Re: Q: selinux_bprm_committed_creds() && signals/do_wait
From: Oleg Nesterov
Date: Wed Apr 29 2009 - 08:00:27 EST
On 04/29, David Howells wrote:
>
> Oleg Nesterov <oleg@xxxxxxxxxx> wrote:
>
> > > I suspect we should pass SIGKILL
> >
> > Or we can fliter out SIGKILLs, yes.
>
> How about the attached patch?
Heh. I did the very similar patch. It wasn't sent because I'd like to
understand flush_signal_handlers + sigemptyset first.
But,
> @@ -2398,11 +2398,14 @@ static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
> memset(&itimer, 0, sizeof itimer);
> for (i = 0; i < 3; i++)
> do_setitimer(i, &itimer, NULL);
> - flush_signals(current);
> spin_lock_irq(¤t->sighand->siglock);
> - flush_signal_handlers(current, 1);
> - sigemptyset(¤t->blocked);
> - recalc_sigpending();
> + if (!sigismember(¤t->pending.signal, SIGKILL) &&
> + !sigismember(¤t->signal->shared_pending.signal,
> + SIGKILL)) {
No, no. Just
if (!(current->signal->flags & SIGNAL_GROUP_EXIT))
__flush_signals();
is enough and more clean imho. The fact that we _really_ have the pending
SIGKILL is just the implementation detail (and perhaps this we be changed
eventually).
No need to check ->shared_pending + ->pending. We can't have SIGKILL
(shared or not) without SIGNAL_GROUP_EXIT.
Oleg.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/