The patch titled signals: remove 'handler' parameter to tracehook functions has been added to the -mm tree. Its filename is signals-remove-handler-parameter-to-tracehook-functions.patch Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/SubmitChecklist when testing your code *** See http://userweb.kernel.org/~akpm/stuff/added-to-mm.txt to find out what to do about this The current -mm tree may be found at http://userweb.kernel.org/~akpm/mmotm/ ------------------------------------------------------ Subject: signals: remove 'handler' parameter to tracehook functions From: Oleg Nesterov <oleg@xxxxxxxxxx> Container-init must behave like global-init to processes within the container and hence it must be immune to unhandled fatal signals from within the container (i.e SIG_DFL signals that terminate the process). But the same container-init must behave like a normal process to processes in ancestor namespaces and so if it receives the same fatal signal from a process in ancestor namespace, the signal must be processed. Implementing these semantics requires that send_signal() determine pid namespace of the sender but since signals can originate from workqueues/ interrupt-handlers, determining pid namespace of sender may not always be possible or safe. This patchset implements the design/simplified semantics suggested by Oleg Nesterov. The simplified semantics for container-init are: - container-init must never be terminated by a signal from a descendant process. - container-init must never be immune to SIGKILL from an ancestor namespace (so a process in parent namespace must always be able to terminate a descendant container). - container-init may be immune to unhandled fatal signals (like SIGUSR1) even if they are from ancestor namespace. SIGKILL/SIGSTOP are the only reliable signals to a container-init from ancestor namespace. This patch: Based on an earlier patch submitted by Oleg Nesterov and comments from Roland McGrath (http://lkml.org/lkml/2008/11/19/258). The handler parameter is currently unused in the tracehook functions. Besides, the tracehook functions are called with siglock held, so the functions can check the handler if they later need to. Removing the parameter simiplifies changes to sig_ignored() in a follow-on patch. Signed-off-by: Sukadev Bhattiprolu <sukadev@xxxxxxxxxxxxxxxxxx> Acked-by: Roland McGrath <roland@xxxxxxxxxx> Signed-off-by: Oleg Nesterov <oleg@xxxxxxxxxx> Cc: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> Cc: Daniel Lezcano <daniel.lezcano@xxxxxxx> Cc: Ingo Molnar <mingo@xxxxxxx> Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx> Cc: "H. Peter Anvin" <hpa@xxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- arch/x86/kernel/ptrace.c | 2 +- include/linux/tracehook.h | 13 ++++--------- kernel/signal.c | 6 +++--- 3 files changed, 8 insertions(+), 13 deletions(-) diff -puN arch/x86/kernel/ptrace.c~signals-remove-handler-parameter-to-tracehook-functions arch/x86/kernel/ptrace.c --- a/arch/x86/kernel/ptrace.c~signals-remove-handler-parameter-to-tracehook-functions +++ a/arch/x86/kernel/ptrace.c @@ -1456,6 +1456,6 @@ asmregparm void syscall_trace_leave(stru * system call instruction. */ if (test_thread_flag(TIF_SINGLESTEP) && - tracehook_consider_fatal_signal(current, SIGTRAP, SIG_DFL)) + tracehook_consider_fatal_signal(current, SIGTRAP)) send_sigtrap(current, regs, 0, TRAP_BRKPT); } diff -puN include/linux/tracehook.h~signals-remove-handler-parameter-to-tracehook-functions include/linux/tracehook.h --- a/include/linux/tracehook.h~signals-remove-handler-parameter-to-tracehook-functions +++ a/include/linux/tracehook.h @@ -388,17 +388,14 @@ static inline void tracehook_signal_hand * tracehook_consider_ignored_signal - suppress short-circuit of ignored signal * @task: task receiving the signal * @sig: signal number being sent - * @handler: %SIG_IGN or %SIG_DFL * * Return zero iff tracing doesn't care to examine this ignored signal, * so it can short-circuit normal delivery and never even get queued. - * Either @handler is %SIG_DFL and @sig's default is ignore, or it's %SIG_IGN. * * Called with @task->sighand->siglock held. */ static inline int tracehook_consider_ignored_signal(struct task_struct *task, - int sig, - void __user *handler) + int sig) { return (task_ptrace(task) & PT_PTRACED) != 0; } @@ -407,19 +404,17 @@ static inline int tracehook_consider_ign * tracehook_consider_fatal_signal - suppress special handling of fatal signal * @task: task receiving the signal * @sig: signal number being sent - * @handler: %SIG_DFL or %SIG_IGN * * Return nonzero to prevent special handling of this termination signal. - * Normally @handler is %SIG_DFL. It can be %SIG_IGN if @sig is ignored, - * in which case force_sig() is about to reset it to %SIG_DFL. + * Normally handler for signal is %SIG_DFL. It can be %SIG_IGN if @sig is + * ignored, in which case force_sig() is about to reset it to %SIG_DFL. * When this returns zero, this signal might cause a quick termination * that does not give the debugger a chance to intercept the signal. * * Called with or without @task->sighand->siglock held. */ static inline int tracehook_consider_fatal_signal(struct task_struct *task, - int sig, - void __user *handler) + int sig) { return (task_ptrace(task) & PT_PTRACED) != 0; } diff -puN kernel/signal.c~signals-remove-handler-parameter-to-tracehook-functions kernel/signal.c --- a/kernel/signal.c~signals-remove-handler-parameter-to-tracehook-functions +++ a/kernel/signal.c @@ -74,7 +74,7 @@ static int sig_ignored(struct task_struc /* * Tracers may want to know about even ignored signals. */ - return !tracehook_consider_ignored_signal(t, sig, handler); + return !tracehook_consider_ignored_signal(t, sig); } /* @@ -318,7 +318,7 @@ int unhandled_signal(struct task_struct return 1; if (handler != SIG_IGN && handler != SIG_DFL) return 0; - return !tracehook_consider_fatal_signal(tsk, sig, handler); + return !tracehook_consider_fatal_signal(tsk, sig); } @@ -777,7 +777,7 @@ static void complete_signal(int sig, str !(signal->flags & (SIGNAL_UNKILLABLE | SIGNAL_GROUP_EXIT)) && !sigismember(&t->real_blocked, sig) && (sig == SIGKILL || - !tracehook_consider_fatal_signal(t, sig, SIG_DFL))) { + !tracehook_consider_fatal_signal(t, sig))) { /* * This signal will be fatal to the whole group. */ _ Patches currently in -mm which might be from oleg@xxxxxxxxxx are origin.patch linux-next.patch pipe_rdwr_fasync-fix-the-error-handling-to-prevent-the-leak-crash.patch get_mm_hiwater_xxx-trivial-s-define-inline.patch getrusage-fill-ru_maxrss-value.patch do_wait-fix-waiting-for-the-group-stop-with-the-dead-leader.patch signals-remove-handler-parameter-to-tracehook-functions.patch signals-protect-init-from-unwanted-signals-more.patch ptrace-kill-__ptrace_detach-fix-exit_state-check.patch ptrace-simplify-ptrace_exit-ignoring_children-path.patch ptrace-simplify-ptrace_exit-ignoring_children-pathpatch-fix.patch ptrace-reintroduce-__ptrace_detach-as-a-callee-of-ptrace_exit.patch ptrace-reintroduce-__ptrace_detach-as-a-callee-of-ptrace_exit-fix.patch ptrace-fix-possible-zombie-leak-on-ptrace_detach.patch reparent_thread-dont-call-kill_orphaned_pgrp-if-task_detached.patch reparent_thread-fix-the-is-it-traced-check.patch reparent_thread-fix-a-zombie-leak-if-sbin-init-ignores-sigchld.patch forget_original_parent-split-out-the-un-ptrace-part.patch forget_original_parent-do-not-abuse-child-ptrace_entry.patch forget_original_parent-do-not-abuse-child-ptrace_entry-fix.patch move-exit_ptrace-from-forget_original_parent-to-do_exit.patch reparent-untrace-do-nothing-if-no-childs-tracees.patch tracehook_notify_death-use-task_detached-helper.patch ptrace_detach-the-wrong-wakeup-breaks-the-erestartxxx-logic.patch ptrace_untrace-fix-the-signal_stop_stopped-check.patch workqueue-avoid-recursion-in-run_workqueue.patch kthreads-simplify-the-startup-synchronization.patch kthreads-rework-kthread_stop.patch kthreads-simplify-migration_thread-exit-path.patch pids-document-task_pgrp-task_session-is-not-safe-without-tasklist-rcu.patch pids-document-task_pgrp-task_session-is-not-safe-without-tasklist-rcu-fix.patch pids-improve-get_task_pid-to-fix-the-unsafe-sys_wait4-task_pgrp.patch pids-refactor-vnr-nr_ns-helpers-to-make-them-safe.patch pids-kill-now-unused-signal_struct-__pgrp-__session-and-friends.patch -- To unsubscribe from this list: send the line "unsubscribe mm-commits" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html