• E
    signal/GenWQE: Fix sending of SIGKILL · 392d51e0
    Eric W. Biederman 提交于
    commit 0ab93e9c99f8208c0a1a7b7170c827936268c996 upstream.
    
    The genweq_add_file and genwqe_del_file by caching current without
    using reference counting embed the assumption that a file descriptor
    will never be passed from one process to another.  It even embeds the
    assumption that the the thread that opened the file will be in
    existence when the process terminates.   Neither of which are
    guaranteed to be true.
    
    Therefore replace caching the task_struct of the opener with
    pid of the openers thread group id.  All the knowledge of the
    opener is used for is as the target of SIGKILL and a SIGKILL
    will kill the entire process group.
    
    Rename genwqe_force_sig to genwqe_terminate, remove it's unncessary
    signal argument, update it's ownly caller, and use kill_pid
    instead of force_sig.
    
    The work force_sig does in changing signal handling state is not
    relevant to SIGKILL sent as SEND_SIG_PRIV.  The exact same processess
    will be killed just with less work, and less confusion.  The work done
    by force_sig is really only needed for handling syncrhonous
    exceptions.
    
    It will still be possible to cause genwqe_device_remove to wait
    8 seconds by passing a file descriptor to another process but
    the possible user after free is fixed.
    
    Fixes: eaf4722d ("GenWQE Character device and DDCB queue")
    Cc: stable@vger.kernel.org
    Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Cc: Frank Haverkamp <haver@linux.vnet.ibm.com>
    Cc: Joerg-Stephan Vogt <jsvogt@de.ibm.com>
    Cc: Michael Jung <mijung@gmx.net>
    Cc: Michael Ruettger <michael@ibmra.de>
    Cc: Kleber Sacilotto de Souza <klebers@linux.vnet.ibm.com>
    Cc: Sebastian Ott <sebott@linux.vnet.ibm.com>
    Cc: Eberhard S. Amann <esa@linux.vnet.ibm.com>
    Cc: Gabriel Krisman Bertazi <krisman@linux.vnet.ibm.com>
    Cc: Guilherme G. Piccoli <gpiccoli@linux.vnet.ibm.com>
    Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>
    Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    392d51e0
card_base.h 19.3 KB