1 files changed, 59 insertions, 13 deletions
diff --git a/kernel/signal.c b/kernel/signal.c
index dbd7fe073c55..bded65187780 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -637,12 +637,12 @@ static inline bool si_fromuser(const struct siginfo *info)
 /*
 * Bad permissions for sending the signal
- * - the caller must hold at least the RCU read lock
+ * - the caller must hold the RCU read lock
 */
 static int check_kill_permission(int sig, struct siginfo *info,
                                 struct task_struct *t)
 {
-        const struct cred *cred = current_cred(), *tcred;
+        const struct cred *cred, *tcred;
        struct pid *sid;
        int error;
@@ -656,8 +656,10 @@ static int check_kill_permission(int sig, struct siginfo *info,
        if (error)
                return error;
+        cred = current_cred();
        tcred = __task_cred(t);
-        if ((cred->euid ^ tcred->suid) &&
+        if (!same_thread_group(current, t) &&
+            (cred->euid ^ tcred->suid) &&
            (cred->euid ^ tcred->uid) &&
            (cred->uid  ^ tcred->suid) &&
            (cred->uid  ^ tcred->uid) &&
@@ -1083,23 +1085,24 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t)
 /*
 * Nuke all other threads in the group.
 */
-void zap_other_threads(struct task_struct *p)
+int zap_other_threads(struct task_struct *p)
 {
-        struct task_struct *t;
+        struct task_struct *t = p;
+        int count = 0;
        p->signal->group_stop_count = 0;
-        for (t = next_thread(p); t != p; t = next_thread(t)) {
+        while_each_thread(p, t) {
-                /*
+                count++;
-                 * Don't bother with already dead threads
-                 */
+                /* Don't bother with already dead threads */
                if (t->exit_state)
                        continue;
-                /* SIGKILL will be handled before any pending SIGSTOP */
                sigaddset(&t->pending.signal, SIGKILL);
                signal_wake_up(t, 1);
        }
+        return count;
 }
 struct sighand_struct *lock_task_sighand(struct task_struct *tsk, unsigned long *flags)
@@ -1124,11 +1127,14 @@ struct sighand_struct *lock_task_sighand(struct task_struct *tsk, unsigned long
 /*
 * send signal info to all the members of a group
- * - the caller must hold the RCU read lock at least
 */
 int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
 {
-        int ret = check_kill_permission(sig, info, p);
+        int ret;
+        rcu_read_lock();
+        ret = check_kill_permission(sig, info, p);
+        rcu_read_unlock();
        if (!ret && sig)
                ret = do_send_sig_info(sig, info, p, true);
@@ -2735,3 +2741,43 @@ void __init signals_init(void)
 {
        sigqueue_cachep = KMEM_CACHE(sigqueue, SLAB_PANIC);
 }
+#ifdef CONFIG_KGDB_KDB
+#include <linux/kdb.h>
+/*
+ * kdb_send_sig_info - Allows kdb to send signals without exposing
+ * signal internals.  This function checks if the required locks are
+ * available before calling the main signal code, to avoid kdb
+ * deadlocks.
+ */
+void
+kdb_send_sig_info(struct task_struct *t, struct siginfo *info)
+{
+        static struct task_struct *kdb_prev_t;
+        int sig, new_t;
+        if (!spin_trylock(&t->sighand->siglock)) {
+                kdb_printf("Can't do kill command now.\n"
+                           "The sigmask lock is held somewhere else in "
+                           "kernel, try again later\n");
+                return;
+        }
+        spin_unlock(&t->sighand->siglock);
+        new_t = kdb_prev_t != t;
+        kdb_prev_t = t;
+        if (t->state != TASK_RUNNING && new_t) {
+                kdb_printf("Process is not RUNNING, sending a signal from "
+                           "kdb risks deadlock\n"
+                           "on the run queue locks. "
+                           "The signal has _not_ been sent.\n"
+                           "Reissue the kill command if you want to risk "
+                           "the deadlock.\n");
+                return;
+        }
+        sig = info->si_signo;
+        if (send_sig_info(sig, info, t))
+                kdb_printf("Fail to deliver Signal %d to process %d.\n",
+                           sig, t->pid);
+        else
+                kdb_printf("Signal %d is sent to process %d.\n", sig, t->pid);
+}
+#endif  /* CONFIG_KGDB_KDB */

diff --git a/kernel/signal.c b/kernel/signal.c index dbd7fe073c55..bded65187780 100644 --- a/kernel/signal.c +++ b/kernel/signal.c
@@ -637,12 +637,12 @@ static inline bool si_fromuser(const struct siginfo *info)
637		637
638	/*	638	/*
639	* Bad permissions for sending the signal	639	* Bad permissions for sending the signal
640	* - the caller must hold at least the RCU read lock	640	* - the caller must hold the RCU read lock
641	*/	641	*/
642	static int check_kill_permission(int sig, struct siginfo *info,	642	static int check_kill_permission(int sig, struct siginfo *info,
643	struct task_struct *t)	643	struct task_struct *t)
644	{	644	{
645	const struct cred cred = current_cred(), tcred;	645	const struct cred cred, tcred;
646	struct pid *sid;	646	struct pid *sid;
647	int error;	647	int error;
648		648
@@ -656,8 +656,10 @@ static int check_kill_permission(int sig, struct siginfo *info,
656	if (error)	656	if (error)
657	return error;	657	return error;
658		658
		659	cred = current_cred();
659	tcred = __task_cred(t);	660	tcred = __task_cred(t);
660	if ((cred->euid ^ tcred->suid) &&	661	if (!same_thread_group(current, t) &&
		662	(cred->euid ^ tcred->suid) &&
661	(cred->euid ^ tcred->uid) &&	663	(cred->euid ^ tcred->uid) &&
662	(cred->uid ^ tcred->suid) &&	664	(cred->uid ^ tcred->suid) &&
663	(cred->uid ^ tcred->uid) &&	665	(cred->uid ^ tcred->uid) &&
@@ -1083,23 +1085,24 @@ force_sig_info(int sig, struct siginfo info, struct task_struct t)
1083	/*	1085	/*
1084	* Nuke all other threads in the group.	1086	* Nuke all other threads in the group.
1085	*/	1087	*/
1086	void zap_other_threads(struct task_struct *p)	1088	int zap_other_threads(struct task_struct *p)
1087	{	1089	{
1088	struct task_struct *t;	1090	struct task_struct *t = p;
		1091	int count = 0;
1089		1092
1090	p->signal->group_stop_count = 0;	1093	p->signal->group_stop_count = 0;
1091		1094
1092	for (t = next_thread(p); t != p; t = next_thread(t)) {	1095	while_each_thread(p, t) {
1093	/*	1096	count++;
1094	* Don't bother with already dead threads	1097
1095	*/	1098	/* Don't bother with already dead threads */
1096	if (t->exit_state)	1099	if (t->exit_state)
1097	continue;	1100	continue;
1098
1099	/* SIGKILL will be handled before any pending SIGSTOP */
1100	sigaddset(&t->pending.signal, SIGKILL);	1101	sigaddset(&t->pending.signal, SIGKILL);
1101	signal_wake_up(t, 1);	1102	signal_wake_up(t, 1);
1102	}	1103	}
		1104
		1105	return count;
1103	}	1106	}
1104		1107
1105	struct sighand_struct lock_task_sighand(struct task_struct tsk, unsigned long *flags)	1108	struct sighand_struct lock_task_sighand(struct task_struct tsk, unsigned long *flags)
@@ -1124,11 +1127,14 @@ struct sighand_struct lock_task_sighand(struct task_struct tsk, unsigned long
1124		1127
1125	/*	1128	/*
1126	* send signal info to all the members of a group	1129	* send signal info to all the members of a group
1127	* - the caller must hold the RCU read lock at least
1128	*/	1130	*/
1129	int group_send_sig_info(int sig, struct siginfo info, struct task_struct p)	1131	int group_send_sig_info(int sig, struct siginfo info, struct task_struct p)
1130	{	1132	{
1131	int ret = check_kill_permission(sig, info, p);	1133	int ret;
		1134
		1135	rcu_read_lock();
		1136	ret = check_kill_permission(sig, info, p);
		1137	rcu_read_unlock();
1132		1138
1133	if (!ret && sig)	1139	if (!ret && sig)
1134	ret = do_send_sig_info(sig, info, p, true);	1140	ret = do_send_sig_info(sig, info, p, true);
@@ -2735,3 +2741,43 @@ void __init signals_init(void)
2735	{	2741	{
2736	sigqueue_cachep = KMEM_CACHE(sigqueue, SLAB_PANIC);	2742	sigqueue_cachep = KMEM_CACHE(sigqueue, SLAB_PANIC);
2737	}	2743	}
		2744
		2745	#ifdef CONFIG_KGDB_KDB
		2746	#include <linux/kdb.h>
		2747	/*
		2748	* kdb_send_sig_info - Allows kdb to send signals without exposing
		2749	* signal internals. This function checks if the required locks are
		2750	* available before calling the main signal code, to avoid kdb
		2751	* deadlocks.
		2752	*/
		2753	void
		2754	kdb_send_sig_info(struct task_struct t, struct siginfo info)
		2755	{
		2756	static struct task_struct *kdb_prev_t;
		2757	int sig, new_t;
		2758	if (!spin_trylock(&t->sighand->siglock)) {
		2759	kdb_printf("Can't do kill command now.\n"
		2760	"The sigmask lock is held somewhere else in "
		2761	"kernel, try again later\n");
		2762	return;
		2763	}
		2764	spin_unlock(&t->sighand->siglock);
		2765	new_t = kdb_prev_t != t;
		2766	kdb_prev_t = t;
		2767	if (t->state != TASK_RUNNING && new_t) {
		2768	kdb_printf("Process is not RUNNING, sending a signal from "
		2769	"kdb risks deadlock\n"
		2770	"on the run queue locks. "
		2771	"The signal has _not_ been sent.\n"
		2772	"Reissue the kill command if you want to risk "
		2773	"the deadlock.\n");
		2774	return;
		2775	}
		2776	sig = info->si_signo;
		2777	if (send_sig_info(sig, info, t))
		2778	kdb_printf("Fail to deliver Signal %d to process %d.\n",
		2779	sig, t->pid);
		2780	else
		2781	kdb_printf("Signal %d is sent to process %d.\n", sig, t->pid);
		2782	}
		2783	#endif /* CONFIG_KGDB_KDB */