Re: Q: selinux_bprm_committed_creds() && signals/do_wait

[Oleg Nesterov]

On 04/29, David Howells wrote:
>
> Oleg Nesterov <oleg@xxxxxxxxxx> wrote:
>
> > > I suspect we should pass SIGKILL
> >
> > Or we can fliter out SIGKILLs, yes.
>
> How about the attached patch?

Heh. I did the very similar patch. It wasn't sent because I'd like to
understand flush_signal_handlers + sigemptyset first.

But,

> @@ -2398,11 +2398,14 @@ static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
>  		memset(&itimer, 0, sizeof itimer);
>  		for (i = 0; i < 3; i++)
>  			do_setitimer(i, &itimer, NULL);
> -		flush_signals(current);
>  		spin_lock_irq(&current->sighand->siglock);
> -		flush_signal_handlers(current, 1);
> -		sigemptyset(&current->blocked);
> -		recalc_sigpending();
> +		if (!sigismember(&current->pending.signal, SIGKILL) &&
> +		    !sigismember(&current->signal->shared_pending.signal,
> +				 SIGKILL)) {

No, no. Just

		if (!(current->signal->flags & SIGNAL_GROUP_EXIT))
			__flush_signals();

is enough and more clean imho. The fact that we _really_ have the pending
SIGKILL is just the implementation detail (and perhaps this we be changed
eventually).

No need to check ->shared_pending + ->pending. We can't have SIGKILL
(shared or not) without SIGNAL_GROUP_EXIT.

Oleg.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/