1: /* 2: * Copyright (c) 1986 Regents of the University of California. 3: * All rights reserved. The Berkeley software License Agreement 4: * specifies the terms and conditions for redistribution. 5: * 6: * @(#)kern_sig.c 1.13 (2.11BSD) 2000/2/20 7: */ 8: 9: #include "param.h" 10: #include "../machine/seg.h" 11: #include "systm.h" 12: #include "user.h" 13: #include "inode.h" 14: #include "proc.h" 15: #include "text.h" 16: #include "namei.h" 17: #include "acct.h" 18: #include "signalvar.h" 19: extern char sigprop[]; /* XXX - defined in kern_sig2.c */ 20: 21: /* 22: * Can the current process send the signal `signum' to process `q'? 23: * This is complicated by the need to access the `real uid' of `q'. 24: * The 'real uid' is in the u area and `q' may be (but usually is not) swapped 25: * out. Use the routine `fill_from_u' which the sysctl() call uses. See the 26: * notes in kern_sysctl.c 27: * 28: * The previous checks for a process to post a signal to another process 29: * checked _only_ the effective userid. With the implementation of the 30: * 'saved id' feature and the ability of a setuid program to assume either 31: * uid that check was inadequate. 32: * 33: * The 'c'urrent process is allowed to send a signal to a 't'arget process if 34: * 1) either the real or effective user ids match OR 2) if the signal is 35: * SIGCONT and the target process is a descendant of the current process 36: */ 37: cansignal(q, signum) 38: register struct proc *q; 39: int signum; 40: { 41: register struct proc *curp = u.u_procp; 42: uid_t ruid; 43: 44: fill_from_u(q, &ruid, NULL, NULL); /* XXX */ 45: if (curp->p_uid == 0 || /* c effective root */ 46: u.u_ruid == ruid || /* c real = t real */ 47: curp->p_uid == ruid || /* c effective = t real */ 48: u.u_ruid == q->p_uid || /* c real = t effective */ 49: curp->p_uid == q->p_uid || /* c effective = t effective */ 50: (signum == SIGCONT && inferior(q))) 51: return(1); 52: return(0); 53: } 54: 55: /* 56: * 4.3 Compatibility 57: */ 58: sigstack() 59: { 60: register struct a 61: { 62: struct sigstack *nss; 63: struct sigstack *oss; 64: } *uap = (struct a *)u.u_ap; 65: struct sigstack ss; 66: register int error = 0; 67: 68: ss.ss_sp = u.u_sigstk.ss_base; 69: ss.ss_onstack = u.u_sigstk.ss_flags & SA_ONSTACK; 70: if (uap->oss && (error = copyout((caddr_t)&ss, 71: (caddr_t)uap->oss, sizeof (ss)))) 72: goto out; 73: if (uap->nss && (error = copyin((caddr_t)uap->nss, (caddr_t)&ss, 74: sizeof (ss))) == 0) 75: { 76: u.u_sigstk.ss_base = ss.ss_sp; 77: u.u_sigstk.ss_size = 0; 78: u.u_sigstk.ss_flags |= (ss.ss_onstack & SA_ONSTACK); 79: u.u_psflags |= SAS_ALTSTACK; 80: } 81: out: 82: return(u.u_error = error); 83: } 84: 85: kill() 86: { 87: register struct a { 88: int pid; 89: int signo; 90: } *uap = (struct a *)u.u_ap; 91: register struct proc *p; 92: register int error = 0; 93: 94: /* 95: * BSD4.3 botches the comparison against NSIG - it's a good thing for 96: * them psignal catches the error - however, since psignal is the 97: * kernel's internel signal mechanism and *should be getting correct 98: * parameters from the rest of the kernel, psignal shouldn't *have* 99: * to check it's parameters for validity. If you feel differently, 100: * feel free to clutter up the entire inner kernel with parameter 101: * checks - start with postsig ... 102: */ 103: if (uap->signo < 0 || uap->signo >= NSIG) { 104: error = EINVAL; 105: goto out; 106: } 107: if (uap->pid > 0) { 108: /* kill single process */ 109: p = pfind(uap->pid); 110: if (p == 0) { 111: error = ESRCH; 112: goto out; 113: } 114: if (!cansignal(p, uap->signo)) 115: error = EPERM; 116: else if (uap->signo) 117: psignal(p, uap->signo); 118: goto out; 119: } 120: switch (uap->pid) { 121: case -1: /* broadcast signal */ 122: error = killpg1(uap->signo, 0, 1); 123: break; 124: case 0: /* signal own process group */ 125: error = killpg1(uap->signo, 0, 0); 126: break; 127: default: /* negative explicit process group */ 128: error = killpg1(uap->signo, -uap->pid, 0); 129: break; 130: } 131: out: 132: return(u.u_error = error); 133: } 134: 135: killpg() 136: { 137: register struct a { 138: int pgrp; 139: int signo; 140: } *uap = (struct a *)u.u_ap; 141: register int error = 0; 142: 143: if (uap->signo < 0 || uap->signo >= NSIG) { 144: error = EINVAL; 145: goto out; 146: } 147: error = killpg1(uap->signo, uap->pgrp, 0); 148: out: 149: return(u.u_error = error); 150: } 151: 152: killpg1(signo, pgrp, all) 153: int signo, pgrp, all; 154: { 155: register struct proc *p; 156: int f, error = 0; 157: 158: if (!all && pgrp == 0) { 159: /* 160: * Zero process id means send to my process group. 161: */ 162: pgrp = u.u_procp->p_pgrp; 163: if (pgrp == 0) 164: return (ESRCH); 165: } 166: for (f = 0, p = allproc; p != NULL; p = p->p_nxt) { 167: if ((p->p_pgrp != pgrp && !all) || p->p_ppid == 0 || 168: (p->p_flag&SSYS) || (all && p == u.u_procp)) 169: continue; 170: if (!cansignal(p, signo)) { 171: if (!all) 172: error = EPERM; 173: continue; 174: } 175: f++; 176: if (signo) 177: psignal(p, signo); 178: } 179: return (error ? error : (f == 0 ? ESRCH : 0)); 180: } 181: 182: /* 183: * Send the specified signal to 184: * all processes with 'pgrp' as 185: * process group. 186: */ 187: gsignal(pgrp, sig) 188: register int pgrp; 189: { 190: register struct proc *p; 191: mapinfo map; 192: 193: if (pgrp == 0) 194: return; 195: savemap(map); 196: 197: for (p = allproc; p != NULL; p = p->p_nxt) 198: if (p->p_pgrp == pgrp) 199: psignal(p, sig); 200: restormap(map); 201: } 202: 203: /* 204: * Send the specified signal to 205: * the specified process. 206: */ 207: psignal(p, sig) 208: register struct proc *p; 209: register int sig; 210: { 211: register int s; 212: int (*action)(); 213: int prop; 214: long mask; 215: 216: mask = sigmask(sig); 217: prop = sigprop[sig]; 218: 219: /* 220: * If proc is traced, always give parent a chance. 221: */ 222: if (p->p_flag & P_TRACED) 223: action = SIG_DFL; 224: else { 225: /* 226: * If the signal is being ignored, 227: * then we forget about it immediately. 228: */ 229: if (p->p_sigignore & mask) 230: return; 231: if (p->p_sigmask & mask) 232: action = SIG_HOLD; 233: else if (p->p_sigcatch & mask) 234: action = SIG_CATCH; 235: else 236: action = SIG_DFL; 237: } 238: 239: if (p->p_nice > NZERO && action == SIG_DFL && (prop & SA_KILL) && 240: (p->p_flag & P_TRACED) == 0) 241: p->p_nice = NZERO; 242: 243: if (prop & SA_CONT) 244: p->p_sig &= ~stopsigmask; 245: 246: if (prop & SA_STOP) { 247: /* 248: * If sending a tty stop signal to a member of an orphaned 249: * process group (i.e. a child of init), discard the signal 250: * here if the action is default; don't stop the process 251: * below if sleeping, and don't clear any pending SIGCONT. 252: */ 253: if (prop & SA_TTYSTOP && (p->p_pptr == &proc[1]) && 254: action == SIG_DFL) 255: return; 256: p->p_sig &= ~contsigmask; 257: } 258: p->p_sig |= mask; 259: 260: /* 261: * Defer further processing for signals which are held. 262: */ 263: if (action == SIG_HOLD && ((prop & SA_CONT) == 0 || p->p_stat != SSTOP)) 264: return; 265: s = splhigh(); 266: switch (p->p_stat) { 267: 268: case SSLEEP: 269: /* 270: * If process is sleeping uninterruptibly we can not 271: * interrupt the sleep... the signal will be noticed 272: * when the process returns through trap() or syscall(). 273: */ 274: if ((p->p_flag & P_SINTR) == 0) 275: goto out; 276: /* 277: * Process is sleeping and traced... make it runnable 278: * so it can discover the signal in issignal() and stop 279: * for the parent. 280: */ 281: if (p->p_flag& P_TRACED) 282: goto run; 283: 284: /* 285: * If SIGCONT is default (or ignored) and process is 286: * asleep, we are finished; the process should not 287: * be awakened. 288: */ 289: if ((prop & SA_CONT) && action == SIG_DFL) { 290: p->p_sig &= ~mask; 291: goto out; 292: } 293: /* 294: * When a sleeping process receives a stop 295: * signal, process immediately if possible. 296: * All other (caught or default) signals 297: * cause the process to run. 298: */ 299: if (prop & SA_STOP) { 300: if (action != SIG_DFL) 301: goto run; 302: /* 303: * If a child holding parent blocked, 304: * stopping could cause deadlock. 305: */ 306: if (p->p_flag & SVFORK) 307: goto out; 308: p->p_sig &= ~mask; 309: p->p_ptracesig = sig; 310: if ((p->p_pptr->p_flag & P_NOCLDSTOP) == 0) 311: psignal(p->p_pptr, SIGCHLD); 312: stop(p); 313: goto out; 314: } else 315: goto run; 316: /*NOTREACHED*/ 317: case SSTOP: 318: /* 319: * If traced process is already stopped, 320: * then no further action is necessary. 321: */ 322: if (p->p_flag & P_TRACED) 323: goto out; 324: if (sig == SIGKILL) 325: goto run; 326: if (prop & SA_CONT) { 327: /* 328: * If SIGCONT is default (or ignored), we continue the 329: * process but don't leave the signal in p_sig, as 330: * it has no further action. If SIGCONT is held, we 331: * continue the process and leave the signal in 332: * p_sig. If the process catches SIGCONT, let it 333: * handle the signal itself. If it isn't waiting on 334: * an event, then it goes back to run state. 335: * Otherwise, process goes back to sleep state. 336: */ 337: if (action == SIG_DFL) 338: p->p_sig &= ~mask; 339: if (action == SIG_CATCH || p->p_wchan == 0) 340: goto run; 341: p->p_stat = SSLEEP; 342: goto out; 343: } 344: 345: if (prop & SA_STOP) { 346: /* 347: * Already stopped, don't need to stop again. 348: * (If we did the shell could get confused.) 349: */ 350: p->p_sig &= ~mask; /* take it away */ 351: goto out; 352: } 353: 354: /* 355: * If process is sleeping interruptibly, then simulate a 356: * wakeup so that when it is continued, it will be made 357: * runnable and can look at the signal. But don't make 358: * the process runnable, leave it stopped. 359: */ 360: if (p->p_wchan && (p->p_flag & P_SINTR)) 361: unsleep(p); 362: goto out; 363: /*NOTREACHED*/ 364: 365: default: 366: /* 367: * SRUN, SIDL, SZOMB do nothing with the signal, 368: * other than kicking ourselves if we are running. 369: * It will either never be noticed, or noticed very soon. 370: */ 371: goto out; 372: } 373: /*NOTREACHED*/ 374: run: 375: /* 376: * Raise priority to at least PUSER. 377: */ 378: if (p->p_pri > PUSER) 379: p->p_pri = PUSER; 380: setrun(p); 381: out: 382: splx(s); 383: } 384: 385: /* 386: * If the current process has received a signal (should be caught 387: * or cause termination, should interrupt current syscall) return the 388: * signal number. Stop signals with default action are processed 389: * immediately then cleared; they are not returned. This is checked 390: * after each entry into the kernel for a syscall of trap (though this 391: * can usually be done without calling issignal by checking the pending 392: * signals masks in CURSIG)/ The normal sequence is: 393: * 394: * while (signum = CURSIG(u.u_procp)) 395: * postsig(signum); 396: */ 397: issignal(p) 398: register struct proc *p; 399: { 400: register int sig; 401: long mask; 402: int prop; 403: 404: for (;;) { 405: mask = p->p_sig & ~p->p_sigmask; 406: if (p->p_flag&SVFORK) 407: mask &= ~stopsigmask; 408: if (mask == 0) 409: return(0); /* No signals to send */ 410: sig = ffs(mask); 411: mask = sigmask(sig); 412: prop = sigprop[sig]; 413: /* 414: * We should see pending but ignored signals 415: * only if P_TRACED was on when they were posted. 416: */ 417: if (mask & p->p_sigignore && (p->p_flag& P_TRACED) == 0) { 418: p->p_sig &= ~mask; 419: continue; 420: } 421: if (p->p_flag & P_TRACED && (p->p_flag & SVFORK) == 0) { 422: /* 423: * If traced, always stop, and stay 424: * stopped until released by the parent. 425: * 426: * Note that we must clear the pending signal 427: * before we call procxmt since that routine 428: * might cause a fault, calling sleep and 429: * leading us back here again with the same signal. 430: * Then we would be deadlocked because the tracer 431: * would still be blocked on the ipc struct from 432: * the initial request. 433: */ 434: p->p_sig &= ~mask; 435: p->p_ptracesig = sig; 436: psignal(p->p_pptr, SIGCHLD); 437: do { 438: stop(p); 439: swtch(); 440: } while (!procxmt() && p->p_flag & P_TRACED); 441: 442: /* 443: * If parent wants us to take the signal, 444: * then it will leave it in p->p_ptracesig; 445: * otherwise we just look for signals again. 446: */ 447: sig = p->p_ptracesig; 448: if (sig == 0) 449: continue; 450: 451: /* 452: * Put the new signal into p_sig. If the 453: * signal is being masked, look for other signals. 454: */ 455: mask = sigmask(sig); 456: p->p_sig |= mask; 457: if (p->p_sigmask & mask) 458: continue; 459: 460: /* 461: * If the traced bit got turned off, go back up 462: * to the top to rescan signals. This ensures 463: * that p_sig* and u_signal are consistent. 464: */ 465: if ((p->p_flag& P_TRACED) == 0) 466: continue; 467: prop = sigprop[sig]; 468: } 469: 470: switch ((int)u.u_signal[sig]) { 471: 472: case SIG_DFL: 473: /* 474: * Don't take default actions on system processes. 475: */ 476: if (p->p_pid <= 1) { 477: #ifdef DIAGNOSTIC 478: /* 479: * Are you sure you want to ignore SIGSEGV 480: * in init? XXX 481: */ 482: printf("Process (pid %d) got signal %d\n", 483: p->p_pid, sig); 484: #endif 485: break; 486: } 487: /* 488: * If there is a pending stop signal to process 489: * with default action, stop here, 490: * then clear the signal. However, 491: * if process is member of an orphaned 492: * process group, ignore tty stop signals. 493: */ 494: if (prop & SA_STOP) { 495: if (p->p_flag & P_TRACED || 496: (p->p_pptr == &proc[1] && 497: prop & SA_TTYSTOP)) 498: break; /* == ignore */ 499: p->p_ptracesig = sig; 500: if ((p->p_pptr->p_flag & P_NOCLDSTOP) == 0) 501: psignal(p->p_pptr, SIGCHLD); 502: stop(p); 503: swtch(); 504: break; 505: } else if (prop & SA_IGNORE) { 506: /* 507: * Except for SIGCONT, shouldn't get here. 508: * Default action is to ignore; drop it. 509: */ 510: break; /* == ignore */ 511: } else 512: return(sig); 513: /*NOTREACHED*/ 514: 515: case SIG_IGN: 516: /* 517: * Masking above should prevent us 518: * ever trying to take action on a held 519: * or ignored signal, unless process is traced. 520: */ 521: if ((prop & SA_CONT) == 0 && 522: (p->p_flag & P_TRACED) == 0) 523: printf("issig\n"); 524: break; /* == ignore */ 525: 526: default: 527: /* 528: * This signal has an action, let postsig process it. 529: */ 530: return(sig); 531: } 532: p->p_sig &= ~mask; /* take the signal away! */ 533: } 534: /* NOTREACHED */ 535: } 536: 537: /* 538: * Put the argument process into the stopped 539: * state and notify the parent via wakeup. 540: * Signals are handled elsewhere. 541: */ 542: stop(p) 543: register struct proc *p; 544: { 545: 546: p->p_stat = SSTOP; 547: p->p_flag &= ~P_WAITED; 548: wakeup((caddr_t)p->p_pptr); 549: } 550: 551: /* 552: * Take the action for the specified signal 553: * from the current set of pending signals. 554: */ 555: 556: postsig(sig) 557: int sig; 558: { 559: register struct proc *p = u.u_procp; 560: long mask = sigmask(sig), returnmask; 561: register int (*action)(); 562: 563: if (u.u_fpsaved == 0) { 564: savfp(&u.u_fps); 565: u.u_fpsaved = 1; 566: } 567: 568: p->p_sig &= ~mask; 569: action = u.u_signal[sig]; 570: 571: if (action != SIG_DFL) { 572: #ifdef DIAGNOSTIC 573: if (action == SIG_IGN || (p->p_sigmask & mask)) 574: panic("postsig action"); 575: #endif 576: u.u_error = 0; /* XXX - why? */ 577: /* 578: * Set the new mask value and also defer further 579: * occurences of this signal. 580: * 581: * Special case: user has done a sigsuspend. Here the 582: * current mask is not of interest, but rather the 583: * mask from before the sigsuspend is what we want restored 584: * after the signal processing is completed. 585: */ 586: (void) _splhigh(); 587: if (u.u_psflags & SAS_OLDMASK) { 588: returnmask = u.u_oldmask; 589: u.u_psflags &= ~SAS_OLDMASK; 590: } else 591: returnmask = p->p_sigmask; 592: p->p_sigmask |= u.u_sigmask[sig] | mask; 593: (void) _spl0(); 594: u.u_ru.ru_nsignals++; 595: sendsig(action, sig, returnmask); 596: return; 597: } 598: u.u_acflag |= AXSIG; 599: if (sigprop[sig] & SA_CORE) 600: { 601: u.u_arg[0] = sig; 602: if (core()) 603: sig |= 0200; 604: } 605: exit(sig); 606: } 607: 608: /* 609: * Create a core image on the file "core" 610: * If you are looking for protection glitches, 611: * there are probably a wealth of them here 612: * when this occurs to a suid command. 613: * 614: * It writes UPAGES (USIZE for pdp11) block of the 615: * user.h area followed by the entire 616: * data+stack segments. 617: */ 618: core() 619: { 620: register struct inode *ip; 621: struct nameidata nd; 622: register struct nameidata *ndp = &nd; 623: register char *np; 624: char *cp, name[MAXCOMLEN + 6]; 625: 626: /* 627: * Don't dump if not root and the process has used set user or 628: * group privileges. 629: */ 630: if (u.u_acflag & ASUGID && !suser()) 631: return(0); 632: if (ctob(USIZE+u.u_dsize+u.u_ssize) >= 633: u.u_rlimit[RLIMIT_CORE].rlim_cur) 634: return (0); 635: if (u.u_procp->p_textp && access(u.u_procp->p_textp->x_iptr, IREAD)) 636: return (0); 637: cp = u.u_comm; 638: np = name; 639: while (*np++ = *cp++) 640: ; 641: cp = ".core"; 642: np--; 643: while (*np++ = *cp++) 644: ; 645: u.u_error = 0; 646: NDINIT(ndp, CREATE, FOLLOW, UIO_SYSSPACE, name); 647: ip = namei(ndp); 648: if (ip == NULL) { 649: if (u.u_error) 650: return (0); 651: ip = maknode(0644, ndp); 652: if (ip==NULL) 653: return (0); 654: } 655: if (access(ip, IWRITE) || 656: (ip->i_mode&IFMT) != IFREG || 657: ip->i_nlink != 1) { 658: u.u_error = EFAULT; 659: goto out; 660: } 661: itrunc(ip, (u_long)0, 0); 662: u.u_acflag |= ACORE; 663: u.u_error = rdwri(UIO_WRITE, ip, &u, ctob(USIZE), (off_t)0, 664: UIO_SYSSPACE, IO_UNIT, (int *)0); 665: if (u.u_error) 666: goto out; 667: 668: estabur((u_int)0, u.u_dsize, u.u_ssize, 0, RO); 669: u.u_error = rdwri(UIO_WRITE, ip, 0, ctob(u.u_dsize), (off_t)ctob(USIZE), 670: UIO_USERSPACE, IO_UNIT, (int *)0); 671: if (u.u_error) 672: goto out; 673: 674: u.u_error = rdwri(UIO_WRITE, ip, (caddr_t)(-(ctob(u.u_ssize))), ctob(u.u_ssize), 675: (off_t)ctob(USIZE) + (off_t)ctob(u.u_dsize), 676: UIO_USERSPACE, IO_UNIT, (int *)0); 677: out: 678: iput(ip); 679: return (u.u_error == 0); 680: }