Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754404AbZD2MA0 (ORCPT ); Wed, 29 Apr 2009 08:00:26 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1752548AbZD2MAN (ORCPT ); Wed, 29 Apr 2009 08:00:13 -0400 Received: from mx2.redhat.com ([66.187.237.31]:43000 "EHLO mx2.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752347AbZD2MAM (ORCPT ); Wed, 29 Apr 2009 08:00:12 -0400 Date: Wed, 29 Apr 2009 13:55:50 +0200 From: Oleg Nesterov To: David Howells Cc: James Morris , Eric Paris , Roland McGrath , Stephen Smalley , linux-kernel@vger.kernel.org Subject: Re: Q: selinux_bprm_committed_creds() && signals/do_wait Message-ID: <20090429115550.GA25368@redhat.com> References: <20090429102511.GA10767@redhat.com> <20090429065809.GA477@redhat.com> <20090428223025.GA11997@redhat.com> <7242.1240999370@redhat.com> <7150.1241003840@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <7150.1241003840@redhat.com> User-Agent: Mutt/1.5.18 (2008-05-17) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1467 Lines: 47 On 04/29, David Howells wrote: > > Oleg Nesterov wrote: > > > > I suspect we should pass SIGKILL > > > > Or we can fliter out SIGKILLs, yes. > > How about the attached patch? Heh. I did the very similar patch. It wasn't sent because I'd like to understand flush_signal_handlers + sigemptyset first. But, > @@ -2398,11 +2398,14 @@ static void selinux_bprm_committed_creds(struct linux_binprm *bprm) > memset(&itimer, 0, sizeof itimer); > for (i = 0; i < 3; i++) > do_setitimer(i, &itimer, NULL); > - flush_signals(current); > spin_lock_irq(¤t->sighand->siglock); > - flush_signal_handlers(current, 1); > - sigemptyset(¤t->blocked); > - recalc_sigpending(); > + if (!sigismember(¤t->pending.signal, SIGKILL) && > + !sigismember(¤t->signal->shared_pending.signal, > + SIGKILL)) { No, no. Just if (!(current->signal->flags & SIGNAL_GROUP_EXIT)) __flush_signals(); is enough and more clean imho. The fact that we _really_ have the pending SIGKILL is just the implementation detail (and perhaps this we be changed eventually). No need to check ->shared_pending + ->pending. We can't have SIGKILL (shared or not) without SIGNAL_GROUP_EXIT. Oleg. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/