| From 03d2da8d241abf9b22fee1d99d15c74940ab7dea Mon Sep 17 00:00:00 2001 |
| From: Sasha Levin <sashal@kernel.org> |
| Date: Thu, 19 Jul 2018 19:47:27 -0500 |
| Subject: signal: Always ignore SIGKILL and SIGSTOP sent to the global init |
| |
| From: Eric W. Biederman <ebiederm@xmission.com> |
| |
| [ Upstream commit 86989c41b5ea08776c450cb759592532314a4ed6 ] |
| |
| If the first process started (aka /sbin/init) receives a SIGKILL it |
| will panic the system if it is delivered. Making the system unusable |
| and undebugable. It isn't much better if the first process started |
| receives SIGSTOP. |
| |
| So always ignore SIGSTOP and SIGKILL sent to init. |
| |
| This is done in a separate clause in sig_task_ignored as force_sig_info |
| can clear SIG_UNKILLABLE and this protection should work even then. |
| |
| Reviewed-by: Thomas Gleixner <tglx@linutronix.de> |
| Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| kernel/signal.c | 4 ++++ |
| 1 file changed, 4 insertions(+) |
| |
| diff --git a/kernel/signal.c b/kernel/signal.c |
| index 0e6bc3049427e..7278302e34850 100644 |
| --- a/kernel/signal.c |
| +++ b/kernel/signal.c |
| @@ -78,6 +78,10 @@ static bool sig_task_ignored(struct task_struct *t, int sig, bool force) |
| |
| handler = sig_handler(t, sig); |
| |
| + /* SIGKILL and SIGSTOP may not be sent to the global init */ |
| + if (unlikely(is_global_init(t) && sig_kernel_only(sig))) |
| + return true; |
| + |
| if (unlikely(t->signal->flags & SIGNAL_UNKILLABLE) && |
| handler == SIG_DFL && !(force && sig_kernel_only(sig))) |
| return true; |
| -- |
| 2.20.1 |
| |
