Re: [RFC][PATCH 3/5] Determine if sender is from ancestor ns+

From: Bastian Blank
Date: Thu Dec 04 2008 - 07:45:40 EST

On Tue, Dec 02, 2008 at 11:59:04AM -0800, Sukadev Bhattiprolu wrote:
> Bastian Blank [bastian@xxxxxxxxxxxx] wrote:
> | sys_rt_sigqueueinfo disallows setting si_code to any value which
> | describes kernel signals from userspace. So using SI_FROMUSER should be
> | sufficient.
> SI_ASYNCIO qualifies as SI_FROMUSER() even when it originates from
> kernel (usb/core/devio.c async_completed())...

SI_ASYNCIO currently qualifies as user signal, it is sent in the context
of the pid issuing the async io request. It is never used as a kernel
originated signal in any way. The code sending it even seems to do a
full permission check.

If you think this is wrong, maybe this should be fixed first.

> If we know that it came from rt_sigqueueinfo(), we can safely check
> the namespace. If it came from driver we should skip the ns check.

If it have a sender pid attached, this should be checked.

> Yes, (Eric Biederman, Dec 2007)
> Oleg Nesterov, Aug 2007:
> I had sent out a summary of the above attempts to Containers list recently:


> | Please add a complete comment to the function which describes the
> | function. And don't us "it" for not defined entities.
> Ah, I see the problem now. The 't' refers to the task parameter - how
> about changing comment to:

No, I meant a real comment, defining the complete behaviour, each
parameter with constraints and the possible return values.


Insufficient facts always invite danger.
-- Spock, "Space Seed", stardate 3141.9
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at