
|
|
|
new_sa.sa.sa_flags = SA_ONESHOT | SA_NOMASK;
|
2006-02-09 20:41:41 +01:00
|
|
|
sigemptyset(&new_sa.sa.sa_mask);
|
2005-04-17 00:20:36 +02:00
|
|
|
|
|
|
|
ret = do_sigaction(sig, &new_sa, &old_sa);
|
|
|
|
|
|
|
|
return ret ? ret : (unsigned long)old_sa.sa.sa_handler;
|
|
|
|
}
|
|
|
|
#endif /* __ARCH_WANT_SYS_SIGNAL */
|
|
|
|
|
|
|
|
#ifdef __ARCH_WANT_SYS_PAUSE
|
|
|
|
|
2009-01-14 14:14:11 +01:00
|
|
|
SYSCALL_DEFINE0(pause)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
|
|
|
current->state = TASK_INTERRUPTIBLE;
|
|
|
|
schedule();
|
|
|
|
return -ERESTARTNOHAND;
|
|
|
|
}
|
|
|
|
|
|
|
|
#endif
|
|
|
|
|
2006-01-19 02:43:57 +01:00
|
|
|
#ifdef __ARCH_WANT_SYS_RT_SIGSUSPEND
|
2009-01-14 14:14:34 +01:00
|
|
|
SYSCALL_DEFINE2(rt_sigsuspend, sigset_t __user *, unewset, size_t, sigsetsize)
|
2006-01-19 02:43:57 +01:00
|
|
|
{
|
|
|
|
sigset_t newset;
|
|
|
|
|
|
|
|
/* XXX: Don't preclude handling different sized sigset_t's. */
|
|
|
|
if (sigsetsize != sizeof(sigset_t))
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
if (copy_from_user(&newset, unewset, sizeof(newset)))
|
|
|
|
return -EFAULT;
|
|
|
|
sigdelsetmask(&newset, sigmask(SIGKILL)|sigmask(SIGSTOP));
|
|
|
|
|
|
|
|
spin_lock_irq(¤t->sighand->siglock);
|
|
|
|
current->saved_sigmask = current->blocked;
|
|
|
|
current->blocked = newset;
|
|
|
|
recalc_sigpending();
|
|
|
|
spin_unlock_irq(¤t->sighand->siglock);
|
|
|
|
|
|
|
|
current->state = TASK_INTERRUPTIBLE;
|
|
|
|
schedule();
|
2008-04-30 09:53:06 +02:00
|
|
|
set_restore_sigmask();
|
2006-01-19 02:43:57 +01:00
|
|
|
return -ERESTARTNOHAND;
|
|
|
|
}
|
|
|
|
#endif /* __ARCH_WANT_SYS_RT_SIGSUSPEND */
|
|
|
|
|
2006-09-27 10:50:23 +02:00
|
|
|
__attribute__((weak)) const char *arch_vma_name(struct vm_area_struct *vma)
|
|
|
|
{
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2005-04-17 00:20:36 +02:00
|
|
|
void __init signals_init(void)
|
|
|
|
{
|
2007-05-06 23:49:57 +02:00
|
|
|
sigqueue_cachep = KMEM_CACHE(sigqueue, SLAB_PANIC);
|
2005-04-17 00:20:36 +02:00
|
|
|
}
|