1 files changed, 174 insertions, 75 deletions
diff --git a/kernel/signal.c b/kernel/signal.c
index 35e97f4073c2..91cb8ca41954 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -1057,29 +1057,8 @@ static inline bool legacy_queue(struct sigpending *signals, int sig)
        return (sig < SIGRTMIN) && sigismember(&signals->signal, sig);
 }
-#ifdef CONFIG_USER_NS
-static inline void userns_fixup_signal_uid(struct kernel_siginfo *info, struct task_struct *t)
-{
-        if (current_user_ns() == task_cred_xxx(t, user_ns))
-                return;
-        if (SI_FROMKERNEL(info))
-                return;
-        rcu_read_lock();
-        info->si_uid = from_kuid_munged(task_cred_xxx(t, user_ns),
-                                        make_kuid(current_user_ns(), info->si_uid));
-        rcu_read_unlock();
-}
-#else
-static inline void userns_fixup_signal_uid(struct kernel_siginfo *info, struct task_struct *t)
-{
-        return;
-}
-#endif
 static int __send_signal(int sig, struct kernel_siginfo *info, struct task_struct *t,
-                        enum pid_type type, int from_ancestor_ns)
+                        enum pid_type type, bool force)
 {
        struct sigpending *pending;
        struct sigqueue *q;
@@ -1089,8 +1068,7 @@ static int __send_signal(int sig, struct kernel_siginfo *info, struct task_struc
        assert_spin_locked(&t->sighand->siglock);
        result = TRACE_SIGNAL_IGNORED;
-        if (!prepare_signal(sig, t,
+        if (!prepare_signal(sig, t, force))
-                        from_ancestor_ns || (info == SEND_SIG_PRIV)))
                goto ret;
        pending = (type != PIDTYPE_PID) ? &t->signal->shared_pending : &t->pending;
@@ -1135,7 +1113,11 @@ static int __send_signal(int sig, struct kernel_siginfo *info, struct task_struc
                        q->info.si_code = SI_USER;
                        q->info.si_pid = task_tgid_nr_ns(current,
                                                        task_active_pid_ns(t));
-                        q->info.si_uid = from_kuid_munged(current_user_ns(), current_uid());
+                        rcu_read_lock();
+                        q->info.si_uid =
+                                from_kuid_munged(task_cred_xxx(t, user_ns),
+                                                 current_uid());
+                        rcu_read_unlock();
                        break;
                case (unsigned long) SEND_SIG_PRIV:
                        clear_siginfo(&q->info);
@@ -1147,30 +1129,24 @@ static int __send_signal(int sig, struct kernel_siginfo *info, struct task_struc
                        break;
                default:
                        copy_siginfo(&q->info, info);
-                        if (from_ancestor_ns)
-                                q->info.si_pid = 0;
                        break;
                }
+        } else if (!is_si_special(info) &&
-                userns_fixup_signal_uid(&q->info, t);
+                   sig >= SIGRTMIN && info->si_code != SI_USER) {
+                /*
-        } else if (!is_si_special(info)) {
+                 * Queue overflow, abort.  We may abort if the
-                if (sig >= SIGRTMIN && info->si_code != SI_USER) {
+                 * signal was rt and sent by user using something
-                        /*
+                 * other than kill().
-                         * Queue overflow, abort.  We may abort if the
+                 */
-                         * signal was rt and sent by user using something
+                result = TRACE_SIGNAL_OVERFLOW_FAIL;
-                         * other than kill().
+                ret = -EAGAIN;
-                         */
+                goto ret;
-                        result = TRACE_SIGNAL_OVERFLOW_FAIL;
+        } else {
-                        ret = -EAGAIN;
+                /*
-                        goto ret;
+                 * This is a silent loss of information.  We still
-                } else {
+                 * send the signal, but the *info bits are lost.
-                        /*
+                 */
-                         * This is a silent loss of information.  We still
+                result = TRACE_SIGNAL_LOSE_INFO;
-                         * send the signal, but the *info bits are lost.
-                         */
-                        result = TRACE_SIGNAL_LOSE_INFO;
-                }
        }
 out_set:
@@ -1197,17 +1173,62 @@ ret:
        return ret;
 }
+static inline bool has_si_pid_and_uid(struct kernel_siginfo *info)
+{
+        bool ret = false;
+        switch (siginfo_layout(info->si_signo, info->si_code)) {
+        case SIL_KILL:
+        case SIL_CHLD:
+        case SIL_RT:
+                ret = true;
+                break;
+        case SIL_TIMER:
+        case SIL_POLL:
+        case SIL_FAULT:
+        case SIL_FAULT_MCEERR:
+        case SIL_FAULT_BNDERR:
+        case SIL_FAULT_PKUERR:
+        case SIL_SYS:
+                ret = false;
+                break;
+        }
+        return ret;
+}
 static int send_signal(int sig, struct kernel_siginfo *info, struct task_struct *t,
                        enum pid_type type)
 {
-        int from_ancestor_ns = 0;
+        /* Should SIGKILL or SIGSTOP be received by a pid namespace init? */
+        bool force = false;
-#ifdef CONFIG_PID_NS
+        if (info == SEND_SIG_NOINFO) {
-        from_ancestor_ns = si_fromuser(info) &&
+                /* Force if sent from an ancestor pid namespace */
-                           !task_pid_nr_ns(current, task_active_pid_ns(t));
+                force = !task_pid_nr_ns(current, task_active_pid_ns(t));
-#endif
+        } else if (info == SEND_SIG_PRIV) {
+                /* Don't ignore kernel generated signals */
+                force = true;
+        } else if (has_si_pid_and_uid(info)) {
+                /* SIGKILL and SIGSTOP is special or has ids */
+                struct user_namespace *t_user_ns;
+                rcu_read_lock();
+                t_user_ns = task_cred_xxx(t, user_ns);
+                if (current_user_ns() != t_user_ns) {
+                        kuid_t uid = make_kuid(current_user_ns(), info->si_uid);
+                        info->si_uid = from_kuid_munged(t_user_ns, uid);
+                }
+                rcu_read_unlock();
-        return __send_signal(sig, info, t, type, from_ancestor_ns);
+                /* A kernel generated signal? */
+                force = (info->si_code == SI_KERNEL);
+                /* From an ancestor pid namespace? */
+                if (!task_pid_nr_ns(current, task_active_pid_ns(t))) {
+                        info->si_pid = 0;
+                        force = true;
+                }
+        }
+        return __send_signal(sig, info, t, type, force);
 }
 static void print_fatal_signal(int signr)
@@ -1274,12 +1295,13 @@ int do_send_sig_info(int sig, struct kernel_siginfo *info, struct task_struct *p
 * We don't want to have recursive SIGSEGV's etc, for example,
 * that is why we also clear SIGNAL_UNKILLABLE.
 */
-int
+static int
-force_sig_info(int sig, struct kernel_siginfo *info, struct task_struct *t)
+force_sig_info_to_task(struct kernel_siginfo *info, struct task_struct *t)
 {
        unsigned long int flags;
        int ret, blocked, ignored;
        struct k_sigaction *action;
+        int sig = info->si_signo;
        spin_lock_irqsave(&t->sighand->siglock, flags);
        action = &t->sighand->action[sig-1];
@@ -1304,6 +1326,11 @@ force_sig_info(int sig, struct kernel_siginfo *info, struct task_struct *t)
        return ret;
 }
+int force_sig_info(struct kernel_siginfo *info)
+{
+        return force_sig_info_to_task(info, current);
+}
 /*
 * Nuke all other threads in the group.
 */
@@ -1440,13 +1467,44 @@ static inline bool kill_as_cred_perm(const struct cred *cred,
               uid_eq(cred->uid, pcred->uid);
 }
-/* like kill_pid_info(), but doesn't use uid/euid of "current" */
+/*
-int kill_pid_info_as_cred(int sig, struct kernel_siginfo *info, struct pid *pid,
+ * The usb asyncio usage of siginfo is wrong.  The glibc support
-                         const struct cred *cred)
+ * for asyncio which uses SI_ASYNCIO assumes the layout is SIL_RT.
+ * AKA after the generic fields:
+ *      kernel_pid_t    si_pid;
+ *      kernel_uid32_t  si_uid;
+ *      sigval_t        si_value;
+ *
+ * Unfortunately when usb generates SI_ASYNCIO it assumes the layout
+ * after the generic fields is:
+ *      void __user     *si_addr;
+ *
+ * This is a practical problem when there is a 64bit big endian kernel
+ * and a 32bit userspace.  As the 32bit address will encoded in the low
+ * 32bits of the pointer.  Those low 32bits will be stored at higher
+ * address than appear in a 32 bit pointer.  So userspace will not
+ * see the address it was expecting for it's completions.
+ *
+ * There is nothing in the encoding that can allow
+ * copy_siginfo_to_user32 to detect this confusion of formats, so
+ * handle this by requiring the caller of kill_pid_usb_asyncio to
+ * notice when this situration takes place and to store the 32bit
+ * pointer in sival_int, instead of sival_addr of the sigval_t addr
+ * parameter.
+ */
+int kill_pid_usb_asyncio(int sig, int errno, sigval_t addr,
+                         struct pid *pid, const struct cred *cred)
 {
-        int ret = -EINVAL;
+        struct kernel_siginfo info;
        struct task_struct *p;
        unsigned long flags;
+        int ret = -EINVAL;
+        clear_siginfo(&info);
+        info.si_signo = sig;
+        info.si_errno = errno;
+        info.si_code = SI_ASYNCIO;
+        *((sigval_t *)&info.si_pid) = addr;
        if (!valid_signal(sig))
                return ret;
@@ -1457,17 +1515,17 @@ int kill_pid_info_as_cred(int sig, struct kernel_siginfo *info, struct pid *pid,
                ret = -ESRCH;
                goto out_unlock;
        }
-        if (si_fromuser(info) && !kill_as_cred_perm(cred, p)) {
+        if (!kill_as_cred_perm(cred, p)) {
                ret = -EPERM;
                goto out_unlock;
        }
-        ret = security_task_kill(p, info, sig, cred);
+        ret = security_task_kill(p, &info, sig, cred);
        if (ret)
                goto out_unlock;
        if (sig) {
                if (lock_task_sighand(p, &flags)) {
-                        ret = __send_signal(sig, info, p, PIDTYPE_TGID, 0);
+                        ret = __send_signal(sig, &info, p, PIDTYPE_TGID, false);
                        unlock_task_sighand(p, &flags);
                } else
                        ret = -ESRCH;
@@ -1476,7 +1534,7 @@ out_unlock:
        rcu_read_unlock();
        return ret;
 }
-EXPORT_SYMBOL_GPL(kill_pid_info_as_cred);
+EXPORT_SYMBOL_GPL(kill_pid_usb_asyncio);
 /*
 * kill_something_info() interprets pid in interesting ways just like kill(2).
@@ -1552,9 +1610,17 @@ send_sig(int sig, struct task_struct *p, int priv)
 }
 EXPORT_SYMBOL(send_sig);
-void force_sig(int sig, struct task_struct *p)
+void force_sig(int sig)
 {
-        force_sig_info(sig, SEND_SIG_PRIV, p);
+        struct kernel_siginfo info;
+        clear_siginfo(&info);
+        info.si_signo = sig;
+        info.si_errno = 0;
+        info.si_code = SI_KERNEL;
+        info.si_pid = 0;
+        info.si_uid = 0;
+        force_sig_info(&info);
 }
 EXPORT_SYMBOL(force_sig);
@@ -1564,18 +1630,20 @@ EXPORT_SYMBOL(force_sig);
 * the problem was already a SIGSEGV, we'll want to
 * make sure we don't even try to deliver the signal..
 */
-void force_sigsegv(int sig, struct task_struct *p)
+void force_sigsegv(int sig)
 {
+        struct task_struct *p = current;
        if (sig == SIGSEGV) {
                unsigned long flags;
                spin_lock_irqsave(&p->sighand->siglock, flags);
                p->sighand->action[sig - 1].sa.sa_handler = SIG_DFL;
                spin_unlock_irqrestore(&p->sighand->siglock, flags);
        }
-        force_sig(SIGSEGV, p);
+        force_sig(SIGSEGV);
 }
-int force_sig_fault(int sig, int code, void __user *addr
+int force_sig_fault_to_task(int sig, int code, void __user *addr
        ___ARCH_SI_TRAPNO(int trapno)
        ___ARCH_SI_IA64(int imm, unsigned int flags, unsigned long isr)
        , struct task_struct *t)
@@ -1595,7 +1663,16 @@ int force_sig_fault(int sig, int code, void __user *addr
        info.si_flags = flags;
        info.si_isr = isr;
 #endif
-        return force_sig_info(info.si_signo, &info, t);
+        return force_sig_info_to_task(&info, t);
+}
+int force_sig_fault(int sig, int code, void __user *addr
+        ___ARCH_SI_TRAPNO(int trapno)
+        ___ARCH_SI_IA64(int imm, unsigned int flags, unsigned long isr))
+{
+        return force_sig_fault_to_task(sig, code, addr
+                                       ___ARCH_SI_TRAPNO(trapno)
+                                       ___ARCH_SI_IA64(imm, flags, isr), current);
 }
 int send_sig_fault(int sig, int code, void __user *addr
@@ -1621,7 +1698,7 @@ int send_sig_fault(int sig, int code, void __user *addr
        return send_sig_info(info.si_signo, &info, t);
 }
-int force_sig_mceerr(int code, void __user *addr, short lsb, struct task_struct *t)
+int force_sig_mceerr(int code, void __user *addr, short lsb)
 {
        struct kernel_siginfo info;
@@ -1632,7 +1709,7 @@ int force_sig_mceerr(int code, void __user *addr, short lsb, struct task_struct
        info.si_code = code;
        info.si_addr = addr;
        info.si_addr_lsb = lsb;
-        return force_sig_info(info.si_signo, &info, t);
+        return force_sig_info(&info);
 }
 int send_sig_mceerr(int code, void __user *addr, short lsb, struct task_struct *t)
@@ -1661,7 +1738,7 @@ int force_sig_bnderr(void __user *addr, void __user *lower, void __user *upper)
        info.si_addr  = addr;
        info.si_lower = lower;
        info.si_upper = upper;
-        return force_sig_info(info.si_signo, &info, current);
+        return force_sig_info(&info);
 }
 #ifdef SEGV_PKUERR
@@ -1675,7 +1752,7 @@ int force_sig_pkuerr(void __user *addr, u32 pkey)
        info.si_code  = SEGV_PKUERR;
        info.si_addr  = addr;
        info.si_pkey  = pkey;
-        return force_sig_info(info.si_signo, &info, current);
+        return force_sig_info(&info);
 }
 #endif
@@ -1691,7 +1768,7 @@ int force_sig_ptrace_errno_trap(int errno, void __user *addr)
        info.si_errno = errno;
        info.si_code  = TRAP_HWBKPT;
        info.si_addr  = addr;
-        return force_sig_info(info.si_signo, &info, current);
+        return force_sig_info(&info);
 }
 int kill_pgrp(struct pid *pid, int sig, int priv)
@@ -2676,7 +2753,7 @@ static void signal_delivered(struct ksignal *ksig, int stepping)
 void signal_setup_done(int failed, struct ksignal *ksig, int stepping)
 {
        if (failed)
-                force_sigsegv(ksig->sig, current);
+                force_sigsegv(ksig->sig);
        else
                signal_delivered(ksig, stepping);
 }
@@ -4477,6 +4554,28 @@ static inline void siginfo_buildtime_checks(void)
        CHECK_OFFSET(si_syscall);
        CHECK_OFFSET(si_arch);
 #undef CHECK_OFFSET
+        /* usb asyncio */
+        BUILD_BUG_ON(offsetof(struct siginfo, si_pid) !=
+                     offsetof(struct siginfo, si_addr));
+        if (sizeof(int) == sizeof(void __user *)) {
+                BUILD_BUG_ON(sizeof_field(struct siginfo, si_pid) !=
+                             sizeof(void __user *));
+        } else {
+                BUILD_BUG_ON((sizeof_field(struct siginfo, si_pid) +
+                              sizeof_field(struct siginfo, si_uid)) !=
+                             sizeof(void __user *));
+                BUILD_BUG_ON(offsetofend(struct siginfo, si_pid) !=
+                             offsetof(struct siginfo, si_uid));
+        }
+#ifdef CONFIG_COMPAT
+        BUILD_BUG_ON(offsetof(struct compat_siginfo, si_pid) !=
+                     offsetof(struct compat_siginfo, si_addr));
+        BUILD_BUG_ON(sizeof_field(struct compat_siginfo, si_pid) !=
+                     sizeof(compat_uptr_t));
+        BUILD_BUG_ON(sizeof_field(struct compat_siginfo, si_pid) !=
+                     sizeof_field(struct siginfo, si_pid));
+#endif
 }
 void __init signals_init(void)

diff --git a/kernel/signal.c b/kernel/signal.c index 35e97f4073c2..91cb8ca41954 100644 --- a/kernel/signal.c +++ b/kernel/signal.c
@@ -1057,29 +1057,8 @@ static inline bool legacy_queue(struct sigpending *signals, int sig)
1057	return (sig < SIGRTMIN) && sigismember(&signals->signal, sig);	1057	return (sig < SIGRTMIN) && sigismember(&signals->signal, sig);
1058	}	1058	}
1059		1059
1060	#ifdef CONFIG_USER_NS
1061	static inline void userns_fixup_signal_uid(struct kernel_siginfo info, struct task_struct t)
1062	{
1063	if (current_user_ns() == task_cred_xxx(t, user_ns))
1064	return;
1065
1066	if (SI_FROMKERNEL(info))
1067	return;
1068
1069	rcu_read_lock();
1070	info->si_uid = from_kuid_munged(task_cred_xxx(t, user_ns),
1071	make_kuid(current_user_ns(), info->si_uid));
1072	rcu_read_unlock();
1073	}
1074	#else
1075	static inline void userns_fixup_signal_uid(struct kernel_siginfo info, struct task_struct t)
1076	{
1077	return;
1078	}
1079	#endif
1080
1081	static int __send_signal(int sig, struct kernel_siginfo info, struct task_struct t,	1060	static int __send_signal(int sig, struct kernel_siginfo info, struct task_struct t,
1082	enum pid_type type, int from_ancestor_ns)	1061	enum pid_type type, bool force)
1083	{	1062	{
1084	struct sigpending *pending;	1063	struct sigpending *pending;
1085	struct sigqueue *q;	1064	struct sigqueue *q;
@@ -1089,8 +1068,7 @@ static int __send_signal(int sig, struct kernel_siginfo *info, struct task_struc
1089	assert_spin_locked(&t->sighand->siglock);	1068	assert_spin_locked(&t->sighand->siglock);
1090		1069
1091	result = TRACE_SIGNAL_IGNORED;	1070	result = TRACE_SIGNAL_IGNORED;
1092	if (!prepare_signal(sig, t,	1071	if (!prepare_signal(sig, t, force))
1093	from_ancestor_ns \|\| (info == SEND_SIG_PRIV)))
1094	goto ret;	1072	goto ret;
1095		1073
1096	pending = (type != PIDTYPE_PID) ? &t->signal->shared_pending : &t->pending;	1074	pending = (type != PIDTYPE_PID) ? &t->signal->shared_pending : &t->pending;
@@ -1135,7 +1113,11 @@ static int __send_signal(int sig, struct kernel_siginfo *info, struct task_struc
1135	q->info.si_code = SI_USER;	1113	q->info.si_code = SI_USER;
1136	q->info.si_pid = task_tgid_nr_ns(current,	1114	q->info.si_pid = task_tgid_nr_ns(current,
1137	task_active_pid_ns(t));	1115	task_active_pid_ns(t));
1138	q->info.si_uid = from_kuid_munged(current_user_ns(), current_uid());	1116	rcu_read_lock();
		1117	q->info.si_uid =
		1118	from_kuid_munged(task_cred_xxx(t, user_ns),
		1119	current_uid());
		1120	rcu_read_unlock();
1139	break;	1121	break;
1140	case (unsigned long) SEND_SIG_PRIV:	1122	case (unsigned long) SEND_SIG_PRIV:
1141	clear_siginfo(&q->info);	1123	clear_siginfo(&q->info);
@@ -1147,30 +1129,24 @@ static int __send_signal(int sig, struct kernel_siginfo *info, struct task_struc
1147	break;	1129	break;
1148	default:	1130	default:
1149	copy_siginfo(&q->info, info);	1131	copy_siginfo(&q->info, info);
1150	if (from_ancestor_ns)
1151	q->info.si_pid = 0;
1152	break;	1132	break;
1153	}	1133	}
1154		1134	} else if (!is_si_special(info) &&
1155	userns_fixup_signal_uid(&q->info, t);	1135	sig >= SIGRTMIN && info->si_code != SI_USER) {
1156		1136	/*
1157	} else if (!is_si_special(info)) {	1137	* Queue overflow, abort. We may abort if the
1158	if (sig >= SIGRTMIN && info->si_code != SI_USER) {	1138	* signal was rt and sent by user using something
1159	/*	1139	* other than kill().
1160	* Queue overflow, abort. We may abort if the	1140	*/
1161	* signal was rt and sent by user using something	1141	result = TRACE_SIGNAL_OVERFLOW_FAIL;
1162	* other than kill().	1142	ret = -EAGAIN;
1163	*/	1143	goto ret;
1164	result = TRACE_SIGNAL_OVERFLOW_FAIL;	1144	} else {
1165	ret = -EAGAIN;	1145	/*
1166	goto ret;	1146	* This is a silent loss of information. We still
1167	} else {	1147	* send the signal, but the *info bits are lost.
1168	/*	1148	*/
1169	* This is a silent loss of information. We still	1149	result = TRACE_SIGNAL_LOSE_INFO;
1170	* send the signal, but the *info bits are lost.
1171	*/
1172	result = TRACE_SIGNAL_LOSE_INFO;
1173	}
1174	}	1150	}
1175		1151
1176	out_set:	1152	out_set:
@@ -1197,17 +1173,62 @@ ret:
1197	return ret;	1173	return ret;
1198	}	1174	}
1199		1175
		1176	static inline bool has_si_pid_and_uid(struct kernel_siginfo *info)
		1177	{
		1178	bool ret = false;
		1179	switch (siginfo_layout(info->si_signo, info->si_code)) {
		1180	case SIL_KILL:
		1181	case SIL_CHLD:
		1182	case SIL_RT:
		1183	ret = true;
		1184	break;
		1185	case SIL_TIMER:
		1186	case SIL_POLL:
		1187	case SIL_FAULT:
		1188	case SIL_FAULT_MCEERR:
		1189	case SIL_FAULT_BNDERR:
		1190	case SIL_FAULT_PKUERR:
		1191	case SIL_SYS:
		1192	ret = false;
		1193	break;
		1194	}
		1195	return ret;
		1196	}
		1197
1200	static int send_signal(int sig, struct kernel_siginfo info, struct task_struct t,	1198	static int send_signal(int sig, struct kernel_siginfo info, struct task_struct t,
1201	enum pid_type type)	1199	enum pid_type type)
1202	{	1200	{
1203	int from_ancestor_ns = 0;	1201	/* Should SIGKILL or SIGSTOP be received by a pid namespace init? */
		1202	bool force = false;
1204		1203
1205	#ifdef CONFIG_PID_NS	1204	if (info == SEND_SIG_NOINFO) {
1206	from_ancestor_ns = si_fromuser(info) &&	1205	/* Force if sent from an ancestor pid namespace */
1207	!task_pid_nr_ns(current, task_active_pid_ns(t));	1206	force = !task_pid_nr_ns(current, task_active_pid_ns(t));
1208	#endif	1207	} else if (info == SEND_SIG_PRIV) {
		1208	/* Don't ignore kernel generated signals */
		1209	force = true;
		1210	} else if (has_si_pid_and_uid(info)) {
		1211	/* SIGKILL and SIGSTOP is special or has ids */
		1212	struct user_namespace *t_user_ns;
		1213
		1214	rcu_read_lock();
		1215	t_user_ns = task_cred_xxx(t, user_ns);
		1216	if (current_user_ns() != t_user_ns) {
		1217	kuid_t uid = make_kuid(current_user_ns(), info->si_uid);
		1218	info->si_uid = from_kuid_munged(t_user_ns, uid);
		1219	}
		1220	rcu_read_unlock();
1209		1221
1210	return __send_signal(sig, info, t, type, from_ancestor_ns);	1222	/* A kernel generated signal? */
		1223	force = (info->si_code == SI_KERNEL);
		1224
		1225	/* From an ancestor pid namespace? */
		1226	if (!task_pid_nr_ns(current, task_active_pid_ns(t))) {
		1227	info->si_pid = 0;
		1228	force = true;
		1229	}
		1230	}
		1231	return __send_signal(sig, info, t, type, force);
1211	}	1232	}
1212		1233
1213	static void print_fatal_signal(int signr)	1234	static void print_fatal_signal(int signr)
@@ -1274,12 +1295,13 @@ int do_send_sig_info(int sig, struct kernel_siginfo info, struct task_struct p
1274	* We don't want to have recursive SIGSEGV's etc, for example,	1295	* We don't want to have recursive SIGSEGV's etc, for example,
1275	* that is why we also clear SIGNAL_UNKILLABLE.	1296	* that is why we also clear SIGNAL_UNKILLABLE.
1276	*/	1297	*/
1277	int	1298	static int
1278	force_sig_info(int sig, struct kernel_siginfo info, struct task_struct t)	1299	force_sig_info_to_task(struct kernel_siginfo info, struct task_struct t)
1279	{	1300	{
1280	unsigned long int flags;	1301	unsigned long int flags;
1281	int ret, blocked, ignored;	1302	int ret, blocked, ignored;
1282	struct k_sigaction *action;	1303	struct k_sigaction *action;
		1304	int sig = info->si_signo;
1283		1305
1284	spin_lock_irqsave(&t->sighand->siglock, flags);	1306	spin_lock_irqsave(&t->sighand->siglock, flags);
1285	action = &t->sighand->action[sig-1];	1307	action = &t->sighand->action[sig-1];
@@ -1304,6 +1326,11 @@ force_sig_info(int sig, struct kernel_siginfo info, struct task_struct t)
1304	return ret;	1326	return ret;
1305	}	1327	}
1306		1328
		1329	int force_sig_info(struct kernel_siginfo *info)
		1330	{
		1331	return force_sig_info_to_task(info, current);
		1332	}
		1333
1307	/*	1334	/*
1308	* Nuke all other threads in the group.	1335	* Nuke all other threads in the group.
1309	*/	1336	*/
@@ -1440,13 +1467,44 @@ static inline bool kill_as_cred_perm(const struct cred *cred,
1440	uid_eq(cred->uid, pcred->uid);	1467	uid_eq(cred->uid, pcred->uid);
1441	}	1468	}
1442		1469
1443	/* like kill_pid_info(), but doesn't use uid/euid of "current" */	1470	/*
1444	int kill_pid_info_as_cred(int sig, struct kernel_siginfo info, struct pid pid,	1471	* The usb asyncio usage of siginfo is wrong. The glibc support
1445	const struct cred *cred)	1472	* for asyncio which uses SI_ASYNCIO assumes the layout is SIL_RT.
		1473	* AKA after the generic fields:
		1474	* kernel_pid_t si_pid;
		1475	* kernel_uid32_t si_uid;
		1476	* sigval_t si_value;
		1477	*
		1478	* Unfortunately when usb generates SI_ASYNCIO it assumes the layout
		1479	* after the generic fields is:
		1480	* void __user *si_addr;
		1481	*
		1482	* This is a practical problem when there is a 64bit big endian kernel
		1483	* and a 32bit userspace. As the 32bit address will encoded in the low
		1484	* 32bits of the pointer. Those low 32bits will be stored at higher
		1485	* address than appear in a 32 bit pointer. So userspace will not
		1486	* see the address it was expecting for it's completions.
		1487	*
		1488	* There is nothing in the encoding that can allow
		1489	* copy_siginfo_to_user32 to detect this confusion of formats, so
		1490	* handle this by requiring the caller of kill_pid_usb_asyncio to
		1491	* notice when this situration takes place and to store the 32bit
		1492	* pointer in sival_int, instead of sival_addr of the sigval_t addr
		1493	* parameter.
		1494	*/
		1495	int kill_pid_usb_asyncio(int sig, int errno, sigval_t addr,
		1496	struct pid pid, const struct cred cred)
1446	{	1497	{
1447	int ret = -EINVAL;	1498	struct kernel_siginfo info;
1448	struct task_struct *p;	1499	struct task_struct *p;
1449	unsigned long flags;	1500	unsigned long flags;
		1501	int ret = -EINVAL;
		1502
		1503	clear_siginfo(&info);
		1504	info.si_signo = sig;
		1505	info.si_errno = errno;
		1506	info.si_code = SI_ASYNCIO;
		1507	((sigval_t )&info.si_pid) = addr;
1450		1508
1451	if (!valid_signal(sig))	1509	if (!valid_signal(sig))
1452	return ret;	1510	return ret;
@@ -1457,17 +1515,17 @@ int kill_pid_info_as_cred(int sig, struct kernel_siginfo info, struct pid pid,
1457	ret = -ESRCH;	1515	ret = -ESRCH;
1458	goto out_unlock;	1516	goto out_unlock;
1459	}	1517	}
1460	if (si_fromuser(info) && !kill_as_cred_perm(cred, p)) {	1518	if (!kill_as_cred_perm(cred, p)) {
1461	ret = -EPERM;	1519	ret = -EPERM;
1462	goto out_unlock;	1520	goto out_unlock;
1463	}	1521	}
1464	ret = security_task_kill(p, info, sig, cred);	1522	ret = security_task_kill(p, &info, sig, cred);
1465	if (ret)	1523	if (ret)
1466	goto out_unlock;	1524	goto out_unlock;
1467		1525
1468	if (sig) {	1526	if (sig) {
1469	if (lock_task_sighand(p, &flags)) {	1527	if (lock_task_sighand(p, &flags)) {
1470	ret = __send_signal(sig, info, p, PIDTYPE_TGID, 0);	1528	ret = __send_signal(sig, &info, p, PIDTYPE_TGID, false);
1471	unlock_task_sighand(p, &flags);	1529	unlock_task_sighand(p, &flags);
1472	} else	1530	} else
1473	ret = -ESRCH;	1531	ret = -ESRCH;
@@ -1476,7 +1534,7 @@ out_unlock:
1476	rcu_read_unlock();	1534	rcu_read_unlock();
1477	return ret;	1535	return ret;
1478	}	1536	}
1479	EXPORT_SYMBOL_GPL(kill_pid_info_as_cred);	1537	EXPORT_SYMBOL_GPL(kill_pid_usb_asyncio);
1480		1538
1481	/*	1539	/*
1482	* kill_something_info() interprets pid in interesting ways just like kill(2).	1540	* kill_something_info() interprets pid in interesting ways just like kill(2).
@@ -1552,9 +1610,17 @@ send_sig(int sig, struct task_struct *p, int priv)
1552	}	1610	}
1553	EXPORT_SYMBOL(send_sig);	1611	EXPORT_SYMBOL(send_sig);
1554		1612
1555	void force_sig(int sig, struct task_struct *p)	1613	void force_sig(int sig)
1556	{	1614	{
1557	force_sig_info(sig, SEND_SIG_PRIV, p);	1615	struct kernel_siginfo info;
		1616
		1617	clear_siginfo(&info);
		1618	info.si_signo = sig;
		1619	info.si_errno = 0;
		1620	info.si_code = SI_KERNEL;
		1621	info.si_pid = 0;
		1622	info.si_uid = 0;
		1623	force_sig_info(&info);
1558	}	1624	}
1559	EXPORT_SYMBOL(force_sig);	1625	EXPORT_SYMBOL(force_sig);
1560		1626
@@ -1564,18 +1630,20 @@ EXPORT_SYMBOL(force_sig);
1564	* the problem was already a SIGSEGV, we'll want to	1630	* the problem was already a SIGSEGV, we'll want to
1565	* make sure we don't even try to deliver the signal..	1631	* make sure we don't even try to deliver the signal..
1566	*/	1632	*/
1567	void force_sigsegv(int sig, struct task_struct *p)	1633	void force_sigsegv(int sig)
1568	{	1634	{
		1635	struct task_struct *p = current;
		1636
1569	if (sig == SIGSEGV) {	1637	if (sig == SIGSEGV) {
1570	unsigned long flags;	1638	unsigned long flags;
1571	spin_lock_irqsave(&p->sighand->siglock, flags);	1639	spin_lock_irqsave(&p->sighand->siglock, flags);
1572	p->sighand->action[sig - 1].sa.sa_handler = SIG_DFL;	1640	p->sighand->action[sig - 1].sa.sa_handler = SIG_DFL;
1573	spin_unlock_irqrestore(&p->sighand->siglock, flags);	1641	spin_unlock_irqrestore(&p->sighand->siglock, flags);
1574	}	1642	}
1575	force_sig(SIGSEGV, p);	1643	force_sig(SIGSEGV);
1576	}	1644	}
1577		1645
1578	int force_sig_fault(int sig, int code, void __user *addr	1646	int force_sig_fault_to_task(int sig, int code, void __user *addr
1579	___ARCH_SI_TRAPNO(int trapno)	1647	___ARCH_SI_TRAPNO(int trapno)
1580	___ARCH_SI_IA64(int imm, unsigned int flags, unsigned long isr)	1648	___ARCH_SI_IA64(int imm, unsigned int flags, unsigned long isr)
1581	, struct task_struct *t)	1649	, struct task_struct *t)
@@ -1595,7 +1663,16 @@ int force_sig_fault(int sig, int code, void __user *addr
1595	info.si_flags = flags;	1663	info.si_flags = flags;
1596	info.si_isr = isr;	1664	info.si_isr = isr;
1597	#endif	1665	#endif
1598	return force_sig_info(info.si_signo, &info, t);	1666	return force_sig_info_to_task(&info, t);
		1667	}
		1668
		1669	int force_sig_fault(int sig, int code, void __user *addr
		1670	___ARCH_SI_TRAPNO(int trapno)
		1671	___ARCH_SI_IA64(int imm, unsigned int flags, unsigned long isr))
		1672	{
		1673	return force_sig_fault_to_task(sig, code, addr
		1674	___ARCH_SI_TRAPNO(trapno)
		1675	___ARCH_SI_IA64(imm, flags, isr), current);
1599	}	1676	}
1600		1677
1601	int send_sig_fault(int sig, int code, void __user *addr	1678	int send_sig_fault(int sig, int code, void __user *addr
@@ -1621,7 +1698,7 @@ int send_sig_fault(int sig, int code, void __user *addr
1621	return send_sig_info(info.si_signo, &info, t);	1698	return send_sig_info(info.si_signo, &info, t);
1622	}	1699	}
1623		1700
1624	int force_sig_mceerr(int code, void __user addr, short lsb, struct task_struct t)	1701	int force_sig_mceerr(int code, void __user *addr, short lsb)
1625	{	1702	{
1626	struct kernel_siginfo info;	1703	struct kernel_siginfo info;
1627		1704
@@ -1632,7 +1709,7 @@ int force_sig_mceerr(int code, void __user *addr, short lsb, struct task_struct
1632	info.si_code = code;	1709	info.si_code = code;
1633	info.si_addr = addr;	1710	info.si_addr = addr;
1634	info.si_addr_lsb = lsb;	1711	info.si_addr_lsb = lsb;
1635	return force_sig_info(info.si_signo, &info, t);	1712	return force_sig_info(&info);
1636	}	1713	}
1637		1714
1638	int send_sig_mceerr(int code, void __user addr, short lsb, struct task_struct t)	1715	int send_sig_mceerr(int code, void __user addr, short lsb, struct task_struct t)
@@ -1661,7 +1738,7 @@ int force_sig_bnderr(void __user addr, void __user lower, void __user *upper)
1661	info.si_addr = addr;	1738	info.si_addr = addr;
1662	info.si_lower = lower;	1739	info.si_lower = lower;
1663	info.si_upper = upper;	1740	info.si_upper = upper;
1664	return force_sig_info(info.si_signo, &info, current);	1741	return force_sig_info(&info);
1665	}	1742	}
1666		1743
1667	#ifdef SEGV_PKUERR	1744	#ifdef SEGV_PKUERR
@@ -1675,7 +1752,7 @@ int force_sig_pkuerr(void __user *addr, u32 pkey)
1675	info.si_code = SEGV_PKUERR;	1752	info.si_code = SEGV_PKUERR;
1676	info.si_addr = addr;	1753	info.si_addr = addr;
1677	info.si_pkey = pkey;	1754	info.si_pkey = pkey;
1678	return force_sig_info(info.si_signo, &info, current);	1755	return force_sig_info(&info);
1679	}	1756	}
1680	#endif	1757	#endif
1681		1758
@@ -1691,7 +1768,7 @@ int force_sig_ptrace_errno_trap(int errno, void __user *addr)
1691	info.si_errno = errno;	1768	info.si_errno = errno;
1692	info.si_code = TRAP_HWBKPT;	1769	info.si_code = TRAP_HWBKPT;
1693	info.si_addr = addr;	1770	info.si_addr = addr;
1694	return force_sig_info(info.si_signo, &info, current);	1771	return force_sig_info(&info);
1695	}	1772	}
1696		1773
1697	int kill_pgrp(struct pid *pid, int sig, int priv)	1774	int kill_pgrp(struct pid *pid, int sig, int priv)
@@ -2676,7 +2753,7 @@ static void signal_delivered(struct ksignal *ksig, int stepping)
2676	void signal_setup_done(int failed, struct ksignal *ksig, int stepping)	2753	void signal_setup_done(int failed, struct ksignal *ksig, int stepping)
2677	{	2754	{
2678	if (failed)	2755	if (failed)
2679	force_sigsegv(ksig->sig, current);	2756	force_sigsegv(ksig->sig);
2680	else	2757	else
2681	signal_delivered(ksig, stepping);	2758	signal_delivered(ksig, stepping);
2682	}	2759	}
@@ -4477,6 +4554,28 @@ static inline void siginfo_buildtime_checks(void)
4477	CHECK_OFFSET(si_syscall);	4554	CHECK_OFFSET(si_syscall);
4478	CHECK_OFFSET(si_arch);	4555	CHECK_OFFSET(si_arch);
4479	#undef CHECK_OFFSET	4556	#undef CHECK_OFFSET
		4557
		4558	/* usb asyncio */
		4559	BUILD_BUG_ON(offsetof(struct siginfo, si_pid) !=
		4560	offsetof(struct siginfo, si_addr));
		4561	if (sizeof(int) == sizeof(void __user *)) {
		4562	BUILD_BUG_ON(sizeof_field(struct siginfo, si_pid) !=
		4563	sizeof(void __user *));
		4564	} else {
		4565	BUILD_BUG_ON((sizeof_field(struct siginfo, si_pid) +
		4566	sizeof_field(struct siginfo, si_uid)) !=
		4567	sizeof(void __user *));
		4568	BUILD_BUG_ON(offsetofend(struct siginfo, si_pid) !=
		4569	offsetof(struct siginfo, si_uid));
		4570	}
		4571	#ifdef CONFIG_COMPAT
		4572	BUILD_BUG_ON(offsetof(struct compat_siginfo, si_pid) !=
		4573	offsetof(struct compat_siginfo, si_addr));
		4574	BUILD_BUG_ON(sizeof_field(struct compat_siginfo, si_pid) !=
		4575	sizeof(compat_uptr_t));
		4576	BUILD_BUG_ON(sizeof_field(struct compat_siginfo, si_pid) !=
		4577	sizeof_field(struct siginfo, si_pid));
		4578	#endif
4480	}	4579	}
4481		4580
4482	void __init signals_init(void)	4581	void __init signals_init(void)