diff options
author | Oleg Nesterov <oleg@redhat.com> | 2015-06-04 16:22:16 -0400 |
---|---|---|
committer | Paul Moore <pmoore@redhat.com> | 2015-06-04 16:22:16 -0400 |
commit | 9e7c8f8c62c1e1cda203b5bfaba4575b141e42e7 (patch) | |
tree | ffbe4be8b34649fd07898137aeb74404f4fa093f | |
parent | cded3fffbeab777e6ad2ec05d4a3b62c5caca0f3 (diff) | |
download | op-kernel-dev-9e7c8f8c62c1e1cda203b5bfaba4575b141e42e7.zip op-kernel-dev-9e7c8f8c62c1e1cda203b5bfaba4575b141e42e7.tar.gz |
signals: don't abuse __flush_signals() in selinux_bprm_committed_creds()
selinux_bprm_committed_creds()->__flush_signals() is not right, we
shouldn't clear TIF_SIGPENDING unconditionally. There can be other
reasons for signal_pending(): freezing(), JOBCTL_PENDING_MASK, and
potentially more.
Also change this code to check fatal_signal_pending() rather than
SIGNAL_GROUP_EXIT, it looks a bit better.
Now we can kill __flush_signals() before it finds another buggy user.
Note: this code looks racy, we can flush a signal which was sent after
the task SID has been updated.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
-rw-r--r-- | include/linux/sched.h | 1 | ||||
-rw-r--r-- | kernel/signal.c | 13 | ||||
-rw-r--r-- | security/selinux/hooks.c | 6 |
3 files changed, 8 insertions, 12 deletions
diff --git a/include/linux/sched.h b/include/linux/sched.h index 8222ae4..4f84aad 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -2373,7 +2373,6 @@ extern void sched_dead(struct task_struct *p); extern void proc_caches_init(void); extern void flush_signals(struct task_struct *); -extern void __flush_signals(struct task_struct *); extern void ignore_signals(struct task_struct *); extern void flush_signal_handlers(struct task_struct *, int force_default); extern int dequeue_signal(struct task_struct *tsk, sigset_t *mask, siginfo_t *info); diff --git a/kernel/signal.c b/kernel/signal.c index d51c5dd..d497250 100644 --- a/kernel/signal.c +++ b/kernel/signal.c @@ -414,21 +414,16 @@ void flush_sigqueue(struct sigpending *queue) } /* - * Flush all pending signals for a task. + * Flush all pending signals for this kthread. */ -void __flush_signals(struct task_struct *t) -{ - clear_tsk_thread_flag(t, TIF_SIGPENDING); - flush_sigqueue(&t->pending); - flush_sigqueue(&t->signal->shared_pending); -} - void flush_signals(struct task_struct *t) { unsigned long flags; spin_lock_irqsave(&t->sighand->siglock, flags); - __flush_signals(t); + clear_tsk_thread_flag(t, TIF_SIGPENDING); + flush_sigqueue(&t->pending); + flush_sigqueue(&t->signal->shared_pending); spin_unlock_irqrestore(&t->sighand->siglock, flags); } diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 99c4a00..8abbd54 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2416,10 +2416,12 @@ static void selinux_bprm_committed_creds(struct linux_binprm *bprm) for (i = 0; i < 3; i++) do_setitimer(i, &itimer, NULL); spin_lock_irq(¤t->sighand->siglock); - if (!(current->signal->flags & SIGNAL_GROUP_EXIT)) { - __flush_signals(current); + if (!fatal_signal_pending(current)) { + flush_sigqueue(¤t->pending); + flush_sigqueue(¤t->signal->shared_pending); flush_signal_handlers(current, 1); sigemptyset(¤t->blocked); + recalc_sigpending(); } spin_unlock_irq(¤t->sighand->siglock); } |