[nacked] prctl-add-pr_et_pdeathsig_proc.patch removed from -mm tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The patch titled
     Subject: prctl: add PR_[GS]ET_PDEATHSIG_PROC
has been removed from the -mm tree.  Its filename was
     prctl-add-pr_et_pdeathsig_proc.patch

This patch was dropped because it was nacked

------------------------------------------------------
From: Jürg Billeter <j@xxxxxxxxx>
Subject: prctl: add PR_[GS]ET_PDEATHSIG_PROC

PR_SET_PDEATHSIG sets a parent death signal that the calling process will
get when its parent thread dies, even when the result of getppid() doesn't
change because the calling process is reparented to a different thread in
the same parent process.  When managing multiple processes, a
process-based parent death signal is much more useful.  E.g., to avoid
stray child processes.

PR_SET_PDEATHSIG_PROC sets a process-based death signal.  Unlike
PR_SET_PDEATHSIG, this is inherited across fork to allow killing a whole
subtree without race conditions.

This can be used for sandboxing when combined with a seccomp filter.

There have been previous attempts to support this by changing the behavior
of PR_SET_PDEATHSIG.  However, that would break existing applications. 
See https://marc.info/?l=linux-kernel&m=117621804801689 and
https://bugzilla.kernel.org/show_bug.cgi?id=43300

Link: http://lkml.kernel.org/r/20170929123058.48924-1-j@xxxxxxxxx
Signed-off-by: Jürg Billeter <j@xxxxxxxxx>
Cc: Oleg Nesterov <oleg@xxxxxxxxxx>
Cc: Eric Biederman <ebiederm@xxxxxxxxxxxx>
Cc: Michael Kerrisk <mtk.manpages@xxxxxxxxx>
Cc: Filipe Brandenburger <filbranden@xxxxxxxxxx>
Cc: David Wilcox <davidvsthegiant@xxxxxxxxx>
Cc: "Adam H . Peterson" <alphaetapi@xxxxxxxxxxx>
Cc: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
Cc: <hansecke@xxxxxxxxx>
Cc: <linux-api@xxxxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---


diff -puN fs/exec.c~prctl-add-pr_et_pdeathsig_proc fs/exec.c
--- a/fs/exec.c~prctl-add-pr_et_pdeathsig_proc
+++ a/fs/exec.c
@@ -1338,6 +1338,7 @@ void setup_new_exec(struct linux_binprm
 	if (bprm->secureexec) {
 		/* Make sure parent cannot signal privileged process. */
 		current->pdeath_signal = 0;
+		current->signal->pdeath_signal_proc = 0;
 
 		/*
 		 * For secureexec, reset the stack limit to sane default to
diff -puN include/linux/sched/signal.h~prctl-add-pr_et_pdeathsig_proc include/linux/sched/signal.h
--- a/include/linux/sched/signal.h~prctl-add-pr_et_pdeathsig_proc
+++ a/include/linux/sched/signal.h
@@ -112,6 +112,9 @@ struct signal_struct {
 	int			group_stop_count;
 	unsigned int		flags; /* see SIGNAL_* flags below */
 
+	/* The signal sent when the parent dies: */
+	int			pdeath_signal_proc;
+
 	/*
 	 * PR_SET_CHILD_SUBREAPER marks a process, like a service
 	 * manager, to re-parent orphan (double-forking) child processes
diff -puN include/uapi/linux/prctl.h~prctl-add-pr_et_pdeathsig_proc include/uapi/linux/prctl.h
--- a/include/uapi/linux/prctl.h~prctl-add-pr_et_pdeathsig_proc
+++ a/include/uapi/linux/prctl.h
@@ -219,4 +219,8 @@ struct prctl_mm_map {
 # define PR_SPEC_DISABLE		(1UL << 2)
 # define PR_SPEC_FORCE_DISABLE		(1UL << 3)
 
+/* Process-based variant of PDEATHSIG */
+#define PR_SET_PDEATHSIG_PROC		48
+#define PR_GET_PDEATHSIG_PROC		49
+
 #endif /* _LINUX_PRCTL_H */
diff -puN kernel/cred.c~prctl-add-pr_et_pdeathsig_proc kernel/cred.c
--- a/kernel/cred.c~prctl-add-pr_et_pdeathsig_proc
+++ a/kernel/cred.c
@@ -448,6 +448,7 @@ int commit_creds(struct cred *new)
 		if (task->mm)
 			set_dumpable(task->mm, suid_dumpable);
 		task->pdeath_signal = 0;
+		task->signal->pdeath_signal_proc = 0;
 		smp_wmb();
 	}
 
diff -puN kernel/exit.c~prctl-add-pr_et_pdeathsig_proc kernel/exit.c
--- a/kernel/exit.c~prctl-add-pr_et_pdeathsig_proc
+++ a/kernel/exit.c
@@ -636,6 +636,10 @@ static void reparent_leader(struct task_
 	if (unlikely(p->exit_state == EXIT_DEAD))
 		return;
 
+	if (p->signal->pdeath_signal_proc)
+		group_send_sig_info(p->signal->pdeath_signal_proc,
+				    SEND_SIG_NOINFO, p);
+
 	/* We don't want people slaying init. */
 	p->exit_signal = SIGCHLD;
 
diff -puN kernel/fork.c~prctl-add-pr_et_pdeathsig_proc kernel/fork.c
--- a/kernel/fork.c~prctl-add-pr_et_pdeathsig_proc
+++ a/kernel/fork.c
@@ -1515,6 +1515,8 @@ static int copy_signal(unsigned long clo
 
 	mutex_init(&sig->cred_guard_mutex);
 
+	sig->pdeath_signal_proc = current->signal->pdeath_signal_proc;
+
 	return 0;
 }
 
diff -puN kernel/sys.c~prctl-add-pr_et_pdeathsig_proc kernel/sys.c
--- a/kernel/sys.c~prctl-add-pr_et_pdeathsig_proc
+++ a/kernel/sys.c
@@ -2289,6 +2289,17 @@ SYSCALL_DEFINE5(prctl, int, option, unsi
 	case PR_GET_PDEATHSIG:
 		error = put_user(me->pdeath_signal, (int __user *)arg2);
 		break;
+	case PR_SET_PDEATHSIG_PROC:
+		if (!valid_signal(arg2)) {
+			error = -EINVAL;
+			break;
+		}
+		me->signal->pdeath_signal_proc = arg2;
+		break;
+	case PR_GET_PDEATHSIG_PROC:
+		error = put_user(me->signal->pdeath_signal_proc,
+				 (int __user *)arg2);
+		break;
 	case PR_GET_DUMPABLE:
 		error = get_dumpable(me->mm);
 		break;
diff -puN security/apparmor/lsm.c~prctl-add-pr_et_pdeathsig_proc security/apparmor/lsm.c
--- a/security/apparmor/lsm.c~prctl-add-pr_et_pdeathsig_proc
+++ a/security/apparmor/lsm.c
@@ -695,6 +695,7 @@ static void apparmor_bprm_committing_cre
 	aa_inherit_files(bprm->cred, current->files);
 
 	current->pdeath_signal = 0;
+	current->signal->pdeath_signal_proc = 0;
 
 	/* reset soft limits and set hard limits for the new label */
 	__aa_transition_rlimits(label, new_label);
diff -puN security/selinux/hooks.c~prctl-add-pr_et_pdeathsig_proc security/selinux/hooks.c
--- a/security/selinux/hooks.c~prctl-add-pr_et_pdeathsig_proc
+++ a/security/selinux/hooks.c
@@ -2652,6 +2652,7 @@ static void selinux_bprm_committing_cred
 
 	/* Always clear parent death signal on SID transitions. */
 	current->pdeath_signal = 0;
+	current->signal->pdeath_signal_proc = 0;
 
 	/* Check whether the new SID can inherit resource limits from the old
 	 * SID.  If not, reset all soft limits to the lower of the current
_

Patches currently in -mm which might be from j@xxxxxxxxx are





[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux