1. 23 Aug, 2007 1 commit
    • Oleg Nesterov's avatar
      signalfd: fix interaction with posix-timers · 834d216e
      Oleg Nesterov authored
      
      dequeue_signal:
      
      	if (__SI_TIMER) {
      		spin_unlock(&tsk->sighand->siglock);
      		do_schedule_next_timer(info);
      		spin_lock(&tsk->sighand->siglock);
      	}
      
      Unless tsk == curent, this is absolutely unsafe: nothing prevents tsk from
      exiting. If signalfd was passed to another process, do_schedule_next_timer()
      is just wrong.
      
      Add yet another "tsk == current" check into dequeue_signal().
      
      This patch fixes an oopsable bug, but breaks the scheduling of posix timers
      if the shared __SI_TIMER signal was fetched via signalfd attached to another
      sub-thread. Mostly fixed by the next patch.
      Signed-off-by: default avatarOleg Nesterov <oleg@tv-sign.ru>
      Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
      Cc: Davide Libenzi <davidel@xmailserver.org>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: Michael Kerrisk <mtk-manpages@gmx.net>
      Cc: Roland McGrath <roland@redhat.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: <stable@kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      834d216e
  2. 03 Aug, 2007 1 commit
  3. 22 Jul, 2007 1 commit
    • Masoud Asgharifard Sharbiani's avatar
      x86: i386-show-unhandled-signals-v3 · abd4f750
      Masoud Asgharifard Sharbiani authored
      
      This patch makes the i386 behave the same way that x86_64 does when a
      segfault happens.  A line gets printed to the kernel log so that tools
      that need to check for failures can behave more uniformly between
      debug.show_unhandled_signals sysctl variable to 0 (or by doing echo 0 >
      /proc/sys/debug/exception-trace)
      
      Also, all of the lines being printed are now using printk_ratelimit() to
      deny the ability of DoS from a local user with a program like the
      following:
      
      main()
      {
             while (1)
                     if (!fork()) *(int *)0 = 0;
      }
      
      This new revision also includes the fix that Andrew did which got rid of
      new sysctl that was added to the system in earlier versions of this.
      Also, 'show-unhandled-signals' sysctl has been renamed back to the old
      'exception-trace' to avoid breakage of people's scripts.
      
      AK: Enabling by default for i386 will be likely controversal, but let's see what happens
      AK: Really folks, before complaining just fix your segfaults
      AK: I bet this will find a lot of silent issues
      Signed-off-by: default avatarMasoud Sharbiani <masouds@google.com>
      Signed-off-by: default avatarAndi Kleen <ak@suse.de>
      [ Personally, I've found the complaints useful on x86-64, so I'm all for
        this. That said, I wonder if we could do it more prettily..   -Linus ]
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      abd4f750
  4. 16 Jul, 2007 1 commit
  5. 18 Jun, 2007 1 commit
  6. 07 Jun, 2007 1 commit
    • Roland McGrath's avatar
      Restrict clearing TIF_SIGPENDING · b74d0deb
      Roland McGrath authored
      
      This patch should get a few birds.  It prevents sigaction calls from
      clearing TIF_SIGPENDING in other threads, which could leak -ERESTART*.
      And It fixes ptrace_stop not to clear it, which done at the syscall exit
      stop could leak -ERESTART*.  It probably removes the harm from signalfd,
      at least assuming it never calls dequeue_signal on kernel threads that
      might have used block_all_signals.
      Signed-off-by: default avatarRoland McGrath <roland@redhat.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
      Cc: Paul Mackerras <paulus@samba.org>
      Cc: Satoru Takeuchi <takeuchi_satoru@jp.fujitsu.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      b74d0deb
  7. 24 May, 2007 1 commit
    • Roland McGrath's avatar
      recalc_sigpending_tsk fixes · 7bb44ade
      Roland McGrath authored
      
      Steve Hawkes discovered a problem where recalc_sigpending_tsk was called in
      do_sigaction but no signal_wake_up call was made, preventing later signals
      from waking up blocked threads with TIF_SIGPENDING already set.
      
      In fact, the few other calls to recalc_sigpending_tsk outside the signals
      code are also subject to this problem in other race conditions.
      
      This change makes recalc_sigpending_tsk private to the signals code.  It
      changes the outside calls, as well as do_sigaction, to use the new
      recalc_sigpending_and_wake instead.
      Signed-off-by: default avatarRoland McGrath <roland@redhat.com>
      Cc: <Steve.Hawkes@motorola.com>
      Cc: Oleg Nesterov <oleg@tv-sign.ru>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      7bb44ade
  8. 11 May, 2007 2 commits
    • Davide Libenzi's avatar
      signal/timer/event: signalfd core · fba2afaa
      Davide Libenzi authored
      This patch series implements the new signalfd() system call.
      
      I took part of the original Linus code (and you know how badly it can be
      broken :), and I added even more breakage ;) Signals are fetched from the same
      signal queue used by the process, so signalfd will compete with standard
      kernel delivery in dequeue_signal().  If you want to reliably fetch signals on
      the signalfd file, you need to block them with sigprocmask(SIG_BLOCK).  This
      seems to be working fine on my Dual Opteron machine.  I made a quick test
      program for it:
      
      http://www.xmailserver.org/signafd-test.c
      
      
      
      The signalfd() system call implements signal delivery into a file descriptor
      receiver.  The signalfd file descriptor if created with the following API:
      
      int signalfd(int ufd, const sigset_t *mask, size_t masksize);
      
      The "ufd" parameter allows to change an existing signalfd sigmask, w/out going
      to close/create cycle (Linus idea).  Use "ufd" == -1 if you want a brand new
      signalfd file.
      
      The "mask" allows to specify the signal mask of signals that we are interested
      in.  The "masksize" parameter is the size of "mask".
      
      The signalfd fd supports the poll(2) and read(2) system calls.  The poll(2)
      will return POLLIN when signals are available to be dequeued.  As a direct
      consequence of supporting the Linux poll subsystem, the signalfd fd can use
      used together with epoll(2) too.
      
      The read(2) system call will return a "struct signalfd_siginfo" structure in
      the userspace supplied buffer.  The return value is the number of bytes copied
      in the supplied buffer, or -1 in case of error.  The read(2) call can also
      return 0, in case the sighand structure to which the signalfd was attached,
      has been orphaned.  The O_NONBLOCK flag is also supported, and read(2) will
      return -EAGAIN in case no signal is available.
      
      If the size of the buffer passed to read(2) is lower than sizeof(struct
      signalfd_siginfo), -EINVAL is returned.  A read from the signalfd can also
      return -ERESTARTSYS in case a signal hits the process.  The format of the
      struct signalfd_siginfo is, and the valid fields depends of the (->code &
      __SI_MASK) value, in the same way a struct siginfo would:
      
      struct signalfd_siginfo {
      	__u32 signo;	/* si_signo */
      	__s32 err;	/* si_errno */
      	__s32 code;	/* si_code */
      	__u32 pid;	/* si_pid */
      	__u32 uid;	/* si_uid */
      	__s32 fd;	/* si_fd */
      	__u32 tid;	/* si_fd */
      	__u32 band;	/* si_band */
      	__u32 overrun;	/* si_overrun */
      	__u32 trapno;	/* si_trapno */
      	__s32 status;	/* si_status */
      	__s32 svint;	/* si_int */
      	__u64 svptr;	/* si_ptr */
      	__u64 utime;	/* si_utime */
      	__u64 stime;	/* si_stime */
      	__u64 addr;	/* si_addr */
      };
      
      [akpm@linux-foundation.org: fix signalfd_copyinfo() on i386]
      Signed-off-by: default avatarDavide Libenzi <davidel@xmailserver.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      fba2afaa
    • Amy Griffis's avatar
      [PATCH] audit signal recipients · e54dc243
      Amy Griffis authored
      
      When auditing syscalls that send signals, log the pid and security
      context for each target process. Optimize the data collection by
      adding a counter for signal-related rules, and avoiding allocating an
      aux struct unless we have more than one target process. For process
      groups, collect pid/context data in blocks of 16. Move the
      audit_signal_info() hook up in check_kill_permission() so we audit
      attempts where permission is denied.
      Signed-off-by: default avatarAmy Griffis <amy.griffis@hp.com>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      e54dc243
  9. 09 May, 2007 3 commits
  10. 08 May, 2007 1 commit
  11. 07 May, 2007 1 commit
  12. 17 Feb, 2007 1 commit
  13. 16 Feb, 2007 1 commit
  14. 12 Feb, 2007 3 commits
  15. 11 Feb, 2007 2 commits
  16. 13 Dec, 2006 1 commit
    • Rafael J. Wysocki's avatar
      [PATCH] PM: Fix freezing of stopped tasks · 3df494a3
      Rafael J. Wysocki authored
      
      Currently, if a task is stopped (ie.  it's in the TASK_STOPPED state), it
      is considered by the freezer as unfreezeable.  However, there may be a race
      between the freezer and the delivery of the continuation signal to the task
      resulting in the task running after we have finished freezing the other
      tasks.  This, in turn, may lead to undesirable effects up to and including
      data corruption.
      
      To prevent this from happening we first need to make the freezer consider
      stopped tasks as freezeable.  For this purpose we need to make freezeable()
      stop returning 0 for these tasks and we need to force them to enter the
      refrigerator.  However, if there's no continuation signal in the meantime,
      the stopped tasks should remain stopped after all processes have been
      thawed, so we need to send an additional SIGSTOP to each of them before
      waking it up.
      
      Also, a stopped task that has just been woken up should first check if
      there's a freezing request for it and go to the refrigerator if that's the
      case.
      Signed-off-by: default avatarRafael J. Wysocki <rjw@sisk.pl>
      Acked-by: default avatarPavel Machek <pavel@ucw.cz>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      3df494a3
  17. 08 Dec, 2006 2 commits
  18. 07 Dec, 2006 3 commits
  19. 04 Nov, 2006 1 commit
    • Linus Torvalds's avatar
      Make sure "user->sigpending" count is in sync · 10b1fbdb
      Linus Torvalds authored
      The previous commit (45c18b0b
      
      , aka "Fix
      unlikely (but possible) race condition on task->user access") fixed a
      potential oops due to __sigqueue_alloc() getting its "user" pointer out
      of sync with switch_user(), and accessing a user pointer that had been
      de-allocated on another CPU.
      
      It still left another (much less serious) problem, where a concurrent
      __sigqueue_alloc and swich_user could cause sigqueue_alloc to do signal
      pending reference counting for a _different_ user than the one it then
      actually ended up using.  No oops, but we'd end up with the wrong signal
      accounting.
      
      Another case of Oleg's eagle-eyes picking up the problem.
      
      This is trivially fixed by just making sure we load whichever "user"
      structure we decide to use (it doesn't matter _which_ one we pick, we
      just need to pick one) just once.
      Acked-by: default avatarOleg Nesterov <oleg@tv-sign.ru>
      Cc: Andrew Morton <akpm@osdl.org>
      Cc: Ingo Molnar <mingo@elte.hu>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      10b1fbdb
  20. 02 Oct, 2006 2 commits
    • Eric W. Biederman's avatar
      [PATCH] usb: fixup usb so it uses struct pid · 2425c08b
      Eric W. Biederman authored
      
      The problem with remembering a user space process by its pid is that it is
      possible that the process will exit, pid wrap around will occur.
      Converting to a struct pid avoid that problem, and paves the way for
      implementing a pid namespace.
      
      Also since usb is the only user of kill_proc_info_as_uid rename
      kill_proc_info_as_uid to kill_pid_info_as_uid and have the new version take
      a struct pid.
      Signed-off-by: default avatarEric W. Biederman <ebiederm@xmission.com>
      Acked-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      2425c08b
    • Eric W. Biederman's avatar
      [PATCH] pid: implement signal functions that take a struct pid * · c4b92fc1
      Eric W. Biederman authored
      
      Currently the signal functions all either take a task or a pid_t argument.
      This patch implements variants that take a struct pid *.  After all of the
      users have been update it is my intention to remove the variants that take a
      pid_t as using pid_t can be more work (an extra hash table lookup) and
      difficult to get right in the presence of multiple pid namespaces.
      
      There are two kinds of functions introduced in this patch.  The are the
      general use functions kill_pgrp and kill_pid which take a priv argument that
      is ultimately used to create the appropriate siginfo information, Then there
      are _kill_pgrp_info, kill_pgrp_info, kill_pid_info the internal implementation
      helpers that take an explicit siginfo.
      
      The distinction is made because filling out an explcit siginfo is tricky, and
      will be even more tricky when pid namespaces are introduced.
      Signed-off-by: default avatarEric W. Biederman <ebiederm@xmission.com>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      c4b92fc1
  21. 29 Sep, 2006 1 commit
  22. 27 Sep, 2006 1 commit
  23. 03 Aug, 2006 1 commit
  24. 30 Jun, 2006 2 commits
  25. 26 Jun, 2006 1 commit
  26. 20 Jun, 2006 1 commit
  27. 14 Apr, 2006 1 commit
  28. 11 Apr, 2006 1 commit
  29. 02 Apr, 2006 1 commit