Commit 43918f2b authored by Oleg Nesterov's avatar Oleg Nesterov Committed by Linus Torvalds

signals: remove 'handler' parameter to tracehook functions

Container-init must behave like global-init to processes within the
container and hence it must be immune to unhandled fatal signals from
within the container (i.e SIG_DFL signals that terminate the process).

But the same container-init must behave like a normal process to processes
in ancestor namespaces and so if it receives the same fatal signal from a
process in ancestor namespace, the signal must be processed.

Implementing these semantics requires that send_signal() determine pid
namespace of the sender but since signals can originate from workqueues/
interrupt-handlers, determining pid namespace of sender may not always be
possible or safe.

This patchset implements the design/simplified semantics suggested by
Oleg Nesterov.  The simplified semantics for container-init are:

	- container-init must never be terminated by a signal from a
	  descendant process.

	- container-init must never be immune to SIGKILL from an ancestor
	  namespace (so a process in parent namespace must always be able
	  to terminate a descendant container).

	- container-init may be immune to unhandled fatal signals (like
	  SIGUSR1) even if they are from ancestor namespace. SIGKILL/SIGSTOP
	  are the only reliable signals to a container-init from ancestor
	  namespace.

This patch:

Based on an earlier patch submitted by Oleg Nesterov and comments from
Roland McGrath (http://lkml.org/lkml/2008/11/19/258).

The handler parameter is currently unused in the tracehook functions.
Besides, the tracehook functions are called with siglock held, so the
functions can check the handler if they later need to.

Removing the parameter simiplifies changes to sig_ignored() in a follow-on
patch.
Signed-off-by: default avatarSukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
Acked-by: default avatarRoland McGrath <roland@redhat.com>
Signed-off-by: default avatarOleg Nesterov <oleg@tv-sign.ru>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Daniel Lezcano <daniel.lezcano@free.fr>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 90bc8d8b
...@@ -1455,6 +1455,6 @@ asmregparm void syscall_trace_leave(struct pt_regs *regs) ...@@ -1455,6 +1455,6 @@ asmregparm void syscall_trace_leave(struct pt_regs *regs)
* system call instruction. * system call instruction.
*/ */
if (test_thread_flag(TIF_SINGLESTEP) && if (test_thread_flag(TIF_SINGLESTEP) &&
tracehook_consider_fatal_signal(current, SIGTRAP, SIG_DFL)) tracehook_consider_fatal_signal(current, SIGTRAP))
send_sigtrap(current, regs, 0, TRAP_BRKPT); send_sigtrap(current, regs, 0, TRAP_BRKPT);
} }
...@@ -388,17 +388,14 @@ static inline void tracehook_signal_handler(int sig, siginfo_t *info, ...@@ -388,17 +388,14 @@ static inline void tracehook_signal_handler(int sig, siginfo_t *info,
* tracehook_consider_ignored_signal - suppress short-circuit of ignored signal * tracehook_consider_ignored_signal - suppress short-circuit of ignored signal
* @task: task receiving the signal * @task: task receiving the signal
* @sig: signal number being sent * @sig: signal number being sent
* @handler: %SIG_IGN or %SIG_DFL
* *
* Return zero iff tracing doesn't care to examine this ignored signal, * Return zero iff tracing doesn't care to examine this ignored signal,
* so it can short-circuit normal delivery and never even get queued. * so it can short-circuit normal delivery and never even get queued.
* Either @handler is %SIG_DFL and @sig's default is ignore, or it's %SIG_IGN.
* *
* Called with @task->sighand->siglock held. * Called with @task->sighand->siglock held.
*/ */
static inline int tracehook_consider_ignored_signal(struct task_struct *task, static inline int tracehook_consider_ignored_signal(struct task_struct *task,
int sig, int sig)
void __user *handler)
{ {
return (task_ptrace(task) & PT_PTRACED) != 0; return (task_ptrace(task) & PT_PTRACED) != 0;
} }
...@@ -407,19 +404,17 @@ static inline int tracehook_consider_ignored_signal(struct task_struct *task, ...@@ -407,19 +404,17 @@ static inline int tracehook_consider_ignored_signal(struct task_struct *task,
* tracehook_consider_fatal_signal - suppress special handling of fatal signal * tracehook_consider_fatal_signal - suppress special handling of fatal signal
* @task: task receiving the signal * @task: task receiving the signal
* @sig: signal number being sent * @sig: signal number being sent
* @handler: %SIG_DFL or %SIG_IGN
* *
* Return nonzero to prevent special handling of this termination signal. * Return nonzero to prevent special handling of this termination signal.
* Normally @handler is %SIG_DFL. It can be %SIG_IGN if @sig is ignored, * Normally handler for signal is %SIG_DFL. It can be %SIG_IGN if @sig is
* in which case force_sig() is about to reset it to %SIG_DFL. * ignored, in which case force_sig() is about to reset it to %SIG_DFL.
* When this returns zero, this signal might cause a quick termination * When this returns zero, this signal might cause a quick termination
* that does not give the debugger a chance to intercept the signal. * that does not give the debugger a chance to intercept the signal.
* *
* Called with or without @task->sighand->siglock held. * Called with or without @task->sighand->siglock held.
*/ */
static inline int tracehook_consider_fatal_signal(struct task_struct *task, static inline int tracehook_consider_fatal_signal(struct task_struct *task,
int sig, int sig)
void __user *handler)
{ {
return (task_ptrace(task) & PT_PTRACED) != 0; return (task_ptrace(task) & PT_PTRACED) != 0;
} }
......
...@@ -74,7 +74,7 @@ static int sig_ignored(struct task_struct *t, int sig) ...@@ -74,7 +74,7 @@ static int sig_ignored(struct task_struct *t, int sig)
/* /*
* Tracers may want to know about even ignored signals. * Tracers may want to know about even ignored signals.
*/ */
return !tracehook_consider_ignored_signal(t, sig, handler); return !tracehook_consider_ignored_signal(t, sig);
} }
/* /*
...@@ -318,7 +318,7 @@ int unhandled_signal(struct task_struct *tsk, int sig) ...@@ -318,7 +318,7 @@ int unhandled_signal(struct task_struct *tsk, int sig)
return 1; return 1;
if (handler != SIG_IGN && handler != SIG_DFL) if (handler != SIG_IGN && handler != SIG_DFL)
return 0; return 0;
return !tracehook_consider_fatal_signal(tsk, sig, handler); return !tracehook_consider_fatal_signal(tsk, sig);
} }
...@@ -777,7 +777,7 @@ static void complete_signal(int sig, struct task_struct *p, int group) ...@@ -777,7 +777,7 @@ static void complete_signal(int sig, struct task_struct *p, int group)
!(signal->flags & (SIGNAL_UNKILLABLE | SIGNAL_GROUP_EXIT)) && !(signal->flags & (SIGNAL_UNKILLABLE | SIGNAL_GROUP_EXIT)) &&
!sigismember(&t->real_blocked, sig) && !sigismember(&t->real_blocked, sig) &&
(sig == SIGKILL || (sig == SIGKILL ||
!tracehook_consider_fatal_signal(t, sig, SIG_DFL))) { !tracehook_consider_fatal_signal(t, sig))) {
/* /*
* This signal will be fatal to the whole group. * This signal will be fatal to the whole group.
*/ */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment