The following piece of code contains a few omissions:
+ if (sigev->sigev_notify == SIGEV_SIGNAL) {
+ struct siginfo sinfo;
+
+ sinfo.si_signo = sigev->sigev_signo;
+ sinfo.si_errno = 0;
+ sinfo.si_code = SI_KERNEL;
+ sinfo.si_pid = 0;
+ sinfo.si_uid = 0;
+
+ send_sig_info(sigev->sigev_signo, &sinfo, task);
+ }
First of all the struct siginfo is not cleared
(e.g. with memset(&sinfo, 0, sizeof(sinfo)))
This would copy kernel data which was accidentally on the stack to the
user. Could be perceived as a security problem.
Secondly, according to my POSIX.4 book from O'Reilly the si_code should be
SI_ASYNCIO.
Thirdly, the sigev->sigev_value is not copied to sinfo.si_value.
Keep up the good work,
Robert
|