summaryrefslogtreecommitdiff
path: root/kernel
diff options
context:
space:
mode:
authorGreg Kroah-Hartman <gregkh@google.com>2020-03-20 11:03:09 +0100
committerGreg Kroah-Hartman <gregkh@google.com>2020-03-20 11:03:09 +0100
commit89c7ae8319004ba07b380cd3a407df92a77a187e (patch)
treef9e70a5889d3e4702592fba027eee7d7c2d132c6 /kernel
parent2cb6859a7504bbed6640ab3fd5f56729ff1e4b41 (diff)
parent3b41c631678a15390920ffc1e72470e83db73ac8 (diff)
Merge 4.4.217 into android-4.4-p
Changes in 4.4.217 NFS: Remove superfluous kmap in nfs_readdir_xdr_to_array r8152: check disconnect status after long sleep net: nfc: fix bounds checking bugs on "pipe" bnxt_en: reinitialize IRQs when MTU is modified fib: add missing attribute validation for tun_id nl802154: add missing attribute validation nl802154: add missing attribute validation for dev_type team: add missing attribute validation for port ifindex team: add missing attribute validation for array index nfc: add missing attribute validation for SE API nfc: add missing attribute validation for vendor subcommand ipvlan: add cond_resched_rcu() while processing muticast backlog ipvlan: do not add hardware address of master to its unicast filter list ipvlan: egress mcast packets are not exceptional ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast() ipvlan: don't deref eth hdr before checking it's set macvlan: add cond_resched() during multicast processing net: fec: validate the new settings in fec_enet_set_coalesce() slip: make slhc_compress() more robust against malicious packets bonding/alb: make sure arp header is pulled before accessing it net: fq: add missing attribute validation for orphan mask iommu/vt-d: quirk_ioat_snb_local_iommu: replace WARN_TAINT with pr_warn + add_taint drm/amd/display: remove duplicated assignment to grph_obj_type gfs2_atomic_open(): fix O_EXCL|O_CREAT handling on cold dcache KVM: x86: clear stale x86_emulate_ctxt->intercept value ARC: define __ALIGN_STR and __ALIGN symbols for ARC efi: Fix a race and a buffer overflow while reading efivars via sysfs iommu/vt-d: dmar: replace WARN_TAINT with pr_warn + add_taint iommu/vt-d: Fix a bug in intel_iommu_iova_to_phys() for huge page nl80211: add missing attribute validation for critical protocol indication nl80211: add missing attribute validation for channel switch netfilter: cthelper: add missing attribute validation for cthelper iommu/vt-d: Fix the wrong printing in RHSA parsing iommu/vt-d: Ignore devices with out-of-spec domain number mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame() ipv6: restrict IPV6_ADDRFORM operation efi: Add a sanity check to efivar_store_raw() batman-adv: Fix invalid read while copying bat_iv.bcast_own batman-adv: Only put gw_node list reference when removed batman-adv: Only put orig_node_vlan list reference when removed batman-adv: Avoid endless loop in bat-on-bat netdevice check batman-adv: Fix unexpected free of bcast_own on add_if error batman-adv: Fix integer overflow in batadv_iv_ogm_calc_tq batman-adv: init neigh node last seen field batman-adv: Deactivate TO_BE_ACTIVATED hardif on shutdown batman-adv: Drop reference to netdevice on last reference batman-adv: Fix reference counting of vlan object for tt_local_entry batman-adv: Avoid duplicate neigh_node additions batman-adv: fix skb deref after free batman-adv: Fix use-after-free/double-free of tt_req_node batman-adv: Fix ICMP RR ethernet access after skb_linearize batman-adv: Clean up untagged vlan when destroying via rtnl-link batman-adv: Avoid nullptr dereference in bla after vlan_insert_tag batman-adv: Avoid nullptr dereference in dat after vlan_insert_tag batman-adv: Fix orig_node_vlan leak on orig_node_release batman-adv: lock crc access in bridge loop avoidance batman-adv: Fix non-atomic bla_claim::backbone_gw access batman-adv: Fix reference leak in batadv_find_router batman-adv: Free last_bonding_candidate on release of orig_node batman-adv: Fix speedy join in gateway client mode batman-adv: Add missing refcnt for last_candidate batman-adv: Fix double free during fragment merge error batman-adv: Fix transmission of final, 16th fragment batman-adv: Fix rx packet/bytes stats on local ARP reply batman-adv: fix TT sync flag inconsistencies batman-adv: Fix lock for ogm cnt access in batadv_iv_ogm_calc_tq batman-adv: Fix internal interface indices types batman-adv: update data pointers after skb_cow() batman-adv: Fix skbuff rcsum on packet reroute batman-adv: Avoid race in TT TVLV allocator helper batman-adv: Fix TT sync flags for intermediate TT responses batman-adv: prevent TT request storms by not sending inconsistent TT TLVLs batman-adv: Fix debugfs path for renamed hardif batman-adv: Fix debugfs path for renamed softif batman-adv: Avoid storing non-TT-sync flags on singular entries too batman-adv: Prevent duplicated gateway_node entry batman-adv: Prevent duplicated nc_node entry batman-adv: Prevent duplicated global TT entry batman-adv: Prevent duplicated tvlv handler batman-adv: Reduce claim hash refcnt only for removed entry batman-adv: Reduce tt_local hash refcnt only for removed entry batman-adv: Reduce tt_global hash refcnt only for removed entry batman-adv: Only read OGM tvlv_len after buffer len check batman-adv: Avoid free/alloc race when handling OGM buffer batman-adv: Don't schedule OGM for disabled interface perf/amd/uncore: Replace manual sampling check with CAP_NO_INTERRUPT flag net: ks8851-ml: Fix IRQ handling and locking signal: avoid double atomic counter increments for user accounting jbd2: fix data races at struct journal_head ARM: 8957/1: VDSO: Match ARMv8 timer in cntvct_functional() ARM: 8958/1: rename missed uaccess .fixup section mm: slub: add missing TID bump in kmem_cache_alloc_bulk() ipv4: ensure rcu_read_lock() in cipso_v4_error() Linux 4.4.217 Change-Id: Ic8c9ec91c66a9a0bb0b6291ad0a5101d18889a67 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/signal.c23
1 files changed, 14 insertions, 9 deletions
diff --git a/kernel/signal.c b/kernel/signal.c
index 7e4a4b199a11..90a94e54db09 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -373,27 +373,32 @@ __sigqueue_alloc(int sig, struct task_struct *t, gfp_t flags, int override_rlimi
{
struct sigqueue *q = NULL;
struct user_struct *user;
+ int sigpending;
/*
* Protect access to @t credentials. This can go away when all
* callers hold rcu read lock.
+ *
+ * NOTE! A pending signal will hold on to the user refcount,
+ * and we get/put the refcount only when the sigpending count
+ * changes from/to zero.
*/
rcu_read_lock();
- user = get_uid(__task_cred(t)->user);
- atomic_inc(&user->sigpending);
+ user = __task_cred(t)->user;
+ sigpending = atomic_inc_return(&user->sigpending);
+ if (sigpending == 1)
+ get_uid(user);
rcu_read_unlock();
- if (override_rlimit ||
- atomic_read(&user->sigpending) <=
- task_rlimit(t, RLIMIT_SIGPENDING)) {
+ if (override_rlimit || likely(sigpending <= task_rlimit(t, RLIMIT_SIGPENDING))) {
q = kmem_cache_alloc(sigqueue_cachep, flags);
} else {
print_dropped_signal(sig);
}
if (unlikely(q == NULL)) {
- atomic_dec(&user->sigpending);
- free_uid(user);
+ if (atomic_dec_and_test(&user->sigpending))
+ free_uid(user);
} else {
INIT_LIST_HEAD(&q->list);
q->flags = 0;
@@ -407,8 +412,8 @@ static void __sigqueue_free(struct sigqueue *q)
{
if (q->flags & SIGQUEUE_PREALLOC)
return;
- atomic_dec(&q->user->sigpending);
- free_uid(q->user);
+ if (atomic_dec_and_test(&q->user->sigpending))
+ free_uid(q->user);
kmem_cache_free(sigqueue_cachep, q);
}
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-09 00:47:57 +0000