The patch titled signals: cleanup security_task_kill() usage/implementation has been removed from the -mm tree. Its filename was signals-cleanup-security_task_kill-usage-implementation.patch This patch was dropped because it was merged into mainline or a subsystem tree The current -mm tree may be found at http://userweb.kernel.org/~akpm/mmotm/ ------------------------------------------------------ Subject: signals: cleanup security_task_kill() usage/implementation From: Oleg Nesterov <oleg@xxxxxxxxxx> Every implementation of ->task_kill() does nothing when the signal comes from the kernel. This is correct, but means that check_kill_permission() should call security_task_kill() only for SI_FROMUSER() case, and we can remove the same check from ->task_kill() implementations. (sadly, check_kill_permission() is the last user of signal->session/__session but we can't s/task_session_nr/task_session/ here). NOTE: Eric W. Biederman pointed out cap_task_kill() should die, and I think he is very right. Signed-off-by: Oleg Nesterov <oleg@xxxxxxxxxx> Cc: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> Cc: Serge Hallyn <serue@xxxxxxxxxx> Cc: Roland McGrath <roland@xxxxxxxxxx> Cc: Casey Schaufler <casey@xxxxxxxxxxxxxxxx> Cc: David Quigley <dpquigl@xxxxxxxxxxxxx> Cc: Eric Paris <eparis@xxxxxxxxxx> Cc: Harald Welte <laforge@xxxxxxxxxxxx> Cc: Pavel Emelyanov <xemul@xxxxxxxxxx> Cc: Stephen Smalley <sds@xxxxxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- kernel/signal.c | 27 ++++++++++++++------------- security/selinux/hooks.c | 3 --- security/smack/smack_lsm.c | 9 --------- 3 files changed, 14 insertions(+), 25 deletions(-) diff -puN kernel/signal.c~signals-cleanup-security_task_kill-usage-implementation kernel/signal.c --- a/kernel/signal.c~signals-cleanup-security_task_kill-usage-implementation +++ a/kernel/signal.c @@ -533,22 +533,23 @@ static int rm_from_queue(unsigned long m static int check_kill_permission(int sig, struct siginfo *info, struct task_struct *t) { - int error = -EINVAL; + int error; + if (!valid_signal(sig)) - return error; + return -EINVAL; - if (info == SEND_SIG_NOINFO || (!is_si_special(info) && SI_FROMUSER(info))) { - error = audit_signal_info(sig, t); /* Let audit system see the signal */ - if (error) - return error; - error = -EPERM; - if (((sig != SIGCONT) || - (task_session_nr(current) != task_session_nr(t))) - && (current->euid ^ t->suid) && (current->euid ^ t->uid) - && (current->uid ^ t->suid) && (current->uid ^ t->uid) - && !capable(CAP_KILL)) + if (info != SEND_SIG_NOINFO && (is_si_special(info) || SI_FROMKERNEL(info))) + return 0; + + error = audit_signal_info(sig, t); /* Let audit system see the signal */ + if (error) return error; - } + + if (((sig != SIGCONT) || (task_session_nr(current) != task_session_nr(t))) + && (current->euid ^ t->suid) && (current->euid ^ t->uid) + && (current->uid ^ t->suid) && (current->uid ^ t->uid) + && !capable(CAP_KILL)) + return -EPERM; return security_task_kill(t, info, sig, 0); } diff -puN security/selinux/hooks.c~signals-cleanup-security_task_kill-usage-implementation security/selinux/hooks.c --- a/security/selinux/hooks.c~signals-cleanup-security_task_kill-usage-implementation +++ a/security/selinux/hooks.c @@ -3286,9 +3286,6 @@ static int selinux_task_kill(struct task if (rc) return rc; - if (info != SEND_SIG_NOINFO && (is_si_special(info) || SI_FROMKERNEL(info))) - return 0; - if (!sig) perm = PROCESS__SIGNULL; /* null signal; existence test */ else diff -puN security/smack/smack_lsm.c~signals-cleanup-security_task_kill-usage-implementation security/smack/smack_lsm.c --- a/security/smack/smack_lsm.c~signals-cleanup-security_task_kill-usage-implementation +++ a/security/smack/smack_lsm.c @@ -1131,15 +1131,6 @@ static int smack_task_kill(struct task_s int sig, u32 secid) { /* - * Special cases where signals really ought to go through - * in spite of policy. Stephen Smalley suggests it may - * make sense to change the caller so that it doesn't - * bother with the LSM hook in these cases. - */ - if (info != SEND_SIG_NOINFO && - (is_si_special(info) || SI_FROMKERNEL(info))) - return 0; - /* * Sending a signal requires that the sender * can write the receiver. */ _ Patches currently in -mm which might be from oleg@xxxxxxxxxx are origin.patch posix-timers-bug-10460-discard-the-pending-signal-when-the-timer-is-destroyed.patch workqueue-remove-redundant-function-invocation.patch put_pid-make-sure-we-dont-free-the-live-pid.patch -- To unsubscribe from this list: send the line "unsubscribe mm-commits" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html