aboutsummaryrefslogtreecommitdiffstats
path: root/kernel/signal.c
diff options
context:
space:
mode:
Diffstat (limited to 'kernel/signal.c')
-rw-r--r--kernel/signal.c60
1 files changed, 39 insertions, 21 deletions
diff --git a/kernel/signal.c b/kernel/signal.c
index 4530fc654455..2a64304ed54b 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -177,6 +177,11 @@ int next_signal(struct sigpending *pending, sigset_t *mask)
177 return sig; 177 return sig;
178} 178}
179 179
180/*
181 * allocate a new signal queue record
182 * - this may be called without locks if and only if t == current, otherwise an
183 * appopriate lock must be held to stop the target task from exiting
184 */
180static struct sigqueue *__sigqueue_alloc(struct task_struct *t, gfp_t flags, 185static struct sigqueue *__sigqueue_alloc(struct task_struct *t, gfp_t flags,
181 int override_rlimit) 186 int override_rlimit)
182{ 187{
@@ -184,11 +189,12 @@ static struct sigqueue *__sigqueue_alloc(struct task_struct *t, gfp_t flags,
184 struct user_struct *user; 189 struct user_struct *user;
185 190
186 /* 191 /*
187 * In order to avoid problems with "switch_user()", we want to make 192 * We won't get problems with the target's UID changing under us
188 * sure that the compiler doesn't re-load "t->user" 193 * because changing it requires RCU be used, and if t != current, the
194 * caller must be holding the RCU readlock (by way of a spinlock) and
195 * we use RCU protection here
189 */ 196 */
190 user = t->user; 197 user = get_uid(__task_cred(t)->user);
191 barrier();
192 atomic_inc(&user->sigpending); 198 atomic_inc(&user->sigpending);
193 if (override_rlimit || 199 if (override_rlimit ||
194 atomic_read(&user->sigpending) <= 200 atomic_read(&user->sigpending) <=
@@ -196,12 +202,14 @@ static struct sigqueue *__sigqueue_alloc(struct task_struct *t, gfp_t flags,
196 q = kmem_cache_alloc(sigqueue_cachep, flags); 202 q = kmem_cache_alloc(sigqueue_cachep, flags);
197 if (unlikely(q == NULL)) { 203 if (unlikely(q == NULL)) {
198 atomic_dec(&user->sigpending); 204 atomic_dec(&user->sigpending);
205 free_uid(user);
199 } else { 206 } else {
200 INIT_LIST_HEAD(&q->list); 207 INIT_LIST_HEAD(&q->list);
201 q->flags = 0; 208 q->flags = 0;
202 q->user = get_uid(user); 209 q->user = user;
203 } 210 }
204 return(q); 211
212 return q;
205} 213}
206 214
207static void __sigqueue_free(struct sigqueue *q) 215static void __sigqueue_free(struct sigqueue *q)
@@ -562,10 +570,12 @@ static int rm_from_queue(unsigned long mask, struct sigpending *s)
562 570
563/* 571/*
564 * Bad permissions for sending the signal 572 * Bad permissions for sending the signal
573 * - the caller must hold at least the RCU read lock
565 */ 574 */
566static int check_kill_permission(int sig, struct siginfo *info, 575static int check_kill_permission(int sig, struct siginfo *info,
567 struct task_struct *t) 576 struct task_struct *t)
568{ 577{
578 const struct cred *cred = current_cred(), *tcred;
569 struct pid *sid; 579 struct pid *sid;
570 int error; 580 int error;
571 581
@@ -579,8 +589,11 @@ static int check_kill_permission(int sig, struct siginfo *info,
579 if (error) 589 if (error)
580 return error; 590 return error;
581 591
582 if ((current->euid ^ t->suid) && (current->euid ^ t->uid) && 592 tcred = __task_cred(t);
583 (current->uid ^ t->suid) && (current->uid ^ t->uid) && 593 if ((cred->euid ^ tcred->suid) &&
594 (cred->euid ^ tcred->uid) &&
595 (cred->uid ^ tcred->suid) &&
596 (cred->uid ^ tcred->uid) &&
584 !capable(CAP_KILL)) { 597 !capable(CAP_KILL)) {
585 switch (sig) { 598 switch (sig) {
586 case SIGCONT: 599 case SIGCONT:
@@ -844,7 +857,7 @@ static int send_signal(int sig, struct siginfo *info, struct task_struct *t,
844 q->info.si_errno = 0; 857 q->info.si_errno = 0;
845 q->info.si_code = SI_USER; 858 q->info.si_code = SI_USER;
846 q->info.si_pid = task_pid_vnr(current); 859 q->info.si_pid = task_pid_vnr(current);
847 q->info.si_uid = current->uid; 860 q->info.si_uid = current_uid();
848 break; 861 break;
849 case (unsigned long) SEND_SIG_PRIV: 862 case (unsigned long) SEND_SIG_PRIV:
850 q->info.si_signo = sig; 863 q->info.si_signo = sig;
@@ -1008,6 +1021,10 @@ struct sighand_struct *lock_task_sighand(struct task_struct *tsk, unsigned long
1008 return sighand; 1021 return sighand;
1009} 1022}
1010 1023
1024/*
1025 * send signal info to all the members of a group
1026 * - the caller must hold the RCU read lock at least
1027 */
1011int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) 1028int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
1012{ 1029{
1013 unsigned long flags; 1030 unsigned long flags;
@@ -1029,8 +1046,8 @@ int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
1029/* 1046/*
1030 * __kill_pgrp_info() sends a signal to a process group: this is what the tty 1047 * __kill_pgrp_info() sends a signal to a process group: this is what the tty
1031 * control characters do (^C, ^Z etc) 1048 * control characters do (^C, ^Z etc)
1049 * - the caller must hold at least a readlock on tasklist_lock
1032 */ 1050 */
1033
1034int __kill_pgrp_info(int sig, struct siginfo *info, struct pid *pgrp) 1051int __kill_pgrp_info(int sig, struct siginfo *info, struct pid *pgrp)
1035{ 1052{
1036 struct task_struct *p = NULL; 1053 struct task_struct *p = NULL;
@@ -1086,6 +1103,7 @@ int kill_pid_info_as_uid(int sig, struct siginfo *info, struct pid *pid,
1086{ 1103{
1087 int ret = -EINVAL; 1104 int ret = -EINVAL;
1088 struct task_struct *p; 1105 struct task_struct *p;
1106 const struct cred *pcred;
1089 1107
1090 if (!valid_signal(sig)) 1108 if (!valid_signal(sig))
1091 return ret; 1109 return ret;
@@ -1096,9 +1114,11 @@ int kill_pid_info_as_uid(int sig, struct siginfo *info, struct pid *pid,
1096 ret = -ESRCH; 1114 ret = -ESRCH;
1097 goto out_unlock; 1115 goto out_unlock;
1098 } 1116 }
1099 if ((info == SEND_SIG_NOINFO || (!is_si_special(info) && SI_FROMUSER(info))) 1117 pcred = __task_cred(p);
1100 && (euid != p->suid) && (euid != p->uid) 1118 if ((info == SEND_SIG_NOINFO ||
1101 && (uid != p->suid) && (uid != p->uid)) { 1119 (!is_si_special(info) && SI_FROMUSER(info))) &&
1120 euid != pcred->suid && euid != pcred->uid &&
1121 uid != pcred->suid && uid != pcred->uid) {
1102 ret = -EPERM; 1122 ret = -EPERM;
1103 goto out_unlock; 1123 goto out_unlock;
1104 } 1124 }
@@ -1369,10 +1389,9 @@ int do_notify_parent(struct task_struct *tsk, int sig)
1369 */ 1389 */
1370 rcu_read_lock(); 1390 rcu_read_lock();
1371 info.si_pid = task_pid_nr_ns(tsk, tsk->parent->nsproxy->pid_ns); 1391 info.si_pid = task_pid_nr_ns(tsk, tsk->parent->nsproxy->pid_ns);
1392 info.si_uid = __task_cred(tsk)->uid;
1372 rcu_read_unlock(); 1393 rcu_read_unlock();
1373 1394
1374 info.si_uid = tsk->uid;
1375
1376 thread_group_cputime(tsk, &cputime); 1395 thread_group_cputime(tsk, &cputime);
1377 info.si_utime = cputime_to_jiffies(cputime.utime); 1396 info.si_utime = cputime_to_jiffies(cputime.utime);
1378 info.si_stime = cputime_to_jiffies(cputime.stime); 1397 info.si_stime = cputime_to_jiffies(cputime.stime);
@@ -1440,10 +1459,9 @@ static void do_notify_parent_cldstop(struct task_struct *tsk, int why)
1440 */ 1459 */
1441 rcu_read_lock(); 1460 rcu_read_lock();
1442 info.si_pid = task_pid_nr_ns(tsk, tsk->parent->nsproxy->pid_ns); 1461 info.si_pid = task_pid_nr_ns(tsk, tsk->parent->nsproxy->pid_ns);
1462 info.si_uid = __task_cred(tsk)->uid;
1443 rcu_read_unlock(); 1463 rcu_read_unlock();
1444 1464
1445 info.si_uid = tsk->uid;
1446
1447 info.si_utime = cputime_to_clock_t(tsk->utime); 1465 info.si_utime = cputime_to_clock_t(tsk->utime);
1448 info.si_stime = cputime_to_clock_t(tsk->stime); 1466 info.si_stime = cputime_to_clock_t(tsk->stime);
1449 1467
@@ -1598,7 +1616,7 @@ void ptrace_notify(int exit_code)
1598 info.si_signo = SIGTRAP; 1616 info.si_signo = SIGTRAP;
1599 info.si_code = exit_code; 1617 info.si_code = exit_code;
1600 info.si_pid = task_pid_vnr(current); 1618 info.si_pid = task_pid_vnr(current);
1601 info.si_uid = current->uid; 1619 info.si_uid = current_uid();
1602 1620
1603 /* Let the debugger run. */ 1621 /* Let the debugger run. */
1604 spin_lock_irq(&current->sighand->siglock); 1622 spin_lock_irq(&current->sighand->siglock);
@@ -1710,7 +1728,7 @@ static int ptrace_signal(int signr, siginfo_t *info,
1710 info->si_errno = 0; 1728 info->si_errno = 0;
1711 info->si_code = SI_USER; 1729 info->si_code = SI_USER;
1712 info->si_pid = task_pid_vnr(current->parent); 1730 info->si_pid = task_pid_vnr(current->parent);
1713 info->si_uid = current->parent->uid; 1731 info->si_uid = task_uid(current->parent);
1714 } 1732 }
1715 1733
1716 /* If the (new) signal is now blocked, requeue it. */ 1734 /* If the (new) signal is now blocked, requeue it. */
@@ -2211,7 +2229,7 @@ sys_kill(pid_t pid, int sig)
2211 info.si_errno = 0; 2229 info.si_errno = 0;
2212 info.si_code = SI_USER; 2230 info.si_code = SI_USER;
2213 info.si_pid = task_tgid_vnr(current); 2231 info.si_pid = task_tgid_vnr(current);
2214 info.si_uid = current->uid; 2232 info.si_uid = current_uid();
2215 2233
2216 return kill_something_info(sig, &info, pid); 2234 return kill_something_info(sig, &info, pid);
2217} 2235}
@@ -2228,7 +2246,7 @@ static int do_tkill(pid_t tgid, pid_t pid, int sig)
2228 info.si_errno = 0; 2246 info.si_errno = 0;
2229 info.si_code = SI_TKILL; 2247 info.si_code = SI_TKILL;
2230 info.si_pid = task_tgid_vnr(current); 2248 info.si_pid = task_tgid_vnr(current);
2231 info.si_uid = current->uid; 2249 info.si_uid = current_uid();
2232 2250
2233 rcu_read_lock(); 2251 rcu_read_lock();
2234 p = find_task_by_vpid(pid); 2252 p = find_task_by_vpid(pid);