From: Oleg Nesterov <oleg@redhat.com>
To: Bradley Morgan <include@grrlz.net>
Cc: Christian Brauner <brauner@kernel.org>,
Steven Rostedt <rostedt@goodmis.org>,
Masami Hiramatsu <mhiramat@kernel.org>,
Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
Andrew Morton <akpm@linux-foundation.org>,
Peter Zijlstra <peterz@infradead.org>,
Marco Elver <elver@google.com>,
Aleksandr Nogikh <nogikh@google.com>,
Thomas Gleixner <tglx@kernel.org>,
Adrian Huang <adrianhuang0701@gmail.com>,
Kexin Sun <kexinsun@smail.nju.edu.cn>,
linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org
Subject: Re: [PATCH v2 2/2] signal: make send_signal_locked() take const siginfo
Date: Tue, 23 Jun 2026 12:39:05 +0200 [thread overview]
Message-ID: <ajpiSbciUfZr2zfm@redhat.com> (raw)
In-Reply-To: <f754c4e5c82b45bcbb770aa8bb1f4ab1d87a0b0e.1782159692.git.include@grrlz.net>
On 06/22, Bradley Morgan wrote:
>
> send_signal_locked() should not change the caller's siginfo. Make that
> part of the type and keep the local rewrite on its copy.
>
> Suggested-by: Oleg Nesterov <oleg@redhat.com>
Ah, sorry... I only suggested to change the signature of send_signal_locked()
and thus has_si_pid_and_uid(). Perhaps a broader change makes sense too, but
this conflicts with another (under discussion) series:
PATCH v2 3/3] signal: fix evasion of SA_IMMUTABLE signals
https://lore.kernel.org/all/ajVD6ZmiSQLxjj57@redhat.com/
Now let me take another look at 1/2 ...
Oleg.
> Signed-off-by: Bradley Morgan <include@grrlz.net>
> ---
> Changes since v1:
> - New patch from Oleg's suggestion.
> - Link to Oleg's suggestion:
> https://lore.kernel.org/all/0873AC4A-3CB2-4F7B-BFE6-75D855AD22DC@grrlz.net/T/#m5f8a2d54928efff41de539969b68149e1ec5fca4
>
> include/linux/signal.h | 2 +-
> include/trace/events/signal.h | 4 ++--
> kernel/signal.c | 20 +++++++++++---------
> 3 files changed, 14 insertions(+), 12 deletions(-)
>
> diff --git a/include/linux/signal.h b/include/linux/signal.h
> index f19816832f05..a1ba8c5973c6 100644
> --- a/include/linux/signal.h
> +++ b/include/linux/signal.h
> @@ -283,7 +283,7 @@ extern int do_send_sig_info(int sig, struct kernel_siginfo *info,
> struct task_struct *p, enum pid_type type);
> extern int group_send_sig_info(int sig, struct kernel_siginfo *info,
> struct task_struct *p, enum pid_type type);
> -extern int send_signal_locked(int sig, struct kernel_siginfo *info,
> +extern int send_signal_locked(int sig, const struct kernel_siginfo *info,
> struct task_struct *p, enum pid_type type);
> extern int sigprocmask(int, sigset_t *, sigset_t *);
> extern void set_current_blocked(sigset_t *);
> diff --git a/include/trace/events/signal.h b/include/trace/events/signal.h
> index 1db7e4b07c01..05a46135ee34 100644
> --- a/include/trace/events/signal.h
> +++ b/include/trace/events/signal.h
> @@ -49,8 +49,8 @@ enum {
> */
> TRACE_EVENT(signal_generate,
>
> - TP_PROTO(int sig, struct kernel_siginfo *info, struct task_struct *task,
> - int group, int result),
> + TP_PROTO(int sig, const struct kernel_siginfo *info,
> + struct task_struct *task, int group, int result),
>
> TP_ARGS(sig, info, task, group, result),
>
> diff --git a/kernel/signal.c b/kernel/signal.c
> index d72d9be3a992..26e8b8e1d03c 100644
> --- a/kernel/signal.c
> +++ b/kernel/signal.c
> @@ -1037,7 +1037,7 @@ static inline bool legacy_queue(struct sigpending *signals, int sig)
> return (sig < SIGRTMIN) && sigismember(&signals->signal, sig);
> }
>
> -static int __send_signal_locked(int sig, struct kernel_siginfo *info,
> +static int __send_signal_locked(int sig, const struct kernel_siginfo *info,
> struct task_struct *t, enum pid_type type, bool force)
> {
> struct sigpending *pending;
> @@ -1154,7 +1154,7 @@ static int __send_signal_locked(int sig, struct kernel_siginfo *info,
> return ret;
> }
>
> -static inline bool has_si_pid_and_uid(struct kernel_siginfo *info)
> +static inline bool has_si_pid_and_uid(const struct kernel_siginfo *info)
> {
> bool ret = false;
> switch (siginfo_layout(info->si_signo, info->si_code)) {
> @@ -1178,10 +1178,11 @@ static inline bool has_si_pid_and_uid(struct kernel_siginfo *info)
> return ret;
> }
>
> -int send_signal_locked(int sig, struct kernel_siginfo *info,
> +int send_signal_locked(int sig, const struct kernel_siginfo *info,
> struct task_struct *t, enum pid_type type)
> {
> struct kernel_siginfo rewritten;
> + const struct kernel_siginfo *send_info = info;
> /* Should SIGKILL or SIGSTOP be received by a pid namespace init? */
> bool force = false;
>
> @@ -1196,26 +1197,27 @@ int send_signal_locked(int sig, struct kernel_siginfo *info,
> struct user_namespace *t_user_ns;
>
> rewritten = *info;
> - info = &rewritten;
> + send_info = &rewritten;
>
> rcu_read_lock();
> t_user_ns = task_cred_xxx(t, user_ns);
> if (current_user_ns() != t_user_ns) {
> - kuid_t uid = make_kuid(current_user_ns(), info->si_uid);
> - info->si_uid = from_kuid_munged(t_user_ns, uid);
> + kuid_t uid = make_kuid(current_user_ns(), rewritten.si_uid);
> +
> + rewritten.si_uid = from_kuid_munged(t_user_ns, uid);
> }
> rcu_read_unlock();
>
> /* A kernel generated signal? */
> - force = (info->si_code == SI_KERNEL);
> + force = (rewritten.si_code == SI_KERNEL);
>
> /* From an ancestor pid namespace? */
> if (!task_pid_nr_ns(current, task_active_pid_ns(t))) {
> - info->si_pid = 0;
> + rewritten.si_pid = 0;
> force = true;
> }
> }
> - return __send_signal_locked(sig, info, t, type, force);
> + return __send_signal_locked(sig, send_info, t, type, force);
> }
>
> static void print_fatal_signal(int signr)
> --
> 2.53.0
>
next prev parent reply other threads:[~2026-06-23 10:39 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-22 16:40 [PATCH] signal: avoid shared siginfo namespace rewrites Bradley Morgan
2026-06-22 17:46 ` Oleg Nesterov
2026-06-22 20:05 ` Bradley Morgan
2026-06-22 20:25 ` [PATCH v2 1/2] " Bradley Morgan
2026-06-23 11:37 ` Oleg Nesterov
2026-06-22 20:25 ` [PATCH v2 2/2] signal: make send_signal_locked() take const siginfo Bradley Morgan
2026-06-23 10:39 ` Oleg Nesterov [this message]
2026-06-23 14:49 ` Bradley Morgan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ajpiSbciUfZr2zfm@redhat.com \
--to=oleg@redhat.com \
--cc=adrianhuang0701@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=brauner@kernel.org \
--cc=elver@google.com \
--cc=include@grrlz.net \
--cc=kexinsun@smail.nju.edu.cn \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=mathieu.desnoyers@efficios.com \
--cc=mhiramat@kernel.org \
--cc=nogikh@google.com \
--cc=peterz@infradead.org \
--cc=rostedt@goodmis.org \
--cc=tglx@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.