xref: /linux/kernel/signal.c (revision 6e8331ac6973435b1e7604c30f2ad394035b46e1)
1 /*
2  *  linux/kernel/signal.c
3  *
4  *  Copyright (C) 1991, 1992  Linus Torvalds
5  *
6  *  1997-11-02  Modified for POSIX.1b signals by Richard Henderson
7  *
8  *  2003-06-02  Jim Houston - Concurrent Computer Corp.
9  *		Changes to use preallocated sigqueue structures
10  *		to allow signals to be sent reliably.
11  */
12 
13 #include <linux/slab.h>
14 #include <linux/module.h>
15 #include <linux/smp_lock.h>
16 #include <linux/init.h>
17 #include <linux/sched.h>
18 #include <linux/fs.h>
19 #include <linux/tty.h>
20 #include <linux/binfmts.h>
21 #include <linux/security.h>
22 #include <linux/syscalls.h>
23 #include <linux/ptrace.h>
24 #include <linux/signal.h>
25 #include <linux/capability.h>
26 #include <asm/param.h>
27 #include <asm/uaccess.h>
28 #include <asm/unistd.h>
29 #include <asm/siginfo.h>
30 #include "audit.h"	/* audit_signal_info() */
31 
32 /*
33  * SLAB caches for signal bits.
34  */
35 
36 static kmem_cache_t *sigqueue_cachep;
37 
38 /*
39  * In POSIX a signal is sent either to a specific thread (Linux task)
40  * or to the process as a whole (Linux thread group).  How the signal
41  * is sent determines whether it's to one thread or the whole group,
42  * which determines which signal mask(s) are involved in blocking it
43  * from being delivered until later.  When the signal is delivered,
44  * either it's caught or ignored by a user handler or it has a default
45  * effect that applies to the whole thread group (POSIX process).
46  *
47  * The possible effects an unblocked signal set to SIG_DFL can have are:
48  *   ignore	- Nothing Happens
49  *   terminate	- kill the process, i.e. all threads in the group,
50  * 		  similar to exit_group.  The group leader (only) reports
51  *		  WIFSIGNALED status to its parent.
52  *   coredump	- write a core dump file describing all threads using
53  *		  the same mm and then kill all those threads
54  *   stop 	- stop all the threads in the group, i.e. TASK_STOPPED state
55  *
56  * SIGKILL and SIGSTOP cannot be caught, blocked, or ignored.
57  * Other signals when not blocked and set to SIG_DFL behaves as follows.
58  * The job control signals also have other special effects.
59  *
60  *	+--------------------+------------------+
61  *	|  POSIX signal      |  default action  |
62  *	+--------------------+------------------+
63  *	|  SIGHUP            |  terminate	|
64  *	|  SIGINT            |	terminate	|
65  *	|  SIGQUIT           |	coredump 	|
66  *	|  SIGILL            |	coredump 	|
67  *	|  SIGTRAP           |	coredump 	|
68  *	|  SIGABRT/SIGIOT    |	coredump 	|
69  *	|  SIGBUS            |	coredump 	|
70  *	|  SIGFPE            |	coredump 	|
71  *	|  SIGKILL           |	terminate(+)	|
72  *	|  SIGUSR1           |	terminate	|
73  *	|  SIGSEGV           |	coredump 	|
74  *	|  SIGUSR2           |	terminate	|
75  *	|  SIGPIPE           |	terminate	|
76  *	|  SIGALRM           |	terminate	|
77  *	|  SIGTERM           |	terminate	|
78  *	|  SIGCHLD           |	ignore   	|
79  *	|  SIGCONT           |	ignore(*)	|
80  *	|  SIGSTOP           |	stop(*)(+)  	|
81  *	|  SIGTSTP           |	stop(*)  	|
82  *	|  SIGTTIN           |	stop(*)  	|
83  *	|  SIGTTOU           |	stop(*)  	|
84  *	|  SIGURG            |	ignore   	|
85  *	|  SIGXCPU           |	coredump 	|
86  *	|  SIGXFSZ           |	coredump 	|
87  *	|  SIGVTALRM         |	terminate	|
88  *	|  SIGPROF           |	terminate	|
89  *	|  SIGPOLL/SIGIO     |	terminate	|
90  *	|  SIGSYS/SIGUNUSED  |	coredump 	|
91  *	|  SIGSTKFLT         |	terminate	|
92  *	|  SIGWINCH          |	ignore   	|
93  *	|  SIGPWR            |	terminate	|
94  *	|  SIGRTMIN-SIGRTMAX |	terminate       |
95  *	+--------------------+------------------+
96  *	|  non-POSIX signal  |  default action  |
97  *	+--------------------+------------------+
98  *	|  SIGEMT            |  coredump	|
99  *	+--------------------+------------------+
100  *
101  * (+) For SIGKILL and SIGSTOP the action is "always", not just "default".
102  * (*) Special job control effects:
103  * When SIGCONT is sent, it resumes the process (all threads in the group)
104  * from TASK_STOPPED state and also clears any pending/queued stop signals
105  * (any of those marked with "stop(*)").  This happens regardless of blocking,
106  * catching, or ignoring SIGCONT.  When any stop signal is sent, it clears
107  * any pending/queued SIGCONT signals; this happens regardless of blocking,
108  * catching, or ignored the stop signal, though (except for SIGSTOP) the
109  * default action of stopping the process may happen later or never.
110  */
111 
112 #ifdef SIGEMT
113 #define M_SIGEMT	M(SIGEMT)
114 #else
115 #define M_SIGEMT	0
116 #endif
117 
118 #if SIGRTMIN > BITS_PER_LONG
119 #define M(sig) (1ULL << ((sig)-1))
120 #else
121 #define M(sig) (1UL << ((sig)-1))
122 #endif
123 #define T(sig, mask) (M(sig) & (mask))
124 
125 #define SIG_KERNEL_ONLY_MASK (\
126 	M(SIGKILL)   |  M(SIGSTOP)                                   )
127 
128 #define SIG_KERNEL_STOP_MASK (\
129 	M(SIGSTOP)   |  M(SIGTSTP)   |  M(SIGTTIN)   |  M(SIGTTOU)   )
130 
131 #define SIG_KERNEL_COREDUMP_MASK (\
132         M(SIGQUIT)   |  M(SIGILL)    |  M(SIGTRAP)   |  M(SIGABRT)   | \
133         M(SIGFPE)    |  M(SIGSEGV)   |  M(SIGBUS)    |  M(SIGSYS)    | \
134         M(SIGXCPU)   |  M(SIGXFSZ)   |  M_SIGEMT                     )
135 
136 #define SIG_KERNEL_IGNORE_MASK (\
137         M(SIGCONT)   |  M(SIGCHLD)   |  M(SIGWINCH)  |  M(SIGURG)    )
138 
139 #define sig_kernel_only(sig) \
140 		(((sig) < SIGRTMIN)  && T(sig, SIG_KERNEL_ONLY_MASK))
141 #define sig_kernel_coredump(sig) \
142 		(((sig) < SIGRTMIN)  && T(sig, SIG_KERNEL_COREDUMP_MASK))
143 #define sig_kernel_ignore(sig) \
144 		(((sig) < SIGRTMIN)  && T(sig, SIG_KERNEL_IGNORE_MASK))
145 #define sig_kernel_stop(sig) \
146 		(((sig) < SIGRTMIN)  && T(sig, SIG_KERNEL_STOP_MASK))
147 
148 #define sig_needs_tasklist(sig)	((sig) == SIGCONT)
149 
150 #define sig_user_defined(t, signr) \
151 	(((t)->sighand->action[(signr)-1].sa.sa_handler != SIG_DFL) &&	\
152 	 ((t)->sighand->action[(signr)-1].sa.sa_handler != SIG_IGN))
153 
154 #define sig_fatal(t, signr) \
155 	(!T(signr, SIG_KERNEL_IGNORE_MASK|SIG_KERNEL_STOP_MASK) && \
156 	 (t)->sighand->action[(signr)-1].sa.sa_handler == SIG_DFL)
157 
158 static int sig_ignored(struct task_struct *t, int sig)
159 {
160 	void __user * handler;
161 
162 	/*
163 	 * Tracers always want to know about signals..
164 	 */
165 	if (t->ptrace & PT_PTRACED)
166 		return 0;
167 
168 	/*
169 	 * Blocked signals are never ignored, since the
170 	 * signal handler may change by the time it is
171 	 * unblocked.
172 	 */
173 	if (sigismember(&t->blocked, sig))
174 		return 0;
175 
176 	/* Is it explicitly or implicitly ignored? */
177 	handler = t->sighand->action[sig-1].sa.sa_handler;
178 	return   handler == SIG_IGN ||
179 		(handler == SIG_DFL && sig_kernel_ignore(sig));
180 }
181 
182 /*
183  * Re-calculate pending state from the set of locally pending
184  * signals, globally pending signals, and blocked signals.
185  */
186 static inline int has_pending_signals(sigset_t *signal, sigset_t *blocked)
187 {
188 	unsigned long ready;
189 	long i;
190 
191 	switch (_NSIG_WORDS) {
192 	default:
193 		for (i = _NSIG_WORDS, ready = 0; --i >= 0 ;)
194 			ready |= signal->sig[i] &~ blocked->sig[i];
195 		break;
196 
197 	case 4: ready  = signal->sig[3] &~ blocked->sig[3];
198 		ready |= signal->sig[2] &~ blocked->sig[2];
199 		ready |= signal->sig[1] &~ blocked->sig[1];
200 		ready |= signal->sig[0] &~ blocked->sig[0];
201 		break;
202 
203 	case 2: ready  = signal->sig[1] &~ blocked->sig[1];
204 		ready |= signal->sig[0] &~ blocked->sig[0];
205 		break;
206 
207 	case 1: ready  = signal->sig[0] &~ blocked->sig[0];
208 	}
209 	return ready !=	0;
210 }
211 
212 #define PENDING(p,b) has_pending_signals(&(p)->signal, (b))
213 
214 fastcall void recalc_sigpending_tsk(struct task_struct *t)
215 {
216 	if (t->signal->group_stop_count > 0 ||
217 	    (freezing(t)) ||
218 	    PENDING(&t->pending, &t->blocked) ||
219 	    PENDING(&t->signal->shared_pending, &t->blocked))
220 		set_tsk_thread_flag(t, TIF_SIGPENDING);
221 	else
222 		clear_tsk_thread_flag(t, TIF_SIGPENDING);
223 }
224 
225 void recalc_sigpending(void)
226 {
227 	recalc_sigpending_tsk(current);
228 }
229 
230 /* Given the mask, find the first available signal that should be serviced. */
231 
232 static int
233 next_signal(struct sigpending *pending, sigset_t *mask)
234 {
235 	unsigned long i, *s, *m, x;
236 	int sig = 0;
237 
238 	s = pending->signal.sig;
239 	m = mask->sig;
240 	switch (_NSIG_WORDS) {
241 	default:
242 		for (i = 0; i < _NSIG_WORDS; ++i, ++s, ++m)
243 			if ((x = *s &~ *m) != 0) {
244 				sig = ffz(~x) + i*_NSIG_BPW + 1;
245 				break;
246 			}
247 		break;
248 
249 	case 2: if ((x = s[0] &~ m[0]) != 0)
250 			sig = 1;
251 		else if ((x = s[1] &~ m[1]) != 0)
252 			sig = _NSIG_BPW + 1;
253 		else
254 			break;
255 		sig += ffz(~x);
256 		break;
257 
258 	case 1: if ((x = *s &~ *m) != 0)
259 			sig = ffz(~x) + 1;
260 		break;
261 	}
262 
263 	return sig;
264 }
265 
266 static struct sigqueue *__sigqueue_alloc(struct task_struct *t, gfp_t flags,
267 					 int override_rlimit)
268 {
269 	struct sigqueue *q = NULL;
270 
271 	atomic_inc(&t->user->sigpending);
272 	if (override_rlimit ||
273 	    atomic_read(&t->user->sigpending) <=
274 			t->signal->rlim[RLIMIT_SIGPENDING].rlim_cur)
275 		q = kmem_cache_alloc(sigqueue_cachep, flags);
276 	if (unlikely(q == NULL)) {
277 		atomic_dec(&t->user->sigpending);
278 	} else {
279 		INIT_LIST_HEAD(&q->list);
280 		q->flags = 0;
281 		q->user = get_uid(t->user);
282 	}
283 	return(q);
284 }
285 
286 static void __sigqueue_free(struct sigqueue *q)
287 {
288 	if (q->flags & SIGQUEUE_PREALLOC)
289 		return;
290 	atomic_dec(&q->user->sigpending);
291 	free_uid(q->user);
292 	kmem_cache_free(sigqueue_cachep, q);
293 }
294 
295 void flush_sigqueue(struct sigpending *queue)
296 {
297 	struct sigqueue *q;
298 
299 	sigemptyset(&queue->signal);
300 	while (!list_empty(&queue->list)) {
301 		q = list_entry(queue->list.next, struct sigqueue , list);
302 		list_del_init(&q->list);
303 		__sigqueue_free(q);
304 	}
305 }
306 
307 /*
308  * Flush all pending signals for a task.
309  */
310 void flush_signals(struct task_struct *t)
311 {
312 	unsigned long flags;
313 
314 	spin_lock_irqsave(&t->sighand->siglock, flags);
315 	clear_tsk_thread_flag(t,TIF_SIGPENDING);
316 	flush_sigqueue(&t->pending);
317 	flush_sigqueue(&t->signal->shared_pending);
318 	spin_unlock_irqrestore(&t->sighand->siglock, flags);
319 }
320 
321 /*
322  * Flush all handlers for a task.
323  */
324 
325 void
326 flush_signal_handlers(struct task_struct *t, int force_default)
327 {
328 	int i;
329 	struct k_sigaction *ka = &t->sighand->action[0];
330 	for (i = _NSIG ; i != 0 ; i--) {
331 		if (force_default || ka->sa.sa_handler != SIG_IGN)
332 			ka->sa.sa_handler = SIG_DFL;
333 		ka->sa.sa_flags = 0;
334 		sigemptyset(&ka->sa.sa_mask);
335 		ka++;
336 	}
337 }
338 
339 
340 /* Notify the system that a driver wants to block all signals for this
341  * process, and wants to be notified if any signals at all were to be
342  * sent/acted upon.  If the notifier routine returns non-zero, then the
343  * signal will be acted upon after all.  If the notifier routine returns 0,
344  * then then signal will be blocked.  Only one block per process is
345  * allowed.  priv is a pointer to private data that the notifier routine
346  * can use to determine if the signal should be blocked or not.  */
347 
348 void
349 block_all_signals(int (*notifier)(void *priv), void *priv, sigset_t *mask)
350 {
351 	unsigned long flags;
352 
353 	spin_lock_irqsave(&current->sighand->siglock, flags);
354 	current->notifier_mask = mask;
355 	current->notifier_data = priv;
356 	current->notifier = notifier;
357 	spin_unlock_irqrestore(&current->sighand->siglock, flags);
358 }
359 
360 /* Notify the system that blocking has ended. */
361 
362 void
363 unblock_all_signals(void)
364 {
365 	unsigned long flags;
366 
367 	spin_lock_irqsave(&current->sighand->siglock, flags);
368 	current->notifier = NULL;
369 	current->notifier_data = NULL;
370 	recalc_sigpending();
371 	spin_unlock_irqrestore(&current->sighand->siglock, flags);
372 }
373 
374 static int collect_signal(int sig, struct sigpending *list, siginfo_t *info)
375 {
376 	struct sigqueue *q, *first = NULL;
377 	int still_pending = 0;
378 
379 	if (unlikely(!sigismember(&list->signal, sig)))
380 		return 0;
381 
382 	/*
383 	 * Collect the siginfo appropriate to this signal.  Check if
384 	 * there is another siginfo for the same signal.
385 	*/
386 	list_for_each_entry(q, &list->list, list) {
387 		if (q->info.si_signo == sig) {
388 			if (first) {
389 				still_pending = 1;
390 				break;
391 			}
392 			first = q;
393 		}
394 	}
395 	if (first) {
396 		list_del_init(&first->list);
397 		copy_siginfo(info, &first->info);
398 		__sigqueue_free(first);
399 		if (!still_pending)
400 			sigdelset(&list->signal, sig);
401 	} else {
402 
403 		/* Ok, it wasn't in the queue.  This must be
404 		   a fast-pathed signal or we must have been
405 		   out of queue space.  So zero out the info.
406 		 */
407 		sigdelset(&list->signal, sig);
408 		info->si_signo = sig;
409 		info->si_errno = 0;
410 		info->si_code = 0;
411 		info->si_pid = 0;
412 		info->si_uid = 0;
413 	}
414 	return 1;
415 }
416 
417 static int __dequeue_signal(struct sigpending *pending, sigset_t *mask,
418 			siginfo_t *info)
419 {
420 	int sig = 0;
421 
422 	sig = next_signal(pending, mask);
423 	if (sig) {
424 		if (current->notifier) {
425 			if (sigismember(current->notifier_mask, sig)) {
426 				if (!(current->notifier)(current->notifier_data)) {
427 					clear_thread_flag(TIF_SIGPENDING);
428 					return 0;
429 				}
430 			}
431 		}
432 
433 		if (!collect_signal(sig, pending, info))
434 			sig = 0;
435 
436 	}
437 	recalc_sigpending();
438 
439 	return sig;
440 }
441 
442 /*
443  * Dequeue a signal and return the element to the caller, which is
444  * expected to free it.
445  *
446  * All callers have to hold the siglock.
447  */
448 int dequeue_signal(struct task_struct *tsk, sigset_t *mask, siginfo_t *info)
449 {
450 	int signr = __dequeue_signal(&tsk->pending, mask, info);
451 	if (!signr)
452 		signr = __dequeue_signal(&tsk->signal->shared_pending,
453 					 mask, info);
454  	if (signr && unlikely(sig_kernel_stop(signr))) {
455  		/*
456  		 * Set a marker that we have dequeued a stop signal.  Our
457  		 * caller might release the siglock and then the pending
458  		 * stop signal it is about to process is no longer in the
459  		 * pending bitmasks, but must still be cleared by a SIGCONT
460  		 * (and overruled by a SIGKILL).  So those cases clear this
461  		 * shared flag after we've set it.  Note that this flag may
462  		 * remain set after the signal we return is ignored or
463  		 * handled.  That doesn't matter because its only purpose
464  		 * is to alert stop-signal processing code when another
465  		 * processor has come along and cleared the flag.
466  		 */
467  		if (!(tsk->signal->flags & SIGNAL_GROUP_EXIT))
468  			tsk->signal->flags |= SIGNAL_STOP_DEQUEUED;
469  	}
470 	if ( signr &&
471 	     ((info->si_code & __SI_MASK) == __SI_TIMER) &&
472 	     info->si_sys_private){
473 		/*
474 		 * Release the siglock to ensure proper locking order
475 		 * of timer locks outside of siglocks.  Note, we leave
476 		 * irqs disabled here, since the posix-timers code is
477 		 * about to disable them again anyway.
478 		 */
479 		spin_unlock(&tsk->sighand->siglock);
480 		do_schedule_next_timer(info);
481 		spin_lock(&tsk->sighand->siglock);
482 	}
483 	return signr;
484 }
485 
486 /*
487  * Tell a process that it has a new active signal..
488  *
489  * NOTE! we rely on the previous spin_lock to
490  * lock interrupts for us! We can only be called with
491  * "siglock" held, and the local interrupt must
492  * have been disabled when that got acquired!
493  *
494  * No need to set need_resched since signal event passing
495  * goes through ->blocked
496  */
497 void signal_wake_up(struct task_struct *t, int resume)
498 {
499 	unsigned int mask;
500 
501 	set_tsk_thread_flag(t, TIF_SIGPENDING);
502 
503 	/*
504 	 * For SIGKILL, we want to wake it up in the stopped/traced case.
505 	 * We don't check t->state here because there is a race with it
506 	 * executing another processor and just now entering stopped state.
507 	 * By using wake_up_state, we ensure the process will wake up and
508 	 * handle its death signal.
509 	 */
510 	mask = TASK_INTERRUPTIBLE;
511 	if (resume)
512 		mask |= TASK_STOPPED | TASK_TRACED;
513 	if (!wake_up_state(t, mask))
514 		kick_process(t);
515 }
516 
517 /*
518  * Remove signals in mask from the pending set and queue.
519  * Returns 1 if any signals were found.
520  *
521  * All callers must be holding the siglock.
522  *
523  * This version takes a sigset mask and looks at all signals,
524  * not just those in the first mask word.
525  */
526 static int rm_from_queue_full(sigset_t *mask, struct sigpending *s)
527 {
528 	struct sigqueue *q, *n;
529 	sigset_t m;
530 
531 	sigandsets(&m, mask, &s->signal);
532 	if (sigisemptyset(&m))
533 		return 0;
534 
535 	signandsets(&s->signal, &s->signal, mask);
536 	list_for_each_entry_safe(q, n, &s->list, list) {
537 		if (sigismember(mask, q->info.si_signo)) {
538 			list_del_init(&q->list);
539 			__sigqueue_free(q);
540 		}
541 	}
542 	return 1;
543 }
544 /*
545  * Remove signals in mask from the pending set and queue.
546  * Returns 1 if any signals were found.
547  *
548  * All callers must be holding the siglock.
549  */
550 static int rm_from_queue(unsigned long mask, struct sigpending *s)
551 {
552 	struct sigqueue *q, *n;
553 
554 	if (!sigtestsetmask(&s->signal, mask))
555 		return 0;
556 
557 	sigdelsetmask(&s->signal, mask);
558 	list_for_each_entry_safe(q, n, &s->list, list) {
559 		if (q->info.si_signo < SIGRTMIN &&
560 		    (mask & sigmask(q->info.si_signo))) {
561 			list_del_init(&q->list);
562 			__sigqueue_free(q);
563 		}
564 	}
565 	return 1;
566 }
567 
568 /*
569  * Bad permissions for sending the signal
570  */
571 static int check_kill_permission(int sig, struct siginfo *info,
572 				 struct task_struct *t)
573 {
574 	int error = -EINVAL;
575 	if (!valid_signal(sig))
576 		return error;
577 	error = -EPERM;
578 	if ((info == SEND_SIG_NOINFO || (!is_si_special(info) && SI_FROMUSER(info)))
579 	    && ((sig != SIGCONT) ||
580 		(current->signal->session != t->signal->session))
581 	    && (current->euid ^ t->suid) && (current->euid ^ t->uid)
582 	    && (current->uid ^ t->suid) && (current->uid ^ t->uid)
583 	    && !capable(CAP_KILL))
584 		return error;
585 
586 	error = security_task_kill(t, info, sig, 0);
587 	if (!error)
588 		audit_signal_info(sig, t); /* Let audit system see the signal */
589 	return error;
590 }
591 
592 /* forward decl */
593 static void do_notify_parent_cldstop(struct task_struct *tsk, int why);
594 
595 /*
596  * Handle magic process-wide effects of stop/continue signals.
597  * Unlike the signal actions, these happen immediately at signal-generation
598  * time regardless of blocking, ignoring, or handling.  This does the
599  * actual continuing for SIGCONT, but not the actual stopping for stop
600  * signals.  The process stop is done as a signal action for SIG_DFL.
601  */
602 static void handle_stop_signal(int sig, struct task_struct *p)
603 {
604 	struct task_struct *t;
605 
606 	if (p->signal->flags & SIGNAL_GROUP_EXIT)
607 		/*
608 		 * The process is in the middle of dying already.
609 		 */
610 		return;
611 
612 	if (sig_kernel_stop(sig)) {
613 		/*
614 		 * This is a stop signal.  Remove SIGCONT from all queues.
615 		 */
616 		rm_from_queue(sigmask(SIGCONT), &p->signal->shared_pending);
617 		t = p;
618 		do {
619 			rm_from_queue(sigmask(SIGCONT), &t->pending);
620 			t = next_thread(t);
621 		} while (t != p);
622 	} else if (sig == SIGCONT) {
623 		/*
624 		 * Remove all stop signals from all queues,
625 		 * and wake all threads.
626 		 */
627 		if (unlikely(p->signal->group_stop_count > 0)) {
628 			/*
629 			 * There was a group stop in progress.  We'll
630 			 * pretend it finished before we got here.  We are
631 			 * obliged to report it to the parent: if the
632 			 * SIGSTOP happened "after" this SIGCONT, then it
633 			 * would have cleared this pending SIGCONT.  If it
634 			 * happened "before" this SIGCONT, then the parent
635 			 * got the SIGCHLD about the stop finishing before
636 			 * the continue happened.  We do the notification
637 			 * now, and it's as if the stop had finished and
638 			 * the SIGCHLD was pending on entry to this kill.
639 			 */
640 			p->signal->group_stop_count = 0;
641 			p->signal->flags = SIGNAL_STOP_CONTINUED;
642 			spin_unlock(&p->sighand->siglock);
643 			do_notify_parent_cldstop(p, CLD_STOPPED);
644 			spin_lock(&p->sighand->siglock);
645 		}
646 		rm_from_queue(SIG_KERNEL_STOP_MASK, &p->signal->shared_pending);
647 		t = p;
648 		do {
649 			unsigned int state;
650 			rm_from_queue(SIG_KERNEL_STOP_MASK, &t->pending);
651 
652 			/*
653 			 * If there is a handler for SIGCONT, we must make
654 			 * sure that no thread returns to user mode before
655 			 * we post the signal, in case it was the only
656 			 * thread eligible to run the signal handler--then
657 			 * it must not do anything between resuming and
658 			 * running the handler.  With the TIF_SIGPENDING
659 			 * flag set, the thread will pause and acquire the
660 			 * siglock that we hold now and until we've queued
661 			 * the pending signal.
662 			 *
663 			 * Wake up the stopped thread _after_ setting
664 			 * TIF_SIGPENDING
665 			 */
666 			state = TASK_STOPPED;
667 			if (sig_user_defined(t, SIGCONT) && !sigismember(&t->blocked, SIGCONT)) {
668 				set_tsk_thread_flag(t, TIF_SIGPENDING);
669 				state |= TASK_INTERRUPTIBLE;
670 			}
671 			wake_up_state(t, state);
672 
673 			t = next_thread(t);
674 		} while (t != p);
675 
676 		if (p->signal->flags & SIGNAL_STOP_STOPPED) {
677 			/*
678 			 * We were in fact stopped, and are now continued.
679 			 * Notify the parent with CLD_CONTINUED.
680 			 */
681 			p->signal->flags = SIGNAL_STOP_CONTINUED;
682 			p->signal->group_exit_code = 0;
683 			spin_unlock(&p->sighand->siglock);
684 			do_notify_parent_cldstop(p, CLD_CONTINUED);
685 			spin_lock(&p->sighand->siglock);
686 		} else {
687 			/*
688 			 * We are not stopped, but there could be a stop
689 			 * signal in the middle of being processed after
690 			 * being removed from the queue.  Clear that too.
691 			 */
692 			p->signal->flags = 0;
693 		}
694 	} else if (sig == SIGKILL) {
695 		/*
696 		 * Make sure that any pending stop signal already dequeued
697 		 * is undone by the wakeup for SIGKILL.
698 		 */
699 		p->signal->flags = 0;
700 	}
701 }
702 
703 static int send_signal(int sig, struct siginfo *info, struct task_struct *t,
704 			struct sigpending *signals)
705 {
706 	struct sigqueue * q = NULL;
707 	int ret = 0;
708 
709 	/*
710 	 * fast-pathed signals for kernel-internal things like SIGSTOP
711 	 * or SIGKILL.
712 	 */
713 	if (info == SEND_SIG_FORCED)
714 		goto out_set;
715 
716 	/* Real-time signals must be queued if sent by sigqueue, or
717 	   some other real-time mechanism.  It is implementation
718 	   defined whether kill() does so.  We attempt to do so, on
719 	   the principle of least surprise, but since kill is not
720 	   allowed to fail with EAGAIN when low on memory we just
721 	   make sure at least one signal gets delivered and don't
722 	   pass on the info struct.  */
723 
724 	q = __sigqueue_alloc(t, GFP_ATOMIC, (sig < SIGRTMIN &&
725 					     (is_si_special(info) ||
726 					      info->si_code >= 0)));
727 	if (q) {
728 		list_add_tail(&q->list, &signals->list);
729 		switch ((unsigned long) info) {
730 		case (unsigned long) SEND_SIG_NOINFO:
731 			q->info.si_signo = sig;
732 			q->info.si_errno = 0;
733 			q->info.si_code = SI_USER;
734 			q->info.si_pid = current->pid;
735 			q->info.si_uid = current->uid;
736 			break;
737 		case (unsigned long) SEND_SIG_PRIV:
738 			q->info.si_signo = sig;
739 			q->info.si_errno = 0;
740 			q->info.si_code = SI_KERNEL;
741 			q->info.si_pid = 0;
742 			q->info.si_uid = 0;
743 			break;
744 		default:
745 			copy_siginfo(&q->info, info);
746 			break;
747 		}
748 	} else if (!is_si_special(info)) {
749 		if (sig >= SIGRTMIN && info->si_code != SI_USER)
750 		/*
751 		 * Queue overflow, abort.  We may abort if the signal was rt
752 		 * and sent by user using something other than kill().
753 		 */
754 			return -EAGAIN;
755 	}
756 
757 out_set:
758 	sigaddset(&signals->signal, sig);
759 	return ret;
760 }
761 
762 #define LEGACY_QUEUE(sigptr, sig) \
763 	(((sig) < SIGRTMIN) && sigismember(&(sigptr)->signal, (sig)))
764 
765 
766 static int
767 specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t)
768 {
769 	int ret = 0;
770 
771 	BUG_ON(!irqs_disabled());
772 	assert_spin_locked(&t->sighand->siglock);
773 
774 	/* Short-circuit ignored signals.  */
775 	if (sig_ignored(t, sig))
776 		goto out;
777 
778 	/* Support queueing exactly one non-rt signal, so that we
779 	   can get more detailed information about the cause of
780 	   the signal. */
781 	if (LEGACY_QUEUE(&t->pending, sig))
782 		goto out;
783 
784 	ret = send_signal(sig, info, t, &t->pending);
785 	if (!ret && !sigismember(&t->blocked, sig))
786 		signal_wake_up(t, sig == SIGKILL);
787 out:
788 	return ret;
789 }
790 
791 /*
792  * Force a signal that the process can't ignore: if necessary
793  * we unblock the signal and change any SIG_IGN to SIG_DFL.
794  *
795  * Note: If we unblock the signal, we always reset it to SIG_DFL,
796  * since we do not want to have a signal handler that was blocked
797  * be invoked when user space had explicitly blocked it.
798  *
799  * We don't want to have recursive SIGSEGV's etc, for example.
800  */
801 int
802 force_sig_info(int sig, struct siginfo *info, struct task_struct *t)
803 {
804 	unsigned long int flags;
805 	int ret, blocked, ignored;
806 	struct k_sigaction *action;
807 
808 	spin_lock_irqsave(&t->sighand->siglock, flags);
809 	action = &t->sighand->action[sig-1];
810 	ignored = action->sa.sa_handler == SIG_IGN;
811 	blocked = sigismember(&t->blocked, sig);
812 	if (blocked || ignored) {
813 		action->sa.sa_handler = SIG_DFL;
814 		if (blocked) {
815 			sigdelset(&t->blocked, sig);
816 			recalc_sigpending_tsk(t);
817 		}
818 	}
819 	ret = specific_send_sig_info(sig, info, t);
820 	spin_unlock_irqrestore(&t->sighand->siglock, flags);
821 
822 	return ret;
823 }
824 
825 void
826 force_sig_specific(int sig, struct task_struct *t)
827 {
828 	force_sig_info(sig, SEND_SIG_FORCED, t);
829 }
830 
831 /*
832  * Test if P wants to take SIG.  After we've checked all threads with this,
833  * it's equivalent to finding no threads not blocking SIG.  Any threads not
834  * blocking SIG were ruled out because they are not running and already
835  * have pending signals.  Such threads will dequeue from the shared queue
836  * as soon as they're available, so putting the signal on the shared queue
837  * will be equivalent to sending it to one such thread.
838  */
839 static inline int wants_signal(int sig, struct task_struct *p)
840 {
841 	if (sigismember(&p->blocked, sig))
842 		return 0;
843 	if (p->flags & PF_EXITING)
844 		return 0;
845 	if (sig == SIGKILL)
846 		return 1;
847 	if (p->state & (TASK_STOPPED | TASK_TRACED))
848 		return 0;
849 	return task_curr(p) || !signal_pending(p);
850 }
851 
852 static void
853 __group_complete_signal(int sig, struct task_struct *p)
854 {
855 	struct task_struct *t;
856 
857 	/*
858 	 * Now find a thread we can wake up to take the signal off the queue.
859 	 *
860 	 * If the main thread wants the signal, it gets first crack.
861 	 * Probably the least surprising to the average bear.
862 	 */
863 	if (wants_signal(sig, p))
864 		t = p;
865 	else if (thread_group_empty(p))
866 		/*
867 		 * There is just one thread and it does not need to be woken.
868 		 * It will dequeue unblocked signals before it runs again.
869 		 */
870 		return;
871 	else {
872 		/*
873 		 * Otherwise try to find a suitable thread.
874 		 */
875 		t = p->signal->curr_target;
876 		if (t == NULL)
877 			/* restart balancing at this thread */
878 			t = p->signal->curr_target = p;
879 
880 		while (!wants_signal(sig, t)) {
881 			t = next_thread(t);
882 			if (t == p->signal->curr_target)
883 				/*
884 				 * No thread needs to be woken.
885 				 * Any eligible threads will see
886 				 * the signal in the queue soon.
887 				 */
888 				return;
889 		}
890 		p->signal->curr_target = t;
891 	}
892 
893 	/*
894 	 * Found a killable thread.  If the signal will be fatal,
895 	 * then start taking the whole group down immediately.
896 	 */
897 	if (sig_fatal(p, sig) && !(p->signal->flags & SIGNAL_GROUP_EXIT) &&
898 	    !sigismember(&t->real_blocked, sig) &&
899 	    (sig == SIGKILL || !(t->ptrace & PT_PTRACED))) {
900 		/*
901 		 * This signal will be fatal to the whole group.
902 		 */
903 		if (!sig_kernel_coredump(sig)) {
904 			/*
905 			 * Start a group exit and wake everybody up.
906 			 * This way we don't have other threads
907 			 * running and doing things after a slower
908 			 * thread has the fatal signal pending.
909 			 */
910 			p->signal->flags = SIGNAL_GROUP_EXIT;
911 			p->signal->group_exit_code = sig;
912 			p->signal->group_stop_count = 0;
913 			t = p;
914 			do {
915 				sigaddset(&t->pending.signal, SIGKILL);
916 				signal_wake_up(t, 1);
917 				t = next_thread(t);
918 			} while (t != p);
919 			return;
920 		}
921 
922 		/*
923 		 * There will be a core dump.  We make all threads other
924 		 * than the chosen one go into a group stop so that nothing
925 		 * happens until it gets scheduled, takes the signal off
926 		 * the shared queue, and does the core dump.  This is a
927 		 * little more complicated than strictly necessary, but it
928 		 * keeps the signal state that winds up in the core dump
929 		 * unchanged from the death state, e.g. which thread had
930 		 * the core-dump signal unblocked.
931 		 */
932 		rm_from_queue(SIG_KERNEL_STOP_MASK, &t->pending);
933 		rm_from_queue(SIG_KERNEL_STOP_MASK, &p->signal->shared_pending);
934 		p->signal->group_stop_count = 0;
935 		p->signal->group_exit_task = t;
936 		t = p;
937 		do {
938 			p->signal->group_stop_count++;
939 			signal_wake_up(t, 0);
940 			t = next_thread(t);
941 		} while (t != p);
942 		wake_up_process(p->signal->group_exit_task);
943 		return;
944 	}
945 
946 	/*
947 	 * The signal is already in the shared-pending queue.
948 	 * Tell the chosen thread to wake up and dequeue it.
949 	 */
950 	signal_wake_up(t, sig == SIGKILL);
951 	return;
952 }
953 
954 int
955 __group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
956 {
957 	int ret = 0;
958 
959 	assert_spin_locked(&p->sighand->siglock);
960 	handle_stop_signal(sig, p);
961 
962 	/* Short-circuit ignored signals.  */
963 	if (sig_ignored(p, sig))
964 		return ret;
965 
966 	if (LEGACY_QUEUE(&p->signal->shared_pending, sig))
967 		/* This is a non-RT signal and we already have one queued.  */
968 		return ret;
969 
970 	/*
971 	 * Put this signal on the shared-pending queue, or fail with EAGAIN.
972 	 * We always use the shared queue for process-wide signals,
973 	 * to avoid several races.
974 	 */
975 	ret = send_signal(sig, info, p, &p->signal->shared_pending);
976 	if (unlikely(ret))
977 		return ret;
978 
979 	__group_complete_signal(sig, p);
980 	return 0;
981 }
982 
983 /*
984  * Nuke all other threads in the group.
985  */
986 void zap_other_threads(struct task_struct *p)
987 {
988 	struct task_struct *t;
989 
990 	p->signal->flags = SIGNAL_GROUP_EXIT;
991 	p->signal->group_stop_count = 0;
992 
993 	if (thread_group_empty(p))
994 		return;
995 
996 	for (t = next_thread(p); t != p; t = next_thread(t)) {
997 		/*
998 		 * Don't bother with already dead threads
999 		 */
1000 		if (t->exit_state)
1001 			continue;
1002 
1003 		/*
1004 		 * We don't want to notify the parent, since we are
1005 		 * killed as part of a thread group due to another
1006 		 * thread doing an execve() or similar. So set the
1007 		 * exit signal to -1 to allow immediate reaping of
1008 		 * the process.  But don't detach the thread group
1009 		 * leader.
1010 		 */
1011 		if (t != p->group_leader)
1012 			t->exit_signal = -1;
1013 
1014 		/* SIGKILL will be handled before any pending SIGSTOP */
1015 		sigaddset(&t->pending.signal, SIGKILL);
1016 		signal_wake_up(t, 1);
1017 	}
1018 }
1019 
1020 /*
1021  * Must be called under rcu_read_lock() or with tasklist_lock read-held.
1022  */
1023 struct sighand_struct *lock_task_sighand(struct task_struct *tsk, unsigned long *flags)
1024 {
1025 	struct sighand_struct *sighand;
1026 
1027 	for (;;) {
1028 		sighand = rcu_dereference(tsk->sighand);
1029 		if (unlikely(sighand == NULL))
1030 			break;
1031 
1032 		spin_lock_irqsave(&sighand->siglock, *flags);
1033 		if (likely(sighand == tsk->sighand))
1034 			break;
1035 		spin_unlock_irqrestore(&sighand->siglock, *flags);
1036 	}
1037 
1038 	return sighand;
1039 }
1040 
1041 int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
1042 {
1043 	unsigned long flags;
1044 	int ret;
1045 
1046 	ret = check_kill_permission(sig, info, p);
1047 
1048 	if (!ret && sig) {
1049 		ret = -ESRCH;
1050 		if (lock_task_sighand(p, &flags)) {
1051 			ret = __group_send_sig_info(sig, info, p);
1052 			unlock_task_sighand(p, &flags);
1053 		}
1054 	}
1055 
1056 	return ret;
1057 }
1058 
1059 /*
1060  * kill_pg_info() sends a signal to a process group: this is what the tty
1061  * control characters do (^C, ^Z etc)
1062  */
1063 
1064 int __kill_pg_info(int sig, struct siginfo *info, pid_t pgrp)
1065 {
1066 	struct task_struct *p = NULL;
1067 	int retval, success;
1068 
1069 	if (pgrp <= 0)
1070 		return -EINVAL;
1071 
1072 	success = 0;
1073 	retval = -ESRCH;
1074 	do_each_task_pid(pgrp, PIDTYPE_PGID, p) {
1075 		int err = group_send_sig_info(sig, info, p);
1076 		success |= !err;
1077 		retval = err;
1078 	} while_each_task_pid(pgrp, PIDTYPE_PGID, p);
1079 	return success ? 0 : retval;
1080 }
1081 
1082 int
1083 kill_pg_info(int sig, struct siginfo *info, pid_t pgrp)
1084 {
1085 	int retval;
1086 
1087 	read_lock(&tasklist_lock);
1088 	retval = __kill_pg_info(sig, info, pgrp);
1089 	read_unlock(&tasklist_lock);
1090 
1091 	return retval;
1092 }
1093 
1094 int
1095 kill_proc_info(int sig, struct siginfo *info, pid_t pid)
1096 {
1097 	int error;
1098 	int acquired_tasklist_lock = 0;
1099 	struct task_struct *p;
1100 
1101 	rcu_read_lock();
1102 	if (unlikely(sig_needs_tasklist(sig))) {
1103 		read_lock(&tasklist_lock);
1104 		acquired_tasklist_lock = 1;
1105 	}
1106 	p = find_task_by_pid(pid);
1107 	error = -ESRCH;
1108 	if (p)
1109 		error = group_send_sig_info(sig, info, p);
1110 	if (unlikely(acquired_tasklist_lock))
1111 		read_unlock(&tasklist_lock);
1112 	rcu_read_unlock();
1113 	return error;
1114 }
1115 
1116 /* like kill_proc_info(), but doesn't use uid/euid of "current" */
1117 int kill_proc_info_as_uid(int sig, struct siginfo *info, pid_t pid,
1118 		      uid_t uid, uid_t euid, u32 secid)
1119 {
1120 	int ret = -EINVAL;
1121 	struct task_struct *p;
1122 
1123 	if (!valid_signal(sig))
1124 		return ret;
1125 
1126 	read_lock(&tasklist_lock);
1127 	p = find_task_by_pid(pid);
1128 	if (!p) {
1129 		ret = -ESRCH;
1130 		goto out_unlock;
1131 	}
1132 	if ((info == SEND_SIG_NOINFO || (!is_si_special(info) && SI_FROMUSER(info)))
1133 	    && (euid != p->suid) && (euid != p->uid)
1134 	    && (uid != p->suid) && (uid != p->uid)) {
1135 		ret = -EPERM;
1136 		goto out_unlock;
1137 	}
1138 	ret = security_task_kill(p, info, sig, secid);
1139 	if (ret)
1140 		goto out_unlock;
1141 	if (sig && p->sighand) {
1142 		unsigned long flags;
1143 		spin_lock_irqsave(&p->sighand->siglock, flags);
1144 		ret = __group_send_sig_info(sig, info, p);
1145 		spin_unlock_irqrestore(&p->sighand->siglock, flags);
1146 	}
1147 out_unlock:
1148 	read_unlock(&tasklist_lock);
1149 	return ret;
1150 }
1151 EXPORT_SYMBOL_GPL(kill_proc_info_as_uid);
1152 
1153 /*
1154  * kill_something_info() interprets pid in interesting ways just like kill(2).
1155  *
1156  * POSIX specifies that kill(-1,sig) is unspecified, but what we have
1157  * is probably wrong.  Should make it like BSD or SYSV.
1158  */
1159 
1160 static int kill_something_info(int sig, struct siginfo *info, int pid)
1161 {
1162 	if (!pid) {
1163 		return kill_pg_info(sig, info, process_group(current));
1164 	} else if (pid == -1) {
1165 		int retval = 0, count = 0;
1166 		struct task_struct * p;
1167 
1168 		read_lock(&tasklist_lock);
1169 		for_each_process(p) {
1170 			if (p->pid > 1 && p->tgid != current->tgid) {
1171 				int err = group_send_sig_info(sig, info, p);
1172 				++count;
1173 				if (err != -EPERM)
1174 					retval = err;
1175 			}
1176 		}
1177 		read_unlock(&tasklist_lock);
1178 		return count ? retval : -ESRCH;
1179 	} else if (pid < 0) {
1180 		return kill_pg_info(sig, info, -pid);
1181 	} else {
1182 		return kill_proc_info(sig, info, pid);
1183 	}
1184 }
1185 
1186 /*
1187  * These are for backward compatibility with the rest of the kernel source.
1188  */
1189 
1190 /*
1191  * These two are the most common entry points.  They send a signal
1192  * just to the specific thread.
1193  */
1194 int
1195 send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
1196 {
1197 	int ret;
1198 	unsigned long flags;
1199 
1200 	/*
1201 	 * Make sure legacy kernel users don't send in bad values
1202 	 * (normal paths check this in check_kill_permission).
1203 	 */
1204 	if (!valid_signal(sig))
1205 		return -EINVAL;
1206 
1207 	/*
1208 	 * We need the tasklist lock even for the specific
1209 	 * thread case (when we don't need to follow the group
1210 	 * lists) in order to avoid races with "p->sighand"
1211 	 * going away or changing from under us.
1212 	 */
1213 	read_lock(&tasklist_lock);
1214 	spin_lock_irqsave(&p->sighand->siglock, flags);
1215 	ret = specific_send_sig_info(sig, info, p);
1216 	spin_unlock_irqrestore(&p->sighand->siglock, flags);
1217 	read_unlock(&tasklist_lock);
1218 	return ret;
1219 }
1220 
1221 #define __si_special(priv) \
1222 	((priv) ? SEND_SIG_PRIV : SEND_SIG_NOINFO)
1223 
1224 int
1225 send_sig(int sig, struct task_struct *p, int priv)
1226 {
1227 	return send_sig_info(sig, __si_special(priv), p);
1228 }
1229 
1230 /*
1231  * This is the entry point for "process-wide" signals.
1232  * They will go to an appropriate thread in the thread group.
1233  */
1234 int
1235 send_group_sig_info(int sig, struct siginfo *info, struct task_struct *p)
1236 {
1237 	int ret;
1238 	read_lock(&tasklist_lock);
1239 	ret = group_send_sig_info(sig, info, p);
1240 	read_unlock(&tasklist_lock);
1241 	return ret;
1242 }
1243 
1244 void
1245 force_sig(int sig, struct task_struct *p)
1246 {
1247 	force_sig_info(sig, SEND_SIG_PRIV, p);
1248 }
1249 
1250 /*
1251  * When things go south during signal handling, we
1252  * will force a SIGSEGV. And if the signal that caused
1253  * the problem was already a SIGSEGV, we'll want to
1254  * make sure we don't even try to deliver the signal..
1255  */
1256 int
1257 force_sigsegv(int sig, struct task_struct *p)
1258 {
1259 	if (sig == SIGSEGV) {
1260 		unsigned long flags;
1261 		spin_lock_irqsave(&p->sighand->siglock, flags);
1262 		p->sighand->action[sig - 1].sa.sa_handler = SIG_DFL;
1263 		spin_unlock_irqrestore(&p->sighand->siglock, flags);
1264 	}
1265 	force_sig(SIGSEGV, p);
1266 	return 0;
1267 }
1268 
1269 int
1270 kill_pg(pid_t pgrp, int sig, int priv)
1271 {
1272 	return kill_pg_info(sig, __si_special(priv), pgrp);
1273 }
1274 
1275 int
1276 kill_proc(pid_t pid, int sig, int priv)
1277 {
1278 	return kill_proc_info(sig, __si_special(priv), pid);
1279 }
1280 
1281 /*
1282  * These functions support sending signals using preallocated sigqueue
1283  * structures.  This is needed "because realtime applications cannot
1284  * afford to lose notifications of asynchronous events, like timer
1285  * expirations or I/O completions".  In the case of Posix Timers
1286  * we allocate the sigqueue structure from the timer_create.  If this
1287  * allocation fails we are able to report the failure to the application
1288  * with an EAGAIN error.
1289  */
1290 
1291 struct sigqueue *sigqueue_alloc(void)
1292 {
1293 	struct sigqueue *q;
1294 
1295 	if ((q = __sigqueue_alloc(current, GFP_KERNEL, 0)))
1296 		q->flags |= SIGQUEUE_PREALLOC;
1297 	return(q);
1298 }
1299 
1300 void sigqueue_free(struct sigqueue *q)
1301 {
1302 	unsigned long flags;
1303 	BUG_ON(!(q->flags & SIGQUEUE_PREALLOC));
1304 	/*
1305 	 * If the signal is still pending remove it from the
1306 	 * pending queue.
1307 	 */
1308 	if (unlikely(!list_empty(&q->list))) {
1309 		spinlock_t *lock = &current->sighand->siglock;
1310 		read_lock(&tasklist_lock);
1311 		spin_lock_irqsave(lock, flags);
1312 		if (!list_empty(&q->list))
1313 			list_del_init(&q->list);
1314 		spin_unlock_irqrestore(lock, flags);
1315 		read_unlock(&tasklist_lock);
1316 	}
1317 	q->flags &= ~SIGQUEUE_PREALLOC;
1318 	__sigqueue_free(q);
1319 }
1320 
1321 int send_sigqueue(int sig, struct sigqueue *q, struct task_struct *p)
1322 {
1323 	unsigned long flags;
1324 	int ret = 0;
1325 
1326 	BUG_ON(!(q->flags & SIGQUEUE_PREALLOC));
1327 
1328 	/*
1329 	 * The rcu based delayed sighand destroy makes it possible to
1330 	 * run this without tasklist lock held. The task struct itself
1331 	 * cannot go away as create_timer did get_task_struct().
1332 	 *
1333 	 * We return -1, when the task is marked exiting, so
1334 	 * posix_timer_event can redirect it to the group leader
1335 	 */
1336 	rcu_read_lock();
1337 
1338 	if (!likely(lock_task_sighand(p, &flags))) {
1339 		ret = -1;
1340 		goto out_err;
1341 	}
1342 
1343 	if (unlikely(!list_empty(&q->list))) {
1344 		/*
1345 		 * If an SI_TIMER entry is already queue just increment
1346 		 * the overrun count.
1347 		 */
1348 		BUG_ON(q->info.si_code != SI_TIMER);
1349 		q->info.si_overrun++;
1350 		goto out;
1351 	}
1352 	/* Short-circuit ignored signals.  */
1353 	if (sig_ignored(p, sig)) {
1354 		ret = 1;
1355 		goto out;
1356 	}
1357 
1358 	list_add_tail(&q->list, &p->pending.list);
1359 	sigaddset(&p->pending.signal, sig);
1360 	if (!sigismember(&p->blocked, sig))
1361 		signal_wake_up(p, sig == SIGKILL);
1362 
1363 out:
1364 	unlock_task_sighand(p, &flags);
1365 out_err:
1366 	rcu_read_unlock();
1367 
1368 	return ret;
1369 }
1370 
1371 int
1372 send_group_sigqueue(int sig, struct sigqueue *q, struct task_struct *p)
1373 {
1374 	unsigned long flags;
1375 	int ret = 0;
1376 
1377 	BUG_ON(!(q->flags & SIGQUEUE_PREALLOC));
1378 
1379 	read_lock(&tasklist_lock);
1380 	/* Since it_lock is held, p->sighand cannot be NULL. */
1381 	spin_lock_irqsave(&p->sighand->siglock, flags);
1382 	handle_stop_signal(sig, p);
1383 
1384 	/* Short-circuit ignored signals.  */
1385 	if (sig_ignored(p, sig)) {
1386 		ret = 1;
1387 		goto out;
1388 	}
1389 
1390 	if (unlikely(!list_empty(&q->list))) {
1391 		/*
1392 		 * If an SI_TIMER entry is already queue just increment
1393 		 * the overrun count.  Other uses should not try to
1394 		 * send the signal multiple times.
1395 		 */
1396 		BUG_ON(q->info.si_code != SI_TIMER);
1397 		q->info.si_overrun++;
1398 		goto out;
1399 	}
1400 
1401 	/*
1402 	 * Put this signal on the shared-pending queue.
1403 	 * We always use the shared queue for process-wide signals,
1404 	 * to avoid several races.
1405 	 */
1406 	list_add_tail(&q->list, &p->signal->shared_pending.list);
1407 	sigaddset(&p->signal->shared_pending.signal, sig);
1408 
1409 	__group_complete_signal(sig, p);
1410 out:
1411 	spin_unlock_irqrestore(&p->sighand->siglock, flags);
1412 	read_unlock(&tasklist_lock);
1413 	return ret;
1414 }
1415 
1416 /*
1417  * Wake up any threads in the parent blocked in wait* syscalls.
1418  */
1419 static inline void __wake_up_parent(struct task_struct *p,
1420 				    struct task_struct *parent)
1421 {
1422 	wake_up_interruptible_sync(&parent->signal->wait_chldexit);
1423 }
1424 
1425 /*
1426  * Let a parent know about the death of a child.
1427  * For a stopped/continued status change, use do_notify_parent_cldstop instead.
1428  */
1429 
1430 void do_notify_parent(struct task_struct *tsk, int sig)
1431 {
1432 	struct siginfo info;
1433 	unsigned long flags;
1434 	struct sighand_struct *psig;
1435 
1436 	BUG_ON(sig == -1);
1437 
1438  	/* do_notify_parent_cldstop should have been called instead.  */
1439  	BUG_ON(tsk->state & (TASK_STOPPED|TASK_TRACED));
1440 
1441 	BUG_ON(!tsk->ptrace &&
1442 	       (tsk->group_leader != tsk || !thread_group_empty(tsk)));
1443 
1444 	info.si_signo = sig;
1445 	info.si_errno = 0;
1446 	info.si_pid = tsk->pid;
1447 	info.si_uid = tsk->uid;
1448 
1449 	/* FIXME: find out whether or not this is supposed to be c*time. */
1450 	info.si_utime = cputime_to_jiffies(cputime_add(tsk->utime,
1451 						       tsk->signal->utime));
1452 	info.si_stime = cputime_to_jiffies(cputime_add(tsk->stime,
1453 						       tsk->signal->stime));
1454 
1455 	info.si_status = tsk->exit_code & 0x7f;
1456 	if (tsk->exit_code & 0x80)
1457 		info.si_code = CLD_DUMPED;
1458 	else if (tsk->exit_code & 0x7f)
1459 		info.si_code = CLD_KILLED;
1460 	else {
1461 		info.si_code = CLD_EXITED;
1462 		info.si_status = tsk->exit_code >> 8;
1463 	}
1464 
1465 	psig = tsk->parent->sighand;
1466 	spin_lock_irqsave(&psig->siglock, flags);
1467 	if (!tsk->ptrace && sig == SIGCHLD &&
1468 	    (psig->action[SIGCHLD-1].sa.sa_handler == SIG_IGN ||
1469 	     (psig->action[SIGCHLD-1].sa.sa_flags & SA_NOCLDWAIT))) {
1470 		/*
1471 		 * We are exiting and our parent doesn't care.  POSIX.1
1472 		 * defines special semantics for setting SIGCHLD to SIG_IGN
1473 		 * or setting the SA_NOCLDWAIT flag: we should be reaped
1474 		 * automatically and not left for our parent's wait4 call.
1475 		 * Rather than having the parent do it as a magic kind of
1476 		 * signal handler, we just set this to tell do_exit that we
1477 		 * can be cleaned up without becoming a zombie.  Note that
1478 		 * we still call __wake_up_parent in this case, because a
1479 		 * blocked sys_wait4 might now return -ECHILD.
1480 		 *
1481 		 * Whether we send SIGCHLD or not for SA_NOCLDWAIT
1482 		 * is implementation-defined: we do (if you don't want
1483 		 * it, just use SIG_IGN instead).
1484 		 */
1485 		tsk->exit_signal = -1;
1486 		if (psig->action[SIGCHLD-1].sa.sa_handler == SIG_IGN)
1487 			sig = 0;
1488 	}
1489 	if (valid_signal(sig) && sig > 0)
1490 		__group_send_sig_info(sig, &info, tsk->parent);
1491 	__wake_up_parent(tsk, tsk->parent);
1492 	spin_unlock_irqrestore(&psig->siglock, flags);
1493 }
1494 
1495 static void do_notify_parent_cldstop(struct task_struct *tsk, int why)
1496 {
1497 	struct siginfo info;
1498 	unsigned long flags;
1499 	struct task_struct *parent;
1500 	struct sighand_struct *sighand;
1501 
1502 	if (tsk->ptrace & PT_PTRACED)
1503 		parent = tsk->parent;
1504 	else {
1505 		tsk = tsk->group_leader;
1506 		parent = tsk->real_parent;
1507 	}
1508 
1509 	info.si_signo = SIGCHLD;
1510 	info.si_errno = 0;
1511 	info.si_pid = tsk->pid;
1512 	info.si_uid = tsk->uid;
1513 
1514 	/* FIXME: find out whether or not this is supposed to be c*time. */
1515 	info.si_utime = cputime_to_jiffies(tsk->utime);
1516 	info.si_stime = cputime_to_jiffies(tsk->stime);
1517 
1518  	info.si_code = why;
1519  	switch (why) {
1520  	case CLD_CONTINUED:
1521  		info.si_status = SIGCONT;
1522  		break;
1523  	case CLD_STOPPED:
1524  		info.si_status = tsk->signal->group_exit_code & 0x7f;
1525  		break;
1526  	case CLD_TRAPPED:
1527  		info.si_status = tsk->exit_code & 0x7f;
1528  		break;
1529  	default:
1530  		BUG();
1531  	}
1532 
1533 	sighand = parent->sighand;
1534 	spin_lock_irqsave(&sighand->siglock, flags);
1535 	if (sighand->action[SIGCHLD-1].sa.sa_handler != SIG_IGN &&
1536 	    !(sighand->action[SIGCHLD-1].sa.sa_flags & SA_NOCLDSTOP))
1537 		__group_send_sig_info(SIGCHLD, &info, parent);
1538 	/*
1539 	 * Even if SIGCHLD is not generated, we must wake up wait4 calls.
1540 	 */
1541 	__wake_up_parent(tsk, parent);
1542 	spin_unlock_irqrestore(&sighand->siglock, flags);
1543 }
1544 
1545 static inline int may_ptrace_stop(void)
1546 {
1547 	if (!likely(current->ptrace & PT_PTRACED))
1548 		return 0;
1549 
1550 	if (unlikely(current->parent == current->real_parent &&
1551 		    (current->ptrace & PT_ATTACHED)))
1552 		return 0;
1553 
1554 	if (unlikely(current->signal == current->parent->signal) &&
1555 	    unlikely(current->signal->flags & SIGNAL_GROUP_EXIT))
1556 		return 0;
1557 
1558 	/*
1559 	 * Are we in the middle of do_coredump?
1560 	 * If so and our tracer is also part of the coredump stopping
1561 	 * is a deadlock situation, and pointless because our tracer
1562 	 * is dead so don't allow us to stop.
1563 	 * If SIGKILL was already sent before the caller unlocked
1564 	 * ->siglock we must see ->core_waiters != 0. Otherwise it
1565 	 * is safe to enter schedule().
1566 	 */
1567 	if (unlikely(current->mm->core_waiters) &&
1568 	    unlikely(current->mm == current->parent->mm))
1569 		return 0;
1570 
1571 	return 1;
1572 }
1573 
1574 /*
1575  * This must be called with current->sighand->siglock held.
1576  *
1577  * This should be the path for all ptrace stops.
1578  * We always set current->last_siginfo while stopped here.
1579  * That makes it a way to test a stopped process for
1580  * being ptrace-stopped vs being job-control-stopped.
1581  *
1582  * If we actually decide not to stop at all because the tracer is gone,
1583  * we leave nostop_code in current->exit_code.
1584  */
1585 static void ptrace_stop(int exit_code, int nostop_code, siginfo_t *info)
1586 {
1587 	/*
1588 	 * If there is a group stop in progress,
1589 	 * we must participate in the bookkeeping.
1590 	 */
1591 	if (current->signal->group_stop_count > 0)
1592 		--current->signal->group_stop_count;
1593 
1594 	current->last_siginfo = info;
1595 	current->exit_code = exit_code;
1596 
1597 	/* Let the debugger run.  */
1598 	set_current_state(TASK_TRACED);
1599 	spin_unlock_irq(&current->sighand->siglock);
1600 	try_to_freeze();
1601 	read_lock(&tasklist_lock);
1602 	if (may_ptrace_stop()) {
1603 		do_notify_parent_cldstop(current, CLD_TRAPPED);
1604 		read_unlock(&tasklist_lock);
1605 		schedule();
1606 	} else {
1607 		/*
1608 		 * By the time we got the lock, our tracer went away.
1609 		 * Don't stop here.
1610 		 */
1611 		read_unlock(&tasklist_lock);
1612 		set_current_state(TASK_RUNNING);
1613 		current->exit_code = nostop_code;
1614 	}
1615 
1616 	/*
1617 	 * We are back.  Now reacquire the siglock before touching
1618 	 * last_siginfo, so that we are sure to have synchronized with
1619 	 * any signal-sending on another CPU that wants to examine it.
1620 	 */
1621 	spin_lock_irq(&current->sighand->siglock);
1622 	current->last_siginfo = NULL;
1623 
1624 	/*
1625 	 * Queued signals ignored us while we were stopped for tracing.
1626 	 * So check for any that we should take before resuming user mode.
1627 	 */
1628 	recalc_sigpending();
1629 }
1630 
1631 void ptrace_notify(int exit_code)
1632 {
1633 	siginfo_t info;
1634 
1635 	BUG_ON((exit_code & (0x7f | ~0xffff)) != SIGTRAP);
1636 
1637 	memset(&info, 0, sizeof info);
1638 	info.si_signo = SIGTRAP;
1639 	info.si_code = exit_code;
1640 	info.si_pid = current->pid;
1641 	info.si_uid = current->uid;
1642 
1643 	/* Let the debugger run.  */
1644 	spin_lock_irq(&current->sighand->siglock);
1645 	ptrace_stop(exit_code, 0, &info);
1646 	spin_unlock_irq(&current->sighand->siglock);
1647 }
1648 
1649 static void
1650 finish_stop(int stop_count)
1651 {
1652 	/*
1653 	 * If there are no other threads in the group, or if there is
1654 	 * a group stop in progress and we are the last to stop,
1655 	 * report to the parent.  When ptraced, every thread reports itself.
1656 	 */
1657 	if (stop_count == 0 || (current->ptrace & PT_PTRACED)) {
1658 		read_lock(&tasklist_lock);
1659 		do_notify_parent_cldstop(current, CLD_STOPPED);
1660 		read_unlock(&tasklist_lock);
1661 	}
1662 
1663 	schedule();
1664 	/*
1665 	 * Now we don't run again until continued.
1666 	 */
1667 	current->exit_code = 0;
1668 }
1669 
1670 /*
1671  * This performs the stopping for SIGSTOP and other stop signals.
1672  * We have to stop all threads in the thread group.
1673  * Returns nonzero if we've actually stopped and released the siglock.
1674  * Returns zero if we didn't stop and still hold the siglock.
1675  */
1676 static int do_signal_stop(int signr)
1677 {
1678 	struct signal_struct *sig = current->signal;
1679 	int stop_count;
1680 
1681 	if (!likely(sig->flags & SIGNAL_STOP_DEQUEUED))
1682 		return 0;
1683 
1684 	if (sig->group_stop_count > 0) {
1685 		/*
1686 		 * There is a group stop in progress.  We don't need to
1687 		 * start another one.
1688 		 */
1689 		stop_count = --sig->group_stop_count;
1690 	} else {
1691 		/*
1692 		 * There is no group stop already in progress.
1693 		 * We must initiate one now.
1694 		 */
1695 		struct task_struct *t;
1696 
1697 		sig->group_exit_code = signr;
1698 
1699 		stop_count = 0;
1700 		for (t = next_thread(current); t != current; t = next_thread(t))
1701 			/*
1702 			 * Setting state to TASK_STOPPED for a group
1703 			 * stop is always done with the siglock held,
1704 			 * so this check has no races.
1705 			 */
1706 			if (!t->exit_state &&
1707 			    !(t->state & (TASK_STOPPED|TASK_TRACED))) {
1708 				stop_count++;
1709 				signal_wake_up(t, 0);
1710 			}
1711 		sig->group_stop_count = stop_count;
1712 	}
1713 
1714 	if (stop_count == 0)
1715 		sig->flags = SIGNAL_STOP_STOPPED;
1716 	current->exit_code = sig->group_exit_code;
1717 	__set_current_state(TASK_STOPPED);
1718 
1719 	spin_unlock_irq(&current->sighand->siglock);
1720 	finish_stop(stop_count);
1721 	return 1;
1722 }
1723 
1724 /*
1725  * Do appropriate magic when group_stop_count > 0.
1726  * We return nonzero if we stopped, after releasing the siglock.
1727  * We return zero if we still hold the siglock and should look
1728  * for another signal without checking group_stop_count again.
1729  */
1730 static int handle_group_stop(void)
1731 {
1732 	int stop_count;
1733 
1734 	if (current->signal->group_exit_task == current) {
1735 		/*
1736 		 * Group stop is so we can do a core dump,
1737 		 * We are the initiating thread, so get on with it.
1738 		 */
1739 		current->signal->group_exit_task = NULL;
1740 		return 0;
1741 	}
1742 
1743 	if (current->signal->flags & SIGNAL_GROUP_EXIT)
1744 		/*
1745 		 * Group stop is so another thread can do a core dump,
1746 		 * or else we are racing against a death signal.
1747 		 * Just punt the stop so we can get the next signal.
1748 		 */
1749 		return 0;
1750 
1751 	/*
1752 	 * There is a group stop in progress.  We stop
1753 	 * without any associated signal being in our queue.
1754 	 */
1755 	stop_count = --current->signal->group_stop_count;
1756 	if (stop_count == 0)
1757 		current->signal->flags = SIGNAL_STOP_STOPPED;
1758 	current->exit_code = current->signal->group_exit_code;
1759 	set_current_state(TASK_STOPPED);
1760 	spin_unlock_irq(&current->sighand->siglock);
1761 	finish_stop(stop_count);
1762 	return 1;
1763 }
1764 
1765 int get_signal_to_deliver(siginfo_t *info, struct k_sigaction *return_ka,
1766 			  struct pt_regs *regs, void *cookie)
1767 {
1768 	sigset_t *mask = &current->blocked;
1769 	int signr = 0;
1770 
1771 	try_to_freeze();
1772 
1773 relock:
1774 	spin_lock_irq(&current->sighand->siglock);
1775 	for (;;) {
1776 		struct k_sigaction *ka;
1777 
1778 		if (unlikely(current->signal->group_stop_count > 0) &&
1779 		    handle_group_stop())
1780 			goto relock;
1781 
1782 		signr = dequeue_signal(current, mask, info);
1783 
1784 		if (!signr)
1785 			break; /* will return 0 */
1786 
1787 		if ((current->ptrace & PT_PTRACED) && signr != SIGKILL) {
1788 			ptrace_signal_deliver(regs, cookie);
1789 
1790 			/* Let the debugger run.  */
1791 			ptrace_stop(signr, signr, info);
1792 
1793 			/* We're back.  Did the debugger cancel the sig?  */
1794 			signr = current->exit_code;
1795 			if (signr == 0)
1796 				continue;
1797 
1798 			current->exit_code = 0;
1799 
1800 			/* Update the siginfo structure if the signal has
1801 			   changed.  If the debugger wanted something
1802 			   specific in the siginfo structure then it should
1803 			   have updated *info via PTRACE_SETSIGINFO.  */
1804 			if (signr != info->si_signo) {
1805 				info->si_signo = signr;
1806 				info->si_errno = 0;
1807 				info->si_code = SI_USER;
1808 				info->si_pid = current->parent->pid;
1809 				info->si_uid = current->parent->uid;
1810 			}
1811 
1812 			/* If the (new) signal is now blocked, requeue it.  */
1813 			if (sigismember(&current->blocked, signr)) {
1814 				specific_send_sig_info(signr, info, current);
1815 				continue;
1816 			}
1817 		}
1818 
1819 		ka = &current->sighand->action[signr-1];
1820 		if (ka->sa.sa_handler == SIG_IGN) /* Do nothing.  */
1821 			continue;
1822 		if (ka->sa.sa_handler != SIG_DFL) {
1823 			/* Run the handler.  */
1824 			*return_ka = *ka;
1825 
1826 			if (ka->sa.sa_flags & SA_ONESHOT)
1827 				ka->sa.sa_handler = SIG_DFL;
1828 
1829 			break; /* will return non-zero "signr" value */
1830 		}
1831 
1832 		/*
1833 		 * Now we are doing the default action for this signal.
1834 		 */
1835 		if (sig_kernel_ignore(signr)) /* Default is nothing. */
1836 			continue;
1837 
1838 		/* Init gets no signals it doesn't want.  */
1839 		if (current == child_reaper)
1840 			continue;
1841 
1842 		if (sig_kernel_stop(signr)) {
1843 			/*
1844 			 * The default action is to stop all threads in
1845 			 * the thread group.  The job control signals
1846 			 * do nothing in an orphaned pgrp, but SIGSTOP
1847 			 * always works.  Note that siglock needs to be
1848 			 * dropped during the call to is_orphaned_pgrp()
1849 			 * because of lock ordering with tasklist_lock.
1850 			 * This allows an intervening SIGCONT to be posted.
1851 			 * We need to check for that and bail out if necessary.
1852 			 */
1853 			if (signr != SIGSTOP) {
1854 				spin_unlock_irq(&current->sighand->siglock);
1855 
1856 				/* signals can be posted during this window */
1857 
1858 				if (is_orphaned_pgrp(process_group(current)))
1859 					goto relock;
1860 
1861 				spin_lock_irq(&current->sighand->siglock);
1862 			}
1863 
1864 			if (likely(do_signal_stop(signr))) {
1865 				/* It released the siglock.  */
1866 				goto relock;
1867 			}
1868 
1869 			/*
1870 			 * We didn't actually stop, due to a race
1871 			 * with SIGCONT or something like that.
1872 			 */
1873 			continue;
1874 		}
1875 
1876 		spin_unlock_irq(&current->sighand->siglock);
1877 
1878 		/*
1879 		 * Anything else is fatal, maybe with a core dump.
1880 		 */
1881 		current->flags |= PF_SIGNALED;
1882 		if (sig_kernel_coredump(signr)) {
1883 			/*
1884 			 * If it was able to dump core, this kills all
1885 			 * other threads in the group and synchronizes with
1886 			 * their demise.  If we lost the race with another
1887 			 * thread getting here, it set group_exit_code
1888 			 * first and our do_group_exit call below will use
1889 			 * that value and ignore the one we pass it.
1890 			 */
1891 			do_coredump((long)signr, signr, regs);
1892 		}
1893 
1894 		/*
1895 		 * Death signals, no core dump.
1896 		 */
1897 		do_group_exit(signr);
1898 		/* NOTREACHED */
1899 	}
1900 	spin_unlock_irq(&current->sighand->siglock);
1901 	return signr;
1902 }
1903 
1904 EXPORT_SYMBOL(recalc_sigpending);
1905 EXPORT_SYMBOL_GPL(dequeue_signal);
1906 EXPORT_SYMBOL(flush_signals);
1907 EXPORT_SYMBOL(force_sig);
1908 EXPORT_SYMBOL(kill_pg);
1909 EXPORT_SYMBOL(kill_proc);
1910 EXPORT_SYMBOL(ptrace_notify);
1911 EXPORT_SYMBOL(send_sig);
1912 EXPORT_SYMBOL(send_sig_info);
1913 EXPORT_SYMBOL(sigprocmask);
1914 EXPORT_SYMBOL(block_all_signals);
1915 EXPORT_SYMBOL(unblock_all_signals);
1916 
1917 
1918 /*
1919  * System call entry points.
1920  */
1921 
1922 asmlinkage long sys_restart_syscall(void)
1923 {
1924 	struct restart_block *restart = &current_thread_info()->restart_block;
1925 	return restart->fn(restart);
1926 }
1927 
1928 long do_no_restart_syscall(struct restart_block *param)
1929 {
1930 	return -EINTR;
1931 }
1932 
1933 /*
1934  * We don't need to get the kernel lock - this is all local to this
1935  * particular thread.. (and that's good, because this is _heavily_
1936  * used by various programs)
1937  */
1938 
1939 /*
1940  * This is also useful for kernel threads that want to temporarily
1941  * (or permanently) block certain signals.
1942  *
1943  * NOTE! Unlike the user-mode sys_sigprocmask(), the kernel
1944  * interface happily blocks "unblockable" signals like SIGKILL
1945  * and friends.
1946  */
1947 int sigprocmask(int how, sigset_t *set, sigset_t *oldset)
1948 {
1949 	int error;
1950 
1951 	spin_lock_irq(&current->sighand->siglock);
1952 	if (oldset)
1953 		*oldset = current->blocked;
1954 
1955 	error = 0;
1956 	switch (how) {
1957 	case SIG_BLOCK:
1958 		sigorsets(&current->blocked, &current->blocked, set);
1959 		break;
1960 	case SIG_UNBLOCK:
1961 		signandsets(&current->blocked, &current->blocked, set);
1962 		break;
1963 	case SIG_SETMASK:
1964 		current->blocked = *set;
1965 		break;
1966 	default:
1967 		error = -EINVAL;
1968 	}
1969 	recalc_sigpending();
1970 	spin_unlock_irq(&current->sighand->siglock);
1971 
1972 	return error;
1973 }
1974 
1975 asmlinkage long
1976 sys_rt_sigprocmask(int how, sigset_t __user *set, sigset_t __user *oset, size_t sigsetsize)
1977 {
1978 	int error = -EINVAL;
1979 	sigset_t old_set, new_set;
1980 
1981 	/* XXX: Don't preclude handling different sized sigset_t's.  */
1982 	if (sigsetsize != sizeof(sigset_t))
1983 		goto out;
1984 
1985 	if (set) {
1986 		error = -EFAULT;
1987 		if (copy_from_user(&new_set, set, sizeof(*set)))
1988 			goto out;
1989 		sigdelsetmask(&new_set, sigmask(SIGKILL)|sigmask(SIGSTOP));
1990 
1991 		error = sigprocmask(how, &new_set, &old_set);
1992 		if (error)
1993 			goto out;
1994 		if (oset)
1995 			goto set_old;
1996 	} else if (oset) {
1997 		spin_lock_irq(&current->sighand->siglock);
1998 		old_set = current->blocked;
1999 		spin_unlock_irq(&current->sighand->siglock);
2000 
2001 	set_old:
2002 		error = -EFAULT;
2003 		if (copy_to_user(oset, &old_set, sizeof(*oset)))
2004 			goto out;
2005 	}
2006 	error = 0;
2007 out:
2008 	return error;
2009 }
2010 
2011 long do_sigpending(void __user *set, unsigned long sigsetsize)
2012 {
2013 	long error = -EINVAL;
2014 	sigset_t pending;
2015 
2016 	if (sigsetsize > sizeof(sigset_t))
2017 		goto out;
2018 
2019 	spin_lock_irq(&current->sighand->siglock);
2020 	sigorsets(&pending, &current->pending.signal,
2021 		  &current->signal->shared_pending.signal);
2022 	spin_unlock_irq(&current->sighand->siglock);
2023 
2024 	/* Outside the lock because only this thread touches it.  */
2025 	sigandsets(&pending, &current->blocked, &pending);
2026 
2027 	error = -EFAULT;
2028 	if (!copy_to_user(set, &pending, sigsetsize))
2029 		error = 0;
2030 
2031 out:
2032 	return error;
2033 }
2034 
2035 asmlinkage long
2036 sys_rt_sigpending(sigset_t __user *set, size_t sigsetsize)
2037 {
2038 	return do_sigpending(set, sigsetsize);
2039 }
2040 
2041 #ifndef HAVE_ARCH_COPY_SIGINFO_TO_USER
2042 
2043 int copy_siginfo_to_user(siginfo_t __user *to, siginfo_t *from)
2044 {
2045 	int err;
2046 
2047 	if (!access_ok (VERIFY_WRITE, to, sizeof(siginfo_t)))
2048 		return -EFAULT;
2049 	if (from->si_code < 0)
2050 		return __copy_to_user(to, from, sizeof(siginfo_t))
2051 			? -EFAULT : 0;
2052 	/*
2053 	 * If you change siginfo_t structure, please be sure
2054 	 * this code is fixed accordingly.
2055 	 * It should never copy any pad contained in the structure
2056 	 * to avoid security leaks, but must copy the generic
2057 	 * 3 ints plus the relevant union member.
2058 	 */
2059 	err = __put_user(from->si_signo, &to->si_signo);
2060 	err |= __put_user(from->si_errno, &to->si_errno);
2061 	err |= __put_user((short)from->si_code, &to->si_code);
2062 	switch (from->si_code & __SI_MASK) {
2063 	case __SI_KILL:
2064 		err |= __put_user(from->si_pid, &to->si_pid);
2065 		err |= __put_user(from->si_uid, &to->si_uid);
2066 		break;
2067 	case __SI_TIMER:
2068 		 err |= __put_user(from->si_tid, &to->si_tid);
2069 		 err |= __put_user(from->si_overrun, &to->si_overrun);
2070 		 err |= __put_user(from->si_ptr, &to->si_ptr);
2071 		break;
2072 	case __SI_POLL:
2073 		err |= __put_user(from->si_band, &to->si_band);
2074 		err |= __put_user(from->si_fd, &to->si_fd);
2075 		break;
2076 	case __SI_FAULT:
2077 		err |= __put_user(from->si_addr, &to->si_addr);
2078 #ifdef __ARCH_SI_TRAPNO
2079 		err |= __put_user(from->si_trapno, &to->si_trapno);
2080 #endif
2081 		break;
2082 	case __SI_CHLD:
2083 		err |= __put_user(from->si_pid, &to->si_pid);
2084 		err |= __put_user(from->si_uid, &to->si_uid);
2085 		err |= __put_user(from->si_status, &to->si_status);
2086 		err |= __put_user(from->si_utime, &to->si_utime);
2087 		err |= __put_user(from->si_stime, &to->si_stime);
2088 		break;
2089 	case __SI_RT: /* This is not generated by the kernel as of now. */
2090 	case __SI_MESGQ: /* But this is */
2091 		err |= __put_user(from->si_pid, &to->si_pid);
2092 		err |= __put_user(from->si_uid, &to->si_uid);
2093 		err |= __put_user(from->si_ptr, &to->si_ptr);
2094 		break;
2095 	default: /* this is just in case for now ... */
2096 		err |= __put_user(from->si_pid, &to->si_pid);
2097 		err |= __put_user(from->si_uid, &to->si_uid);
2098 		break;
2099 	}
2100 	return err;
2101 }
2102 
2103 #endif
2104 
2105 asmlinkage long
2106 sys_rt_sigtimedwait(const sigset_t __user *uthese,
2107 		    siginfo_t __user *uinfo,
2108 		    const struct timespec __user *uts,
2109 		    size_t sigsetsize)
2110 {
2111 	int ret, sig;
2112 	sigset_t these;
2113 	struct timespec ts;
2114 	siginfo_t info;
2115 	long timeout = 0;
2116 
2117 	/* XXX: Don't preclude handling different sized sigset_t's.  */
2118 	if (sigsetsize != sizeof(sigset_t))
2119 		return -EINVAL;
2120 
2121 	if (copy_from_user(&these, uthese, sizeof(these)))
2122 		return -EFAULT;
2123 
2124 	/*
2125 	 * Invert the set of allowed signals to get those we
2126 	 * want to block.
2127 	 */
2128 	sigdelsetmask(&these, sigmask(SIGKILL)|sigmask(SIGSTOP));
2129 	signotset(&these);
2130 
2131 	if (uts) {
2132 		if (copy_from_user(&ts, uts, sizeof(ts)))
2133 			return -EFAULT;
2134 		if (ts.tv_nsec >= 1000000000L || ts.tv_nsec < 0
2135 		    || ts.tv_sec < 0)
2136 			return -EINVAL;
2137 	}
2138 
2139 	spin_lock_irq(&current->sighand->siglock);
2140 	sig = dequeue_signal(current, &these, &info);
2141 	if (!sig) {
2142 		timeout = MAX_SCHEDULE_TIMEOUT;
2143 		if (uts)
2144 			timeout = (timespec_to_jiffies(&ts)
2145 				   + (ts.tv_sec || ts.tv_nsec));
2146 
2147 		if (timeout) {
2148 			/* None ready -- temporarily unblock those we're
2149 			 * interested while we are sleeping in so that we'll
2150 			 * be awakened when they arrive.  */
2151 			current->real_blocked = current->blocked;
2152 			sigandsets(&current->blocked, &current->blocked, &these);
2153 			recalc_sigpending();
2154 			spin_unlock_irq(&current->sighand->siglock);
2155 
2156 			timeout = schedule_timeout_interruptible(timeout);
2157 
2158 			spin_lock_irq(&current->sighand->siglock);
2159 			sig = dequeue_signal(current, &these, &info);
2160 			current->blocked = current->real_blocked;
2161 			siginitset(&current->real_blocked, 0);
2162 			recalc_sigpending();
2163 		}
2164 	}
2165 	spin_unlock_irq(&current->sighand->siglock);
2166 
2167 	if (sig) {
2168 		ret = sig;
2169 		if (uinfo) {
2170 			if (copy_siginfo_to_user(uinfo, &info))
2171 				ret = -EFAULT;
2172 		}
2173 	} else {
2174 		ret = -EAGAIN;
2175 		if (timeout)
2176 			ret = -EINTR;
2177 	}
2178 
2179 	return ret;
2180 }
2181 
2182 asmlinkage long
2183 sys_kill(int pid, int sig)
2184 {
2185 	struct siginfo info;
2186 
2187 	info.si_signo = sig;
2188 	info.si_errno = 0;
2189 	info.si_code = SI_USER;
2190 	info.si_pid = current->tgid;
2191 	info.si_uid = current->uid;
2192 
2193 	return kill_something_info(sig, &info, pid);
2194 }
2195 
2196 static int do_tkill(int tgid, int pid, int sig)
2197 {
2198 	int error;
2199 	struct siginfo info;
2200 	struct task_struct *p;
2201 
2202 	error = -ESRCH;
2203 	info.si_signo = sig;
2204 	info.si_errno = 0;
2205 	info.si_code = SI_TKILL;
2206 	info.si_pid = current->tgid;
2207 	info.si_uid = current->uid;
2208 
2209 	read_lock(&tasklist_lock);
2210 	p = find_task_by_pid(pid);
2211 	if (p && (tgid <= 0 || p->tgid == tgid)) {
2212 		error = check_kill_permission(sig, &info, p);
2213 		/*
2214 		 * The null signal is a permissions and process existence
2215 		 * probe.  No signal is actually delivered.
2216 		 */
2217 		if (!error && sig && p->sighand) {
2218 			spin_lock_irq(&p->sighand->siglock);
2219 			handle_stop_signal(sig, p);
2220 			error = specific_send_sig_info(sig, &info, p);
2221 			spin_unlock_irq(&p->sighand->siglock);
2222 		}
2223 	}
2224 	read_unlock(&tasklist_lock);
2225 
2226 	return error;
2227 }
2228 
2229 /**
2230  *  sys_tgkill - send signal to one specific thread
2231  *  @tgid: the thread group ID of the thread
2232  *  @pid: the PID of the thread
2233  *  @sig: signal to be sent
2234  *
2235  *  This syscall also checks the tgid and returns -ESRCH even if the PID
2236  *  exists but it's not belonging to the target process anymore. This
2237  *  method solves the problem of threads exiting and PIDs getting reused.
2238  */
2239 asmlinkage long sys_tgkill(int tgid, int pid, int sig)
2240 {
2241 	/* This is only valid for single tasks */
2242 	if (pid <= 0 || tgid <= 0)
2243 		return -EINVAL;
2244 
2245 	return do_tkill(tgid, pid, sig);
2246 }
2247 
2248 /*
2249  *  Send a signal to only one task, even if it's a CLONE_THREAD task.
2250  */
2251 asmlinkage long
2252 sys_tkill(int pid, int sig)
2253 {
2254 	/* This is only valid for single tasks */
2255 	if (pid <= 0)
2256 		return -EINVAL;
2257 
2258 	return do_tkill(0, pid, sig);
2259 }
2260 
2261 asmlinkage long
2262 sys_rt_sigqueueinfo(int pid, int sig, siginfo_t __user *uinfo)
2263 {
2264 	siginfo_t info;
2265 
2266 	if (copy_from_user(&info, uinfo, sizeof(siginfo_t)))
2267 		return -EFAULT;
2268 
2269 	/* Not even root can pretend to send signals from the kernel.
2270 	   Nor can they impersonate a kill(), which adds source info.  */
2271 	if (info.si_code >= 0)
2272 		return -EPERM;
2273 	info.si_signo = sig;
2274 
2275 	/* POSIX.1b doesn't mention process groups.  */
2276 	return kill_proc_info(sig, &info, pid);
2277 }
2278 
2279 int do_sigaction(int sig, struct k_sigaction *act, struct k_sigaction *oact)
2280 {
2281 	struct k_sigaction *k;
2282 	sigset_t mask;
2283 
2284 	if (!valid_signal(sig) || sig < 1 || (act && sig_kernel_only(sig)))
2285 		return -EINVAL;
2286 
2287 	k = &current->sighand->action[sig-1];
2288 
2289 	spin_lock_irq(&current->sighand->siglock);
2290 	if (signal_pending(current)) {
2291 		/*
2292 		 * If there might be a fatal signal pending on multiple
2293 		 * threads, make sure we take it before changing the action.
2294 		 */
2295 		spin_unlock_irq(&current->sighand->siglock);
2296 		return -ERESTARTNOINTR;
2297 	}
2298 
2299 	if (oact)
2300 		*oact = *k;
2301 
2302 	if (act) {
2303 		sigdelsetmask(&act->sa.sa_mask,
2304 			      sigmask(SIGKILL) | sigmask(SIGSTOP));
2305 		*k = *act;
2306 		/*
2307 		 * POSIX 3.3.1.3:
2308 		 *  "Setting a signal action to SIG_IGN for a signal that is
2309 		 *   pending shall cause the pending signal to be discarded,
2310 		 *   whether or not it is blocked."
2311 		 *
2312 		 *  "Setting a signal action to SIG_DFL for a signal that is
2313 		 *   pending and whose default action is to ignore the signal
2314 		 *   (for example, SIGCHLD), shall cause the pending signal to
2315 		 *   be discarded, whether or not it is blocked"
2316 		 */
2317 		if (act->sa.sa_handler == SIG_IGN ||
2318 		   (act->sa.sa_handler == SIG_DFL && sig_kernel_ignore(sig))) {
2319 			struct task_struct *t = current;
2320 			sigemptyset(&mask);
2321 			sigaddset(&mask, sig);
2322 			rm_from_queue_full(&mask, &t->signal->shared_pending);
2323 			do {
2324 				rm_from_queue_full(&mask, &t->pending);
2325 				recalc_sigpending_tsk(t);
2326 				t = next_thread(t);
2327 			} while (t != current);
2328 		}
2329 	}
2330 
2331 	spin_unlock_irq(&current->sighand->siglock);
2332 	return 0;
2333 }
2334 
2335 int
2336 do_sigaltstack (const stack_t __user *uss, stack_t __user *uoss, unsigned long sp)
2337 {
2338 	stack_t oss;
2339 	int error;
2340 
2341 	if (uoss) {
2342 		oss.ss_sp = (void __user *) current->sas_ss_sp;
2343 		oss.ss_size = current->sas_ss_size;
2344 		oss.ss_flags = sas_ss_flags(sp);
2345 	}
2346 
2347 	if (uss) {
2348 		void __user *ss_sp;
2349 		size_t ss_size;
2350 		int ss_flags;
2351 
2352 		error = -EFAULT;
2353 		if (!access_ok(VERIFY_READ, uss, sizeof(*uss))
2354 		    || __get_user(ss_sp, &uss->ss_sp)
2355 		    || __get_user(ss_flags, &uss->ss_flags)
2356 		    || __get_user(ss_size, &uss->ss_size))
2357 			goto out;
2358 
2359 		error = -EPERM;
2360 		if (on_sig_stack(sp))
2361 			goto out;
2362 
2363 		error = -EINVAL;
2364 		/*
2365 		 *
2366 		 * Note - this code used to test ss_flags incorrectly
2367 		 *  	  old code may have been written using ss_flags==0
2368 		 *	  to mean ss_flags==SS_ONSTACK (as this was the only
2369 		 *	  way that worked) - this fix preserves that older
2370 		 *	  mechanism
2371 		 */
2372 		if (ss_flags != SS_DISABLE && ss_flags != SS_ONSTACK && ss_flags != 0)
2373 			goto out;
2374 
2375 		if (ss_flags == SS_DISABLE) {
2376 			ss_size = 0;
2377 			ss_sp = NULL;
2378 		} else {
2379 			error = -ENOMEM;
2380 			if (ss_size < MINSIGSTKSZ)
2381 				goto out;
2382 		}
2383 
2384 		current->sas_ss_sp = (unsigned long) ss_sp;
2385 		current->sas_ss_size = ss_size;
2386 	}
2387 
2388 	if (uoss) {
2389 		error = -EFAULT;
2390 		if (copy_to_user(uoss, &oss, sizeof(oss)))
2391 			goto out;
2392 	}
2393 
2394 	error = 0;
2395 out:
2396 	return error;
2397 }
2398 
2399 #ifdef __ARCH_WANT_SYS_SIGPENDING
2400 
2401 asmlinkage long
2402 sys_sigpending(old_sigset_t __user *set)
2403 {
2404 	return do_sigpending(set, sizeof(*set));
2405 }
2406 
2407 #endif
2408 
2409 #ifdef __ARCH_WANT_SYS_SIGPROCMASK
2410 /* Some platforms have their own version with special arguments others
2411    support only sys_rt_sigprocmask.  */
2412 
2413 asmlinkage long
2414 sys_sigprocmask(int how, old_sigset_t __user *set, old_sigset_t __user *oset)
2415 {
2416 	int error;
2417 	old_sigset_t old_set, new_set;
2418 
2419 	if (set) {
2420 		error = -EFAULT;
2421 		if (copy_from_user(&new_set, set, sizeof(*set)))
2422 			goto out;
2423 		new_set &= ~(sigmask(SIGKILL) | sigmask(SIGSTOP));
2424 
2425 		spin_lock_irq(&current->sighand->siglock);
2426 		old_set = current->blocked.sig[0];
2427 
2428 		error = 0;
2429 		switch (how) {
2430 		default:
2431 			error = -EINVAL;
2432 			break;
2433 		case SIG_BLOCK:
2434 			sigaddsetmask(&current->blocked, new_set);
2435 			break;
2436 		case SIG_UNBLOCK:
2437 			sigdelsetmask(&current->blocked, new_set);
2438 			break;
2439 		case SIG_SETMASK:
2440 			current->blocked.sig[0] = new_set;
2441 			break;
2442 		}
2443 
2444 		recalc_sigpending();
2445 		spin_unlock_irq(&current->sighand->siglock);
2446 		if (error)
2447 			goto out;
2448 		if (oset)
2449 			goto set_old;
2450 	} else if (oset) {
2451 		old_set = current->blocked.sig[0];
2452 	set_old:
2453 		error = -EFAULT;
2454 		if (copy_to_user(oset, &old_set, sizeof(*oset)))
2455 			goto out;
2456 	}
2457 	error = 0;
2458 out:
2459 	return error;
2460 }
2461 #endif /* __ARCH_WANT_SYS_SIGPROCMASK */
2462 
2463 #ifdef __ARCH_WANT_SYS_RT_SIGACTION
2464 asmlinkage long
2465 sys_rt_sigaction(int sig,
2466 		 const struct sigaction __user *act,
2467 		 struct sigaction __user *oact,
2468 		 size_t sigsetsize)
2469 {
2470 	struct k_sigaction new_sa, old_sa;
2471 	int ret = -EINVAL;
2472 
2473 	/* XXX: Don't preclude handling different sized sigset_t's.  */
2474 	if (sigsetsize != sizeof(sigset_t))
2475 		goto out;
2476 
2477 	if (act) {
2478 		if (copy_from_user(&new_sa.sa, act, sizeof(new_sa.sa)))
2479 			return -EFAULT;
2480 	}
2481 
2482 	ret = do_sigaction(sig, act ? &new_sa : NULL, oact ? &old_sa : NULL);
2483 
2484 	if (!ret && oact) {
2485 		if (copy_to_user(oact, &old_sa.sa, sizeof(old_sa.sa)))
2486 			return -EFAULT;
2487 	}
2488 out:
2489 	return ret;
2490 }
2491 #endif /* __ARCH_WANT_SYS_RT_SIGACTION */
2492 
2493 #ifdef __ARCH_WANT_SYS_SGETMASK
2494 
2495 /*
2496  * For backwards compatibility.  Functionality superseded by sigprocmask.
2497  */
2498 asmlinkage long
2499 sys_sgetmask(void)
2500 {
2501 	/* SMP safe */
2502 	return current->blocked.sig[0];
2503 }
2504 
2505 asmlinkage long
2506 sys_ssetmask(int newmask)
2507 {
2508 	int old;
2509 
2510 	spin_lock_irq(&current->sighand->siglock);
2511 	old = current->blocked.sig[0];
2512 
2513 	siginitset(&current->blocked, newmask & ~(sigmask(SIGKILL)|
2514 						  sigmask(SIGSTOP)));
2515 	recalc_sigpending();
2516 	spin_unlock_irq(&current->sighand->siglock);
2517 
2518 	return old;
2519 }
2520 #endif /* __ARCH_WANT_SGETMASK */
2521 
2522 #ifdef __ARCH_WANT_SYS_SIGNAL
2523 /*
2524  * For backwards compatibility.  Functionality superseded by sigaction.
2525  */
2526 asmlinkage unsigned long
2527 sys_signal(int sig, __sighandler_t handler)
2528 {
2529 	struct k_sigaction new_sa, old_sa;
2530 	int ret;
2531 
2532 	new_sa.sa.sa_handler = handler;
2533 	new_sa.sa.sa_flags = SA_ONESHOT | SA_NOMASK;
2534 	sigemptyset(&new_sa.sa.sa_mask);
2535 
2536 	ret = do_sigaction(sig, &new_sa, &old_sa);
2537 
2538 	return ret ? ret : (unsigned long)old_sa.sa.sa_handler;
2539 }
2540 #endif /* __ARCH_WANT_SYS_SIGNAL */
2541 
2542 #ifdef __ARCH_WANT_SYS_PAUSE
2543 
2544 asmlinkage long
2545 sys_pause(void)
2546 {
2547 	current->state = TASK_INTERRUPTIBLE;
2548 	schedule();
2549 	return -ERESTARTNOHAND;
2550 }
2551 
2552 #endif
2553 
2554 #ifdef __ARCH_WANT_SYS_RT_SIGSUSPEND
2555 asmlinkage long sys_rt_sigsuspend(sigset_t __user *unewset, size_t sigsetsize)
2556 {
2557 	sigset_t newset;
2558 
2559 	/* XXX: Don't preclude handling different sized sigset_t's.  */
2560 	if (sigsetsize != sizeof(sigset_t))
2561 		return -EINVAL;
2562 
2563 	if (copy_from_user(&newset, unewset, sizeof(newset)))
2564 		return -EFAULT;
2565 	sigdelsetmask(&newset, sigmask(SIGKILL)|sigmask(SIGSTOP));
2566 
2567 	spin_lock_irq(&current->sighand->siglock);
2568 	current->saved_sigmask = current->blocked;
2569 	current->blocked = newset;
2570 	recalc_sigpending();
2571 	spin_unlock_irq(&current->sighand->siglock);
2572 
2573 	current->state = TASK_INTERRUPTIBLE;
2574 	schedule();
2575 	set_thread_flag(TIF_RESTORE_SIGMASK);
2576 	return -ERESTARTNOHAND;
2577 }
2578 #endif /* __ARCH_WANT_SYS_RT_SIGSUSPEND */
2579 
2580 void __init signals_init(void)
2581 {
2582 	sigqueue_cachep =
2583 		kmem_cache_create("sigqueue",
2584 				  sizeof(struct sigqueue),
2585 				  __alignof__(struct sigqueue),
2586 				  SLAB_PANIC, NULL, NULL);
2587 }
2588