aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorOleg Nesterov <oleg@redhat.com>2009-04-02 19:58:00 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2009-04-02 22:04:58 -0400
commit43918f2bf4806675943416d539d9d5e4d585ebff (patch)
tree1de2ea08eed647b181b7f008f95e4bc4ec34c343
parent90bc8d8b1a38f1ab131a2399a202e1889db95de8 (diff)
signals: remove 'handler' parameter to tracehook functions
Container-init must behave like global-init to processes within the container and hence it must be immune to unhandled fatal signals from within the container (i.e SIG_DFL signals that terminate the process). But the same container-init must behave like a normal process to processes in ancestor namespaces and so if it receives the same fatal signal from a process in ancestor namespace, the signal must be processed. Implementing these semantics requires that send_signal() determine pid namespace of the sender but since signals can originate from workqueues/ interrupt-handlers, determining pid namespace of sender may not always be possible or safe. This patchset implements the design/simplified semantics suggested by Oleg Nesterov. The simplified semantics for container-init are: - container-init must never be terminated by a signal from a descendant process. - container-init must never be immune to SIGKILL from an ancestor namespace (so a process in parent namespace must always be able to terminate a descendant container). - container-init may be immune to unhandled fatal signals (like SIGUSR1) even if they are from ancestor namespace. SIGKILL/SIGSTOP are the only reliable signals to a container-init from ancestor namespace. This patch: Based on an earlier patch submitted by Oleg Nesterov and comments from Roland McGrath (http://lkml.org/lkml/2008/11/19/258). The handler parameter is currently unused in the tracehook functions. Besides, the tracehook functions are called with siglock held, so the functions can check the handler if they later need to. Removing the parameter simiplifies changes to sig_ignored() in a follow-on patch. Signed-off-by: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com> Acked-by: Roland McGrath <roland@redhat.com> Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Daniel Lezcano <daniel.lezcano@free.fr> Cc: Ingo Molnar <mingo@elte.hu> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: "H. Peter Anvin" <hpa@zytor.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--arch/x86/kernel/ptrace.c2
-rw-r--r--include/linux/tracehook.h13
-rw-r--r--kernel/signal.c6
3 files changed, 8 insertions, 13 deletions
diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c
index 19378715f415..b7cc21bc6ae0 100644
--- a/arch/x86/kernel/ptrace.c
+++ b/arch/x86/kernel/ptrace.c
@@ -1455,6 +1455,6 @@ asmregparm void syscall_trace_leave(struct pt_regs *regs)
1455 * system call instruction. 1455 * system call instruction.
1456 */ 1456 */
1457 if (test_thread_flag(TIF_SINGLESTEP) && 1457 if (test_thread_flag(TIF_SINGLESTEP) &&
1458 tracehook_consider_fatal_signal(current, SIGTRAP, SIG_DFL)) 1458 tracehook_consider_fatal_signal(current, SIGTRAP))
1459 send_sigtrap(current, regs, 0, TRAP_BRKPT); 1459 send_sigtrap(current, regs, 0, TRAP_BRKPT);
1460} 1460}
diff --git a/include/linux/tracehook.h b/include/linux/tracehook.h
index 6186a789d6c7..eb4c6545b384 100644
--- a/include/linux/tracehook.h
+++ b/include/linux/tracehook.h
@@ -388,17 +388,14 @@ static inline void tracehook_signal_handler(int sig, siginfo_t *info,
388 * tracehook_consider_ignored_signal - suppress short-circuit of ignored signal 388 * tracehook_consider_ignored_signal - suppress short-circuit of ignored signal
389 * @task: task receiving the signal 389 * @task: task receiving the signal
390 * @sig: signal number being sent 390 * @sig: signal number being sent
391 * @handler: %SIG_IGN or %SIG_DFL
392 * 391 *
393 * Return zero iff tracing doesn't care to examine this ignored signal, 392 * Return zero iff tracing doesn't care to examine this ignored signal,
394 * so it can short-circuit normal delivery and never even get queued. 393 * so it can short-circuit normal delivery and never even get queued.
395 * Either @handler is %SIG_DFL and @sig's default is ignore, or it's %SIG_IGN.
396 * 394 *
397 * Called with @task->sighand->siglock held. 395 * Called with @task->sighand->siglock held.
398 */ 396 */
399static inline int tracehook_consider_ignored_signal(struct task_struct *task, 397static inline int tracehook_consider_ignored_signal(struct task_struct *task,
400 int sig, 398 int sig)
401 void __user *handler)
402{ 399{
403 return (task_ptrace(task) & PT_PTRACED) != 0; 400 return (task_ptrace(task) & PT_PTRACED) != 0;
404} 401}
@@ -407,19 +404,17 @@ static inline int tracehook_consider_ignored_signal(struct task_struct *task,
407 * tracehook_consider_fatal_signal - suppress special handling of fatal signal 404 * tracehook_consider_fatal_signal - suppress special handling of fatal signal
408 * @task: task receiving the signal 405 * @task: task receiving the signal
409 * @sig: signal number being sent 406 * @sig: signal number being sent
410 * @handler: %SIG_DFL or %SIG_IGN
411 * 407 *
412 * Return nonzero to prevent special handling of this termination signal. 408 * Return nonzero to prevent special handling of this termination signal.
413 * Normally @handler is %SIG_DFL. It can be %SIG_IGN if @sig is ignored, 409 * Normally handler for signal is %SIG_DFL. It can be %SIG_IGN if @sig is
414 * in which case force_sig() is about to reset it to %SIG_DFL. 410 * ignored, in which case force_sig() is about to reset it to %SIG_DFL.
415 * When this returns zero, this signal might cause a quick termination 411 * When this returns zero, this signal might cause a quick termination
416 * that does not give the debugger a chance to intercept the signal. 412 * that does not give the debugger a chance to intercept the signal.
417 * 413 *
418 * Called with or without @task->sighand->siglock held. 414 * Called with or without @task->sighand->siglock held.
419 */ 415 */
420static inline int tracehook_consider_fatal_signal(struct task_struct *task, 416static inline int tracehook_consider_fatal_signal(struct task_struct *task,
421 int sig, 417 int sig)
422 void __user *handler)
423{ 418{
424 return (task_ptrace(task) & PT_PTRACED) != 0; 419 return (task_ptrace(task) & PT_PTRACED) != 0;
425} 420}
diff --git a/kernel/signal.c b/kernel/signal.c
index 1c8814481a11..92a1ab004498 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -74,7 +74,7 @@ static int sig_ignored(struct task_struct *t, int sig)
74 /* 74 /*
75 * Tracers may want to know about even ignored signals. 75 * Tracers may want to know about even ignored signals.
76 */ 76 */
77 return !tracehook_consider_ignored_signal(t, sig, handler); 77 return !tracehook_consider_ignored_signal(t, sig);
78} 78}
79 79
80/* 80/*
@@ -318,7 +318,7 @@ int unhandled_signal(struct task_struct *tsk, int sig)
318 return 1; 318 return 1;
319 if (handler != SIG_IGN && handler != SIG_DFL) 319 if (handler != SIG_IGN && handler != SIG_DFL)
320 return 0; 320 return 0;
321 return !tracehook_consider_fatal_signal(tsk, sig, handler); 321 return !tracehook_consider_fatal_signal(tsk, sig);
322} 322}
323 323
324 324
@@ -777,7 +777,7 @@ static void complete_signal(int sig, struct task_struct *p, int group)
777 !(signal->flags & (SIGNAL_UNKILLABLE | SIGNAL_GROUP_EXIT)) && 777 !(signal->flags & (SIGNAL_UNKILLABLE | SIGNAL_GROUP_EXIT)) &&
778 !sigismember(&t->real_blocked, sig) && 778 !sigismember(&t->real_blocked, sig) &&
779 (sig == SIGKILL || 779 (sig == SIGKILL ||
780 !tracehook_consider_fatal_signal(t, sig, SIG_DFL))) { 780 !tracehook_consider_fatal_signal(t, sig))) {
781 /* 781 /*
782 * This signal will be fatal to the whole group. 782 * This signal will be fatal to the whole group.
783 */ 783 */