• Eric W. Biederman's avatar
    signal: Correct namespace fixups of si_pid and si_uid · 7a0cf094
    Eric W. Biederman authored
    The function send_signal was split from __send_signal so that it would
    be possible to bypass the namespace logic based upon current[1].  As it
    turns out the si_pid and the si_uid fixup are both inappropriate in
    the case of kill_pid_usb_asyncio so move that logic into send_signal.
    
    It is difficult to arrange but possible for a signal with an si_code
    of SI_TIMER or SI_SIGIO to be sent across namespace boundaries.  In
    which case tests for when it is ok to change si_pid and si_uid based
    on SI_FROMUSER are incorrect.  Replace the use of SI_FROMUSER with a
    new test has_si_pid_and_used based on siginfo_layout.
    
    Now that the uid fixup is no longer present after expanding
    SEND_SIG_NOINFO properly calculate the si_uid that the target
    task needs to read.
    
    [1] 7978b567 ("signals: add from_ancestor_ns parameter to send_signal()")
    Cc: stable@vger.kernel.org
    Fixes: 6588c1e3 ("signals: SI_USER: Masquerade si_pid when crossing pid ns boundary")
    Fixes: 6b550f94 ("user namespace: make signal.c respect user namespaces")
    Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
    7a0cf094
signal.c 118 KB