From: Oleg Nesterov <oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: Andrew Morton
<akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>,
Sukadev Bhattiprolu
<sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
Cc: Linux Containers
<containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>,
Daniel Lezcano <dlezcano-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
roland-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org
Subject: [PATCH 1/4] signals: SEND_SIG_NOINFO should be considered as SI_FROMUSER()
Date: Sun, 4 Oct 2009 04:19:18 +0200 [thread overview]
Message-ID: <20091004021918.GB21006@redhat.com> (raw)
In-Reply-To: <20091004021844.GA21006-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
No changes in compiled code. The patch adds the new helper, si_fromuser()
and changes check_kill_permission() to use this helper.
The real effect of this patch is that from now we "officially" consider
SEND_SIG_NOINFO signal as "from user-space" signals. This is already true
if we look at the code which uses SEND_SIG_NOINFO, except __send_signal()
has another opinion - see the next patch.
The naming of these special SEND_SIG_XXX siginfo's is really bad imho.
From __send_signal()'s pov they mean
SEND_SIG_NOINFO from user
SEND_SIG_PRIV from kernel
SEND_SIG_FORCED no info
Signed-off-by: Oleg Nesterov <oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
---
include/linux/sched.h | 5 -----
kernel/signal.c | 16 +++++++++++++---
2 files changed, 13 insertions(+), 8 deletions(-)
--- TTT_32/include/linux/sched.h~FU_1_HELPER 2009-09-24 21:38:54.000000000 +0200
+++ TTT_32/include/linux/sched.h 2009-10-04 02:21:49.000000000 +0200
@@ -2081,11 +2081,6 @@ static inline int kill_cad_pid(int sig,
#define SEND_SIG_PRIV ((struct siginfo *) 1)
#define SEND_SIG_FORCED ((struct siginfo *) 2)
-static inline int is_si_special(const struct siginfo *info)
-{
- return info <= SEND_SIG_FORCED;
-}
-
/* True if we are on the alternate signal stack. */
static inline int on_sig_stack(unsigned long sp)
--- TTT_32/kernel/signal.c~FU_1_HELPER 2009-09-24 21:38:54.000000000 +0200
+++ TTT_32/kernel/signal.c 2009-10-04 02:21:55.000000000 +0200
@@ -584,6 +584,17 @@ static int rm_from_queue(unsigned long m
return 1;
}
+static inline int is_si_special(const struct siginfo *info)
+{
+ return info <= SEND_SIG_FORCED;
+}
+
+static inline bool si_fromuser(const struct siginfo *info)
+{
+ return info == SEND_SIG_NOINFO ||
+ (!is_si_special(info) && SI_FROMUSER(info));
+}
+
/*
* Bad permissions for sending the signal
* - the caller must hold at least the RCU read lock
@@ -598,7 +609,7 @@ static int check_kill_permission(int sig
if (!valid_signal(sig))
return -EINVAL;
- if (info != SEND_SIG_NOINFO && (is_si_special(info) || SI_FROMKERNEL(info)))
+ if (!si_fromuser(info))
return 0;
error = audit_signal_info(sig, t); /* Let audit system see the signal */
@@ -1156,8 +1167,7 @@ int kill_pid_info_as_uid(int sig, struct
goto out_unlock;
}
pcred = __task_cred(p);
- if ((info == SEND_SIG_NOINFO ||
- (!is_si_special(info) && SI_FROMUSER(info))) &&
+ if (si_fromuser(info) &&
euid != pcred->suid && euid != pcred->uid &&
uid != pcred->suid && uid != pcred->uid) {
ret = -EPERM;
WARNING: multiple messages have this Message-ID (diff)
From: Oleg Nesterov <oleg@redhat.com>
To: Andrew Morton <akpm@linux-foundation.org>,
Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
Cc: Daniel Lezcano <dlezcano@fr.ibm.com>,
Sukadev Bhattiprolu <sukadev@us.ibm.com>,
Linux Containers <containers@lists.osdl.org>,
roland@redhat.com, linux-kernel@vger.kernel.org
Subject: [PATCH 1/4] signals: SEND_SIG_NOINFO should be considered as SI_FROMUSER()
Date: Sun, 4 Oct 2009 04:19:18 +0200 [thread overview]
Message-ID: <20091004021918.GB21006@redhat.com> (raw)
In-Reply-To: <20091004021844.GA21006@redhat.com>
No changes in compiled code. The patch adds the new helper, si_fromuser()
and changes check_kill_permission() to use this helper.
The real effect of this patch is that from now we "officially" consider
SEND_SIG_NOINFO signal as "from user-space" signals. This is already true
if we look at the code which uses SEND_SIG_NOINFO, except __send_signal()
has another opinion - see the next patch.
The naming of these special SEND_SIG_XXX siginfo's is really bad imho.
>From __send_signal()'s pov they mean
SEND_SIG_NOINFO from user
SEND_SIG_PRIV from kernel
SEND_SIG_FORCED no info
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
---
include/linux/sched.h | 5 -----
kernel/signal.c | 16 +++++++++++++---
2 files changed, 13 insertions(+), 8 deletions(-)
--- TTT_32/include/linux/sched.h~FU_1_HELPER 2009-09-24 21:38:54.000000000 +0200
+++ TTT_32/include/linux/sched.h 2009-10-04 02:21:49.000000000 +0200
@@ -2081,11 +2081,6 @@ static inline int kill_cad_pid(int sig,
#define SEND_SIG_PRIV ((struct siginfo *) 1)
#define SEND_SIG_FORCED ((struct siginfo *) 2)
-static inline int is_si_special(const struct siginfo *info)
-{
- return info <= SEND_SIG_FORCED;
-}
-
/* True if we are on the alternate signal stack. */
static inline int on_sig_stack(unsigned long sp)
--- TTT_32/kernel/signal.c~FU_1_HELPER 2009-09-24 21:38:54.000000000 +0200
+++ TTT_32/kernel/signal.c 2009-10-04 02:21:55.000000000 +0200
@@ -584,6 +584,17 @@ static int rm_from_queue(unsigned long m
return 1;
}
+static inline int is_si_special(const struct siginfo *info)
+{
+ return info <= SEND_SIG_FORCED;
+}
+
+static inline bool si_fromuser(const struct siginfo *info)
+{
+ return info == SEND_SIG_NOINFO ||
+ (!is_si_special(info) && SI_FROMUSER(info));
+}
+
/*
* Bad permissions for sending the signal
* - the caller must hold at least the RCU read lock
@@ -598,7 +609,7 @@ static int check_kill_permission(int sig
if (!valid_signal(sig))
return -EINVAL;
- if (info != SEND_SIG_NOINFO && (is_si_special(info) || SI_FROMKERNEL(info)))
+ if (!si_fromuser(info))
return 0;
error = audit_signal_info(sig, t); /* Let audit system see the signal */
@@ -1156,8 +1167,7 @@ int kill_pid_info_as_uid(int sig, struct
goto out_unlock;
}
pcred = __task_cred(p);
- if ((info == SEND_SIG_NOINFO ||
- (!is_si_special(info) && SI_FROMUSER(info))) &&
+ if (si_fromuser(info) &&
euid != pcred->suid && euid != pcred->uid &&
uid != pcred->suid && uid != pcred->uid) {
ret = -EPERM;
next prev parent reply other threads:[~2009-10-04 2:19 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-10-02 14:05 pidns : PR_SET_PDEATHSIG + SIGKILL regression Daniel Lezcano
[not found] ` <4AC608BE.9020805-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2009-10-02 15:47 ` Serge E. Hallyn
[not found] ` <20091002154702.GB26864-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-10-03 0:39 ` Sukadev Bhattiprolu
[not found] ` <20091003003929.GA20034-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-10-03 2:52 ` Oleg Nesterov
2009-10-03 17:10 ` Sukadev Bhattiprolu
2009-10-03 17:10 ` Sukadev Bhattiprolu
[not found] ` <20091003171029.GA30442-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-10-04 2:18 ` [PATCH 0/4] Was: " Oleg Nesterov
2009-10-04 2:18 ` Oleg Nesterov
[not found] ` <20091004021844.GA21006-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2009-10-04 2:19 ` Oleg Nesterov [this message]
2009-10-04 2:19 ` [PATCH 1/4] signals: SEND_SIG_NOINFO should be considered as SI_FROMUSER() Oleg Nesterov
[not found] ` <20091004021918.GB21006-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2009-10-04 2:25 ` Oleg Nesterov
2009-10-04 2:25 ` Oleg Nesterov
2009-10-05 17:58 ` Sukadev Bhattiprolu
2009-10-05 17:58 ` Sukadev Bhattiprolu
[not found] ` <20091005175855.GB30442-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-10-05 18:39 ` Oleg Nesterov
2009-10-05 18:39 ` Oleg Nesterov
2009-10-06 0:09 ` Sukadev Bhattiprolu
2009-10-06 0:09 ` Sukadev Bhattiprolu
2009-10-06 7:31 ` Roland McGrath
2009-10-06 7:31 ` Roland McGrath
[not found] ` <20091006073100.4184128-nL1rrgvulkc2UH6IwYuUx0EOCMrvLtNR@public.gmane.org>
2009-10-06 13:37 ` Oleg Nesterov
2009-10-06 13:37 ` Oleg Nesterov
[not found] ` <20091006133732.GB8628-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2009-10-06 17:57 ` Roland McGrath
2009-10-06 17:57 ` Roland McGrath
[not found] ` <20091006175705.6547A22-nL1rrgvulkc2UH6IwYuUx0EOCMrvLtNR@public.gmane.org>
2009-10-07 11:30 ` Oleg Nesterov
2009-10-07 11:30 ` Oleg Nesterov
[not found] ` <20091007113049.GA3421-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2009-10-08 1:57 ` Roland McGrath
2009-10-08 1:57 ` Roland McGrath
2009-10-04 2:19 ` [PATCH 2/4] signals: send_signal: use si_fromuser() to detect from_ancestor_ns Oleg Nesterov
2009-10-04 2:19 ` Oleg Nesterov
[not found] ` <20091004021954.GC21006-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2009-10-05 18:12 ` Sukadev Bhattiprolu
2009-10-05 18:12 ` Sukadev Bhattiprolu
[not found] ` <20091005181255.GE30442-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-10-05 18:25 ` Oleg Nesterov
2009-10-05 18:25 ` Oleg Nesterov
[not found] ` <20091005182536.GA943-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2009-10-05 19:37 ` Sukadev Bhattiprolu
2009-10-05 19:37 ` Sukadev Bhattiprolu
[not found] ` <20091005193738.GF30442-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-10-05 19:44 ` Oleg Nesterov
2009-10-05 19:44 ` Oleg Nesterov
[not found] ` <20091005194415.GA4560-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2009-10-05 19:55 ` Oleg Nesterov
2009-10-05 19:55 ` Oleg Nesterov
2009-10-06 0:06 ` Sukadev Bhattiprolu
2009-10-06 0:06 ` Sukadev Bhattiprolu
[not found] ` <20091006000631.GA4390-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-10-06 1:09 ` Oleg Nesterov
2009-10-06 1:09 ` Oleg Nesterov
[not found] ` <20091006010956.GA28233-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2009-10-06 2:34 ` Sukadev Bhattiprolu
2009-10-06 2:34 ` Sukadev Bhattiprolu
[not found] ` <20091006023401.GA10132-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-10-06 13:18 ` Oleg Nesterov
2009-10-06 13:18 ` Oleg Nesterov
[not found] ` <20091006131821.GA8628-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2009-10-06 18:01 ` Roland McGrath
2009-10-06 18:01 ` Roland McGrath
2009-10-06 0:16 ` Sukadev Bhattiprolu
2009-10-06 0:16 ` Sukadev Bhattiprolu
2009-10-04 2:20 ` [PATCH 3/4] signals: cosmetic, collect_signal: use SI_USER Oleg Nesterov
2009-10-04 2:20 ` Oleg Nesterov
[not found] ` <20091004022021.GD21006-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2009-10-05 18:03 ` Sukadev Bhattiprolu
2009-10-05 18:03 ` Sukadev Bhattiprolu
2009-10-04 2:20 ` [PATCH 4/4] signals: kill force_sig_specific() Oleg Nesterov
2009-10-04 2:20 ` Oleg Nesterov
[not found] ` <20091004022050.GE21006-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2009-10-05 18:04 ` Sukadev Bhattiprolu
2009-10-05 18:04 ` Sukadev Bhattiprolu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20091004021918.GB21006@redhat.com \
--to=oleg-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
--cc=akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=dlezcano-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=roland-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.