From: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
To: oleg@redhat.com, ebiederm@xmission.com, roland@redhat.com,
bastian@waldi.eu.org
Cc: daniel@hozac.com, xemul@openvz.org, containers@lists.osdl.org,
linux-kernel@vger.kernel.org
Subject: [PATCH 4/7][v7] Protect cinit from unblocked SIG_DFL signals
Date: Sat, 17 Jan 2009 12:36:21 -0800 [thread overview]
Message-ID: <20090117203621.GE11825@us.ibm.com> (raw)
In-Reply-To: <20090117202638.GA11825@us.ibm.com>
From: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
Date: Wed, 24 Dec 2008 14:03:57 -0800
Subject: [PATCH 4/7][v7] Protect cinit from unblocked SIG_DFL signals
Drop early any SIG_DFL or SIG_IGN signals to container-init from within
the same container. But queue SIGSTOP and SIGKILL to the container-init
if they are from an ancestor container.
Blocked, fatal signals (i.e when SIG_DFL is to terminate) from within the
container can still terminate the container-init. That will be addressed
in the next patch.
Note: To be bisect-safe, SIGNAL_UNKILLABLE will be set for container-inits
in a follow-on patch. Until then, this patch is just a preparatory
step.
Changelog[v7]:
- siginfo_from_user(), siginfo_from_ancestor_ns() are needed in only
one place. Remove them and move their logic into send_signal().
Seems to make code more easier to read :-)
Changelog[v6]:
- (Roland McGrath) Remove unnecessary helper signal_task_unkillable()
and fold checks into sig_task_ignored().
Changelog[v4]:
- (Oleg Nesterov) Remove SIGNAL_UNKILLABLE_FROM_NS and rename
'same_ns' to 'from_ancestor_ns'.
- SIGNAL_UNKILLABLE is not yet set for container-inits (will be
set in follow-on patch).
Signed-off-by: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
---
kernel/signal.c | 28 +++++++++++++++++++---------
1 files changed, 19 insertions(+), 9 deletions(-)
diff --git a/kernel/signal.c b/kernel/signal.c
index bb3b6f5..41060ae 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -53,20 +53,21 @@ static int sig_handler_ignored(void __user *handler, int sig)
(handler == SIG_DFL && sig_kernel_ignore(sig));
}
-static int sig_task_ignored(struct task_struct *t, int sig)
+static int sig_task_ignored(struct task_struct *t, int sig,
+ int from_ancestor_ns)
{
void __user *handler;
handler = sig_handler(t, sig);
if (unlikely(t->signal->flags & SIGNAL_UNKILLABLE) &&
- handler == SIG_DFL)
+ handler == SIG_DFL && !from_ancestor_ns)
return 1;
return sig_handler_ignored(handler, sig);
}
-static int sig_ignored(struct task_struct *t, int sig)
+static int sig_ignored(struct task_struct *t, int sig, int from_ancestor_ns)
{
/*
* Blocked signals are never ignored, since the
@@ -76,7 +77,7 @@ static int sig_ignored(struct task_struct *t, int sig)
if (sigismember(&t->blocked, sig) || sigismember(&t->real_blocked, sig))
return 0;
- if (!sig_task_ignored(t, sig))
+ if (!sig_task_ignored(t, sig, from_ancestor_ns))
return 0;
/*
@@ -632,7 +633,7 @@ static int check_kill_permission(int sig, struct siginfo *info,
* Returns true if the signal should be actually delivered, otherwise
* it should be dropped.
*/
-static int prepare_signal(int sig, struct task_struct *p)
+static int prepare_signal(int sig, struct task_struct *p, int from_ancestor_ns)
{
struct signal_struct *signal = p->signal;
struct task_struct *t;
@@ -716,7 +717,7 @@ static int prepare_signal(int sig, struct task_struct *p)
}
}
- return !sig_ignored(p, sig);
+ return !sig_ignored(p, sig, from_ancestor_ns);
}
/*
@@ -830,7 +831,8 @@ static int __send_signal(int sig, struct siginfo *info, struct task_struct *t,
trace_sched_signal_send(sig, t);
assert_spin_locked(&t->sighand->siglock);
- if (!prepare_signal(sig, t))
+
+ if (!prepare_signal(sig, t, from_ancestor_ns))
return 0;
pending = group ? &t->signal->shared_pending : &t->pending;
@@ -899,7 +901,15 @@ out_set:
static int send_signal(int sig, struct siginfo *info, struct task_struct *t,
int group)
{
- return __send_signal(sig, info, t, group, 0);
+ int from_ancestor_ns = 0;
+
+#ifdef CONFIG_PID_NS
+ if (!is_si_special(info) && SI_FROMUSER(info) &&
+ task_pid_nr_ns(current, task_active_pid_ns(t)) <= 0)
+ from_ancestor_ns = 1;
+#endif
+
+ return __send_signal(sig, info, t, group, from_ancestor_ns);
}
int print_fatal_signals;
@@ -1331,7 +1341,7 @@ int send_sigqueue(struct sigqueue *q, struct task_struct *t, int group)
goto ret;
ret = 1; /* the signal is ignored */
- if (!prepare_signal(sig, t))
+ if (!prepare_signal(sig, t, 1))
goto out;
ret = 0;
--
1.5.2.5
next prev parent reply other threads:[~2009-01-17 20:36 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-01-17 20:26 [PATCH 0/7][v7] Container-init signal semantics Sukadev Bhattiprolu
2009-01-17 20:35 ` [PATCH 1/7][v7] Remove 'handler' parameter to tracehook functions Sukadev Bhattiprolu
2009-01-17 20:35 ` [PATCH 2/7][v7] Protect init from unwanted signals more Sukadev Bhattiprolu
[not found] ` <20090117202638.GA11825-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-01-17 20:35 ` [PATCH 3/7][v7] Add from_ancestor_ns parameter to send_signal() Sukadev Bhattiprolu
2009-01-17 20:35 ` Sukadev Bhattiprolu
2009-01-17 20:36 ` Sukadev Bhattiprolu [this message]
2009-01-17 22:12 ` [PATCH 4/7][v7] Protect cinit from unblocked SIG_DFL signals Oleg Nesterov
2009-01-20 1:07 ` Sukadev Bhattiprolu
2009-01-20 1:09 ` Sukadev Bhattiprolu
2009-01-17 20:36 ` [PATCH 5/7][v7] Protect cinit from blocked fatal signals Sukadev Bhattiprolu
2009-01-17 20:37 ` [PATCH 6/7][v7] SI_USER: Masquerade si_pid when crossing pid ns boundary Sukadev Bhattiprolu
2009-01-17 20:37 ` [PATCH 7/7][v7] proc: Show SIG_DFL signals to init as "ignored" signals Sukadev Bhattiprolu
2009-01-17 22:19 ` Oleg Nesterov
2009-01-20 1:04 ` Sukadev Bhattiprolu
2009-01-20 7:33 ` Oleg Nesterov
[not found] ` <20090120073305.GA29130-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2009-01-20 16:09 ` Sukadev Bhattiprolu
2009-01-20 16:09 ` Sukadev Bhattiprolu
2009-01-19 2:09 ` [PATCH 0/7][v7] Container-init signal semantics KAMEZAWA Hiroyuki
2009-01-21 3:05 ` Sukadev Bhattiprolu
2009-01-21 3:53 ` KAMEZAWA Hiroyuki
2009-01-21 4:16 ` Eric W. Biederman
2009-01-21 4:23 ` KAMEZAWA Hiroyuki
2009-01-21 4:23 ` KAMEZAWA Hiroyuki
[not found] ` <20090121030500.GA32138-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-01-21 4:05 ` Serge E. Hallyn
2009-01-21 4:05 ` Serge E. Hallyn
2009-01-22 5:48 ` Matt Helsley
2009-01-21 4:39 ` Bryan Donlan
[not found] ` <3e8340490901202039r1ac7e0te5372690dfe81089-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2009-01-21 8:31 ` Oleg Nesterov
2009-01-21 8:31 ` Oleg Nesterov
2009-02-07 21:20 ` Sukadev Bhattiprolu
2009-02-09 4:04 ` Roland McGrath
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090117203621.GE11825@us.ibm.com \
--to=sukadev@linux.vnet.ibm.com \
--cc=bastian@waldi.eu.org \
--cc=containers@lists.osdl.org \
--cc=daniel@hozac.com \
--cc=ebiederm@xmission.com \
--cc=linux-kernel@vger.kernel.org \
--cc=oleg@redhat.com \
--cc=roland@redhat.com \
--cc=xemul@openvz.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.