[PATCH 1/4] tty_io: Use group_send_sig_info in __do_SACK to note it is a session being killed

[ebiederm@xmission.com (Eric W. Biederman)]

Replace send_sig and force_sig in __do_SAK with group_send_sig_info
the general helper for sending a signal to a process group.  This is
wordier but it allows specifying PIDTYPE_SID so that the signal code
knows the signal went to a session.

Both force_sig() and send_sig(..., 1) specify SEND_SIG_PRIV and the
new call of group_send_sig_info does that explicitly.  This is enough
to ensure even a pid namespace init is killed.

The global init remains unkillable.  The guarantee that __do_SAK tries
to provide is a clean path to login to a machine.  As the global init is
unkillable, if it chooses to hold open a tty it can violate this
guarantee.  A technique other than killing processes would be needed
to provide this guarantee to userspace.

The only difference between force_sig and send_sig when sending
SIGKILL is that SIGNAL_UNKILLABLE is cleared.  This has no affect on
the processing of a signal sent with SEND_SIG_PRIV by any process, making
it unnecessary, and not behavior that needs to be preserved.

force_sig was used originally because it did not take as many locks as
send_sig.  Today send_sig, force_sig and group_send_sig_info take the
same locks when delivering a signal.

group_send_sig_info also contains a permission check that force_sig
and send_sig do not.  However the presence of SEND_SIG_PRIV makes the
permission check a noop.  So the permission check does not result
in any behavioral differences.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
 drivers/tty/tty_io.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
index 32bc3e3fe4d3..6553247a761f 100644
--- a/drivers/tty/tty_io.c
+++ b/drivers/tty/tty_io.c
@@ -2738,7 +2738,7 @@ void __do_SAK(struct tty_struct *tty)
 	do_each_pid_task(session, PIDTYPE_SID, p) {
 		tty_notice(tty, "SAK: killed process %d (%s): by session\n",
 			   task_pid_nr(p), p->comm);
-		send_sig(SIGKILL, p, 1);
+		group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID);
 	} while_each_pid_task(session, PIDTYPE_SID, p);
 
 	/* Now kill any processes that happen to have the tty open */
@@ -2746,7 +2746,7 @@ void __do_SAK(struct tty_struct *tty)
 		if (p->signal->tty == tty) {
 			tty_notice(tty, "SAK: killed process %d (%s): by controlling tty\n",
 				   task_pid_nr(p), p->comm);
-			send_sig(SIGKILL, p, 1);
+			group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID);
 			continue;
 		}
 		task_lock(p);
@@ -2754,7 +2754,7 @@ void __do_SAK(struct tty_struct *tty)
 		if (i != 0) {
 			tty_notice(tty, "SAK: killed process %d (%s): by fd#%d\n",
 				   task_pid_nr(p), p->comm, i - 1);
-			force_sig(SIGKILL, p);
+			group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID);
 		}
 		task_unlock(p);
 	} while_each_thread(g, p);
-- 
2.17.1