From: Don Howard <dhoward@redhat.com>
Date: Thu, 9 Apr 2009 18:18:14 -0700
Subject: [misc] fork: CLONE_PARENT && parent_exec_id interaction
Message-id: alpine.LRH.2.00.0904091444090.552@notfadeaway.remotee.org
O-Subject: Re: [rhel5 patch] Fix CLONE_PARENT && parent_exec_id interaction
Bugzilla: 479964
RH-Acked-by: Oleg Nesterov <oleg@redhat.com>
RH-Acked-by: Anton Arapov <aarapov@redhat.com>
RH-Acked-by: Rik van Riel <riel@redhat.com>

On Thu, 9 Apr 2009, Don Zickus wrote:

> On Wed, Apr 08, 2009 at 02:06:41PM -0700, Don Howard wrote:
> >
> > This is an replacement for a patch posted earlier:
> >
> > Upstream settled on a different patch that better preserves CLONE_PARENT
> > semantics.  I propose replacing
> > linux-2.6-misc-minor-signal-handling-vulnerability.patch with the patch
> > below.
>

diff --git a/kernel/fork.c b/kernel/fork.c
index f0f3640..e747257 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1277,15 +1277,8 @@ static struct task_struct *copy_process(unsigned long clone_flags,
 	clear_tsk_thread_flag(p, TIF_SYSCALL_EMU);
 #endif
 
-	/* Our parent execution domain becomes current domain
-	   These must match for thread signalling to apply */
-	   
-	p->parent_exec_id = p->self_exec_id;
-
 	/* ok, now we should be set up.. */
-	p->exit_signal = (clone_flags & CLONE_THREAD) ? -1 :
-			 (clone_flags & CLONE_PARENT) ? SIGCHLD :
-			 (clone_flags & CSIGNAL);
+	p->exit_signal = (clone_flags & CLONE_THREAD) ? -1 : (clone_flags & CSIGNAL);
 	p->pdeath_signal = 0;
 	p->exit_state = 0;
 
@@ -1317,10 +1310,13 @@ static struct task_struct *copy_process(unsigned long clone_flags,
 		set_task_cpu(p, smp_processor_id());
 
 	/* CLONE_PARENT re-uses the old parent */
-	if (clone_flags & (CLONE_PARENT|CLONE_THREAD))
+	if (clone_flags & (CLONE_PARENT|CLONE_THREAD)) {
 		p->parent = current->parent;
-	else
+		p->parent_exec_id = current->parent_exec_id;
+	} else {
 		p->parent = current;
+		p->parent_exec_id = current->self_exec_id;
+	}
 
 	spin_lock(&current->sighand->siglock);