[PATCH] make fork() atomic wrt pgrp/session signals

Eric W. Biederman wrote:
>
> Ok. SUSV3/Posix is clear, fork is atomic with respect
> to signals.  Either a signal comes before or after a
> fork but not during. (See the rationale section).
> http://www.opengroup.org/onlinepubs/000095399/functions/fork.html
>
> The tasklist_lock does not stop forks from adding to a process
> group. The forks stall while the tasklist_lock is held, but a fork
> that began before we grabbed the tasklist_lock simply completes
> afterwards, and the child does not receive the signal.

This also means that SIGSTOP or sig_kernel_coredump() signal can't
be delivered to pgrp/session reliably.

With this patch copy_process() returns -ERESTARTNOINTR when it
detects a pending signal, fork() will be restarted transparently
after handling the signals.

This patch also deletes now unneeded "group_stop_count > 0" check,
copy_process() can no longer succeed while group stop in progress.

Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Acked-By: Eric Biederman <ebiederm@xmission.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

diff --git a/kernel/fork.c b/kernel/fork.c
index bc551efb5fd4be9598adbff5c1a88f392d5f2739..aa50c848fae787cbb948011ef0e8b36edb199549 100644 (file)
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1136,16 +1136,6 @@ static task_t *copy_process(unsigned long clone_flags,
                        !cpu_online(task_cpu(p))))
                set_task_cpu(p, smp_processor_id());
 
-       /*
-        * Check for pending SIGKILL! The new thread should not be allowed
-        * to slip out of an OOM kill. (or normal SIGKILL.)
-        */
-       if (sigismember(&current->pending.signal, SIGKILL)) {
-               write_unlock_irq(&tasklist_lock);
-               retval = -EINTR;
-               goto bad_fork_cleanup_namespace;
-       }
-
        /* CLONE_PARENT re-uses the old parent */
        if (clone_flags & (CLONE_PARENT|CLONE_THREAD))
                p->real_parent = current->real_parent;
@@ -1154,6 +1144,23 @@ static task_t *copy_process(unsigned long clone_flags,
        p->parent = p->real_parent;
 
        spin_lock(&current->sighand->siglock);
+
+       /*
+        * Process group and session signals need to be delivered to just the
+        * parent before the fork or both the parent and the child after the
+        * fork. Restart if a signal comes in before we add the new process to
+        * it's process group.
+        * A fatal signal pending means that current will exit, so the new
+        * thread can't slip out of an OOM kill (or normal SIGKILL).
+        */
+       recalc_sigpending();
+       if (signal_pending(current)) {
+               spin_unlock(&current->sighand->siglock);
+               write_unlock_irq(&tasklist_lock);
+               retval = -ERESTARTNOINTR;
+               goto bad_fork_cleanup_namespace;
+       }
+
        if (clone_flags & CLONE_THREAD) {
                /*
                 * Important: if an exit-all has been started then
@@ -1170,16 +1177,6 @@ static task_t *copy_process(unsigned long clone_flags,
                p->group_leader = current->group_leader;
                list_add_tail_rcu(&p->thread_group, &p->group_leader->thread_group);
 
-               if (current->signal->group_stop_count > 0) {
-                       /*
-                        * There is an all-stop in progress for the group.
-                        * We ourselves will stop as soon as we check signals.
-                        * Make the new thread part of that group stop too.
-                        */
-                       current->signal->group_stop_count++;
-                       set_tsk_thread_flag(p, TIF_SIGPENDING);
-               }
-
                if (!cputime_eq(current->signal->it_virt_expires,
                                cputime_zero) ||
                    !cputime_eq(current->signal->it_prof_expires,