diff options
| author | Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com> | 2009-04-02 19:58:08 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2009-04-02 22:04:58 -0400 |
| commit | b3bfa0cba867f23365b81658b47efd906830879b (patch) | |
| tree | e54d9a9c4c23fc00bb2ff3ed57ef5317a0660ea5 /kernel/fork.c | |
| parent | e4da026f980df125a4918c3bb9fe93185c7ef12a (diff) | |
signals: protect cinit from blocked fatal signals
Normally SIG_DFL signals to global and container-init are dropped early.
But if a signal is blocked when it is posted, we cannot drop the signal
since the receiver may install a handler before unblocking the signal.
Once this signal is queued however, the receiver container-init has no way
of knowing if the signal was sent from an ancestor or descendant
namespace. This patch ensures that contianer-init drops all SIG_DFL
signals in get_signal_to_deliver() except SIGKILL/SIGSTOP.
If SIGSTOP/SIGKILL originate from a descendant of container-init they are
never queued (i.e dropped in sig_ignored() in an earler patch).
If SIGSTOP/SIGKILL originate from parent namespace, the signal is queued
and container-init processes the signal.
IOW, if get_signal_to_deliver() sees a sig_kernel_only() signal for global
or container-init, the signal must have been generated internally or must
have come from an ancestor ns and we process the signal.
Further, the signal_group_exit() check was needed to cover the case of a
multi-threaded init sending SIGKILL to other threads when doing an exit()
or exec(). But since the new sig_kernel_only() check covers the SIGKILL,
the signal_group_exit() check is no longer needed and can be removed.
Finally, now that we have all pieces in place, set SIGNAL_UNKILLABLE for
container-inits.
Signed-off-by: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
Cc: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Roland McGrath <roland@redhat.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Daniel Lezcano <daniel.lezcano@free.fr>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'kernel/fork.c')
| -rw-r--r-- | kernel/fork.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/kernel/fork.c b/kernel/fork.c index d7eb727eb535..adbea16ec649 100644 --- a/kernel/fork.c +++ b/kernel/fork.c | |||
| @@ -841,6 +841,8 @@ static int copy_signal(unsigned long clone_flags, struct task_struct *tsk) | |||
| 841 | atomic_set(&sig->live, 1); | 841 | atomic_set(&sig->live, 1); |
| 842 | init_waitqueue_head(&sig->wait_chldexit); | 842 | init_waitqueue_head(&sig->wait_chldexit); |
| 843 | sig->flags = 0; | 843 | sig->flags = 0; |
| 844 | if (clone_flags & CLONE_NEWPID) | ||
| 845 | sig->flags |= SIGNAL_UNKILLABLE; | ||
| 844 | sig->group_exit_code = 0; | 846 | sig->group_exit_code = 0; |
| 845 | sig->group_exit_task = NULL; | 847 | sig->group_exit_task = NULL; |
| 846 | sig->group_stop_count = 0; | 848 | sig->group_stop_count = 0; |