Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp4815670imm; Tue, 31 Jul 2018 00:05:11 -0700 (PDT) X-Google-Smtp-Source: AAOMgpdZA63QJgkOdN4du+288stTir/mi70PJam//Sx8EZWKkxSJBFe2hRcKt/gzll4CZU9H8L7B X-Received: by 2002:a63:4283:: with SMTP id p125-v6mr19564934pga.142.1533020710955; Tue, 31 Jul 2018 00:05:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1533020710; cv=none; d=google.com; s=arc-20160816; b=aP+Aditmh9S8A6iHZxmZcOuAZ3Qyw9Ay1/UVIUMHDPBAzb1hXaih/e02JuklO4zIiw 2bun6zn3M2YPVTnbgCp/PdN5A60g/us/aR2TasUa/z+F/fsDtaIof4OjOd29ip4qMn1+ yoWrFIo5KBU1WgzR5edDibFdS07GMyRQfb+wmOQ6hRUUVNYffTO0wNjs2DqumSGFhHeD 5uQak+CJJYuHWvraUOUC011kC5ZWCzCfL6g8WL0jQFJgZkWYsjFrQk1FGfGRZWVGM82A JKQvw5t3WNU9YlXs4zYUSnRkhkQKWa6EbyQjUC7LIy0D+3bxHABij6DtM8Sw2t5brM+n /VOA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=QEVNcLJta3QC6rBXgxTrQXrBoN359UwQ/bZIdnFC2Q8=; b=yWQfFnSL3Vf1alWz2xkygXuV9JQoK7ZztB3bRvkLx/otv0JtQPNYxZNViJ8oMENPVh YlQTs+xaiaVSAKH7Oei9iJt77qJl1DiqtsFbCQ7Zi7qWcbWRAz5NeMkQOWXfK4U34l7Q SyiMuJ5Sug4844TW5sXpk/4o/lbG7msQw2ZddLPVHE935DJv62+7HWzTMJTgV0czdpG7 n8PuYjdhWgeN8QjElm3fGT1cL9iUHVSYjb1d8CK2Wdq5Q1V/+HtO0o9QbYP19mgXMBmp lVpGa9zUnFxEgVpi5gzSEUcsyL95cHj5Cfrnt3wXy7ciu+3xkZ3+4nY/wkUKRgIfrPin Y8KA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m13-v6si5129568pgk.251.2018.07.31.00.04.56; Tue, 31 Jul 2018 00:05:10 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728701AbeGaIm7 (ORCPT + 99 others); Tue, 31 Jul 2018 04:42:59 -0400 Received: from nov-007-i652.relay.mailchannels.net ([46.232.183.206]:30605 "EHLO nov-007-i652.relay.mailchannels.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726591AbeGaIm6 (ORCPT ); Tue, 31 Jul 2018 04:42:58 -0400 X-Sender-Id: novatrend|x-authuser|juerg@bitron.ch Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 986A91B6027D; Tue, 31 Jul 2018 07:04:03 +0000 (UTC) Received: from srv17.tophost.ch (swiss-ingress-2.mailchannels.ch [46.232.183.6]) by relay.mailchannels.net (Postfix) with ESMTPA id 7F11E1B60282; Tue, 31 Jul 2018 07:04:00 +0000 (UTC) X-Sender-Id: novatrend|x-authuser|juerg@bitron.ch Received: from srv17.tophost.ch (srv17.tophost.ch [193.33.128.141]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.15.2); Tue, 31 Jul 2018 07:04:03 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: novatrend|x-authuser|juerg@bitron.ch X-MailChannels-Auth-Id: novatrend X-Print-Stop: 6430aced53d64932_1533020643175_615042603 X-MC-Loop-Signature: 1533020643175:205961080 X-MC-Ingress-Time: 1533020643175 Received: from [80.219.231.201] (port=42542 helo=jzen.bitron.ch) by srv17.tophost.ch with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-SHA256:128) (Exim 4.91) (envelope-from ) id 1fkOhK-009EZM-0v; Tue, 31 Jul 2018 09:03:58 +0200 From: =?UTF-8?q?J=C3=BCrg=20Billeter?= To: Andrew Morton Cc: Oleg Nesterov , Thomas Gleixner , Eric Biederman , linux-api@vger.kernel.org, linux-kernel@vger.kernel.org, =?UTF-8?q?J=C3=BCrg=20Billeter?= Subject: [PATCH v2] prctl: add PR_[GS]ET_KILLABLE Date: Tue, 31 Jul 2018 09:03:37 +0200 Message-Id: <20180731070337.61004-1-j@bitron.ch> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180730075241.24002-1-j@bitron.ch> References: <20180730075241.24002-1-j@bitron.ch> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-AuthUser: juerg@bitron.ch Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org PR_SET_KILLABLE clears the SIGNAL_UNKILLABLE flag. This allows CLONE_NEWPID tasks to restore normal signal behavior, opting out of the special signal protection for init processes. This prctl does not allow setting the SIGNAL_UNKILLABLE flag, only clearing. The SIGNAL_UNKILLABLE flag, which is implicitly set for tasks cloned with CLONE_NEWPID, has the effect of ignoring all signals (from userspace) if the corresponding handler is set to SIG_DFL. The only exceptions are SIGKILL and SIGSTOP and they are only accepted if raised from an ancestor namespace. SIGINT, SIGQUIT and SIGTSTP are used in job control for ^C, ^\, ^Z. While a task with the SIGNAL_UNKILLABLE flag could install handlers for these signals, this is not sufficient to implement a shell that uses CLONE_NEWPID for child processes: * As SIGSTOP is ignored when raised from the SIGNAL_UNKILLABLE process itself, it's not possible to implement the stop action in a custom SIGTSTP handler. * Many applications do not install handlers for these signals and thus, job control won't work properly with unmodified applications. There are other scenarios besides job control in a shell where applications rely on the default actions as described in signal(7) and PID isolation may be useful. This new prctl makes the signal protection for "init" processes optional, without breaking backward compatibility. Signed-off-by: Jürg Billeter --- v2: Hold siglock for PR_SET_KILLABLE, expand commit message. include/uapi/linux/prctl.h | 4 ++++ kernel/sys.c | 13 +++++++++++++ 2 files changed, 17 insertions(+) diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h index c0d7ea0bf5b6..92afb63da727 100644 --- a/include/uapi/linux/prctl.h +++ b/include/uapi/linux/prctl.h @@ -219,4 +219,8 @@ struct prctl_mm_map { # define PR_SPEC_DISABLE (1UL << 2) # define PR_SPEC_FORCE_DISABLE (1UL << 3) +/* Control SIGNAL_UNKILLABLE */ +#define PR_GET_KILLABLE 54 +#define PR_SET_KILLABLE 55 + #endif /* _LINUX_PRCTL_H */ diff --git a/kernel/sys.c b/kernel/sys.c index 38509dc1f77b..92c9322cfb98 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -2484,6 +2484,19 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, return -EINVAL; error = arch_prctl_spec_ctrl_set(me, arg2, arg3); break; + case PR_GET_KILLABLE: + if (arg3 || arg4 || arg5) + return -EINVAL; + error = put_user(!(me->signal->flags & SIGNAL_UNKILLABLE), + (int __user *)arg2); + break; + case PR_SET_KILLABLE: + if (arg2 != 1 || arg3 || arg4 || arg5) + return -EINVAL; + spin_lock_irq(&me->sighand->siglock); + me->signal->flags &= ~SIGNAL_UNKILLABLE; + spin_unlock_irq(&me->sighand->siglock); + break; default: error = -EINVAL; break; -- 2.18.0