1. 09 2月, 2008 2 次提交
  2. 06 2月, 2008 2 次提交
  3. 29 11月, 2007 1 次提交
  4. 13 11月, 2007 1 次提交
    • R
      core dump: remain dumpable · 00ec99da
      Roland McGrath 提交于
      The coredump code always calls set_dumpable(0) when it starts (even
      if RLIMIT_CORE prevents any core from being dumped).  The effect of
      this (via task_dumpable) is to make /proc/pid/* files owned by root
      instead of the user, so the user can no longer examine his own
      process--in a case where there was never any privileged data to
      protect.  This affects e.g. auxv, environ, fd; in Fedora (execshield)
      kernels, also maps.  In practice, you can only notice this when a
      debugger has requested PTRACE_EVENT_EXIT tracing.
      
      set_dumpable was only used in do_coredump for synchronization and not
      intended for any security purpose.  (It doesn't secure anything that wasn't
      already unsecured when a process dies by SIGTERM instead of SIGQUIT.)
      
      This changes do_coredump to check the core_waiters count as the means of
      synchronization, which is sufficient.  Now we leave the "dumpable" bits alone.
      Signed-off-by: NRoland McGrath <roland@redhat.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      00ec99da
  5. 20 10月, 2007 6 次提交
  6. 17 10月, 2007 11 次提交
  7. 21 9月, 2007 1 次提交
    • D
      signalfd simplification · b8fceee1
      Davide Libenzi 提交于
      This simplifies signalfd code, by avoiding it to remain attached to the
      sighand during its lifetime.
      
      In this way, the signalfd remain attached to the sighand only during
      poll(2) (and select and epoll) and read(2).  This also allows to remove
      all the custom "tsk == current" checks in kernel/signal.c, since
      dequeue_signal() will only be called by "current".
      
      I think this is also what Ben was suggesting time ago.
      
      The external effect of this, is that a thread can extract only its own
      private signals and the group ones.  I think this is an acceptable
      behaviour, in that those are the signals the thread would be able to
      fetch w/out signalfd.
      Signed-off-by: NDavide Libenzi <davidel@xmailserver.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      b8fceee1
  8. 23 8月, 2007 2 次提交
    • O
      exec: kill unsafe BUG_ON(sig->count) checks · abd96ecb
      Oleg Nesterov 提交于
      de_thread:
      
      	if (atomic_read(&oldsighand->count) <= 1)
      		BUG_ON(atomic_read(&sig->count) != 1);
      
      This is not safe without the rmb() in between.  The results of two
      correctly ordered __exit_signal()->atomic_dec_and_test()'s could be seen
      out of order on our CPU.
      
      The same is true for the "thread_group_empty()" case, __unhash_process()'s
      changes could be seen before atomic_dec_and_test(&sig->count).
      
      On some platforms (including i386) atomic_read() doesn't provide even the
      compiler barrier, in that case these checks are simply racy.
      
      Remove these BUG_ON()'s. Alternatively, we can do something like
      
      	BUG_ON( ({ smp_rmb(); atomic_read(&sig->count) != 1; }) );
      Signed-off-by: NOleg Nesterov <oleg@tv-sign.ru>
      Acked-by: NPaul E. McKenney <paulmck@linux.vnet.ibm.com>
      Cc: Roland McGrath <roland@redhat.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      abd96ecb
    • O
      signalfd: make it group-wide, fix posix-timers scheduling · f9ee228b
      Oleg Nesterov 提交于
      With this patch any thread can dequeue its own private signals via signalfd,
      even if it was created by another sub-thread.
      
      To do so, we pass "current" to dequeue_signal() if the caller is from the same
      thread group. This also fixes the scheduling of posix timers broken by the
      previous patch.
      
      If the caller doesn't belong to this thread group, we can't handle __SI_TIMER
      case properly anyway. Perhaps we should forbid the cross-process signalfd usage
      and convert ctx->tsk to ctx->sighand.
      Signed-off-by: NOleg Nesterov <oleg@tv-sign.ru>
      Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
      Cc: Davide Libenzi <davidel@xmailserver.org>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: Michael Kerrisk <mtk-manpages@gmx.net>
      Cc: Roland McGrath <roland@redhat.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: <stable@kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      f9ee228b
  9. 19 8月, 2007 1 次提交
  10. 20 7月, 2007 3 次提交
  11. 24 5月, 2007 1 次提交
  12. 17 5月, 2007 1 次提交
  13. 11 5月, 2007 3 次提交
    • D
      signal/timer/event: signalfd core · fba2afaa
      Davide Libenzi 提交于
      This patch series implements the new signalfd() system call.
      
      I took part of the original Linus code (and you know how badly it can be
      broken :), and I added even more breakage ;) Signals are fetched from the same
      signal queue used by the process, so signalfd will compete with standard
      kernel delivery in dequeue_signal().  If you want to reliably fetch signals on
      the signalfd file, you need to block them with sigprocmask(SIG_BLOCK).  This
      seems to be working fine on my Dual Opteron machine.  I made a quick test
      program for it:
      
      http://www.xmailserver.org/signafd-test.c
      
      The signalfd() system call implements signal delivery into a file descriptor
      receiver.  The signalfd file descriptor if created with the following API:
      
      int signalfd(int ufd, const sigset_t *mask, size_t masksize);
      
      The "ufd" parameter allows to change an existing signalfd sigmask, w/out going
      to close/create cycle (Linus idea).  Use "ufd" == -1 if you want a brand new
      signalfd file.
      
      The "mask" allows to specify the signal mask of signals that we are interested
      in.  The "masksize" parameter is the size of "mask".
      
      The signalfd fd supports the poll(2) and read(2) system calls.  The poll(2)
      will return POLLIN when signals are available to be dequeued.  As a direct
      consequence of supporting the Linux poll subsystem, the signalfd fd can use
      used together with epoll(2) too.
      
      The read(2) system call will return a "struct signalfd_siginfo" structure in
      the userspace supplied buffer.  The return value is the number of bytes copied
      in the supplied buffer, or -1 in case of error.  The read(2) call can also
      return 0, in case the sighand structure to which the signalfd was attached,
      has been orphaned.  The O_NONBLOCK flag is also supported, and read(2) will
      return -EAGAIN in case no signal is available.
      
      If the size of the buffer passed to read(2) is lower than sizeof(struct
      signalfd_siginfo), -EINVAL is returned.  A read from the signalfd can also
      return -ERESTARTSYS in case a signal hits the process.  The format of the
      struct signalfd_siginfo is, and the valid fields depends of the (->code &
      __SI_MASK) value, in the same way a struct siginfo would:
      
      struct signalfd_siginfo {
      	__u32 signo;	/* si_signo */
      	__s32 err;	/* si_errno */
      	__s32 code;	/* si_code */
      	__u32 pid;	/* si_pid */
      	__u32 uid;	/* si_uid */
      	__s32 fd;	/* si_fd */
      	__u32 tid;	/* si_fd */
      	__u32 band;	/* si_band */
      	__u32 overrun;	/* si_overrun */
      	__u32 trapno;	/* si_trapno */
      	__s32 status;	/* si_status */
      	__s32 svint;	/* si_int */
      	__u64 svptr;	/* si_ptr */
      	__u64 utime;	/* si_utime */
      	__u64 stime;	/* si_stime */
      	__u64 addr;	/* si_addr */
      };
      
      [akpm@linux-foundation.org: fix signalfd_copyinfo() on i386]
      Signed-off-by: NDavide Libenzi <davidel@xmailserver.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      fba2afaa
    • S
      attach_pid() with struct pid parameter · e713d0da
      Sukadev Bhattiprolu 提交于
      attach_pid() currently takes a pid_t and then uses find_pid() to find the
      corresponding struct pid.  Sometimes we already have the struct pid.  We can
      then skip find_pid() if attach_pid() were to take a struct pid parameter.
      Signed-off-by: NSukadev Bhattiprolu <sukadev@us.ibm.com>
      Cc: Cedric Le Goater <clg@fr.ibm.com>
      Cc: Dave Hansen <haveblue@us.ibm.com>
      Cc: Serge Hallyn <serue@us.ibm.com>
      Cc: <containers@lists.osdl.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      e713d0da
    • S
      [PATCH] Abnormal End of Processes · 0a4ff8c2
      Steve Grubb 提交于
      Hi,
      
      I have been working on some code that detects abnormal events based on audit
      system events. One kind of event that we currently have no visibility for is
      when a program terminates due to segfault - which should never happen on a
      production machine. And if it did, you'd want to investigate it. Attached is a
      patch that collects these events and sends them into the audit system.
      Signed-off-by: NSteve Grubb <sgrubb@redhat.com>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      0a4ff8c2
  14. 09 5月, 2007 2 次提交
    • K
      (re)register_binfmt returns with -EBUSY · 98701d1b
      kalash nainwal 提交于
      When a binary format is unregistered and re-registered, register_binfmt
      fails with -EBUSY.  The reason is that unregister_binfmt does not set
      fmt->next to NULL, and seeing (fmt->next != NULL), register_binfmt fails
      with -EBUSY.
      
      One can find his way around by explicitly setting fmt->next to NULL after
      unregistering, but that is kind of unclean (one should better be using only
      the interfaces, and not the interal members, isn't it?)
      
      Attached one-liner can fix it.
      Signed-off-by: NKalash Nainwal <kalash.nainwal@gmail.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      98701d1b
    • N
      exec: fix remove_arg_zero · 4fc75ff4
      Nick Piggin 提交于
      Petr Tesarik discovered a problem in remove_arg_zero(). He writes:
      
       When a script is loaded, load_script() replaces argv[0] with the
       name of the interpreter and the filename passed to the exec syscall.
       However, there is no guarantee that the length of the interpreter
       name plus the length of the filename is greater than the length of
       the original argv[0]. If the difference happens to cross a page boundary,
       setup_arg_pages() will call put_dirty_page() [aka install_arg_page()]
       with an address outside the VMA.
      
       Therefore, remove_arg_zero() must free all pages which would be unused
       after the argument is removed.
      
      So, rewrite the remove_arg_zero function without gotos, with a few comments,
      and with the commonly used explicit index/offset. This fixes the problem
      and makes it easier to understand as well.
      
      [a.p.zijlstra@chello.nl: add comment]
      Signed-off-by: NNick Piggin <npiggin@suse.de>
      Cc: Petr Tesarik <ptesarik@suse.cz>
      Signed-off-by: NPeter Zijlstra <a.p.zijlstra@chello.nl>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      4fc75ff4
  15. 18 4月, 2007 1 次提交
  16. 12 2月, 2007 1 次提交
  17. 11 12月, 2006 1 次提交
    • V
      [PATCH] fdtable: Make fdarray and fdsets equal in size · bbea9f69
      Vadim Lobanov 提交于
      Currently, each fdtable supports three dynamically-sized arrays of data: the
      fdarray and two fdsets.  The code allows the number of fds supported by the
      fdarray (fdtable->max_fds) to differ from the number of fds supported by each
      of the fdsets (fdtable->max_fdset).
      
      In practice, it is wasteful for these two sizes to differ: whenever we hit a
      limit on the smaller-capacity structure, we will reallocate the entire fdtable
      and all the dynamic arrays within it, so any delta in the memory used by the
      larger-capacity structure will never be touched at all.
      
      Rather than hogging this excess, we shouldn't even allocate it in the first
      place, and keep the capacities of the fdarray and the fdsets equal.  This
      patch removes fdtable->max_fdset.  As an added bonus, most of the supporting
      code becomes simpler.
      Signed-off-by: NVadim Lobanov <vlobanov@speakeasy.net>
      Cc: Christoph Hellwig <hch@lst.de>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Dipankar Sarma <dipankar@in.ibm.com>
      Signed-off-by: NAndrew Morton <akpm@osdl.org>
      Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
      bbea9f69