posix-timers: Embed sigqueue in struct k_itimer

	seq_printf(m, "ID: %d\n", timer->it_id);

	seq_printf(m, "signal: %d/%px\n",

		   timer->sigq->info.si_signo,

		   timer->sigq->info.si_value.sival_ptr);

		   timer->sigq.info.si_signo,

		   timer->sigq.info.si_value.sival_ptr);

	seq_printf(m, "notify: %s/%s.%d\n",

		   nstr[notify & ~SIGEV_THREAD_ID],

		   (notify & SIGEV_THREAD_ID) ? "tid" : "pid",

#ifdef CONFIG_POSIX_TIMERS

#include <linux/signal_types.h>

/**

 * cpu_timer - Posix CPU timer representation for k_itimer

 * @node:	timerqueue node to queue in the task/sig

 * @it_pid:		The pid of the process/task targeted by the signal

 * @it_process:		The task to wakeup on clock_nanosleep (CPU timers)

 * @rcuref:		Reference count for life time management

 * @sigq:		Pointer to preallocated sigqueue

 * @sigq:		Embedded sigqueue

 * @it:			Union representing the various posix timer type

 *			internals.

 * @rcu:		RCU head for freeing the timer.

		struct pid		*it_pid;

		struct task_struct	*it_process;

	};

	struct sigqueue		*sigq;

	struct sigqueue		sigq;

	rcuref_t		rcuref;

	union {

		struct {

	if (rcuref_put(&tmr->rcuref))

		posixtimer_free_timer(tmr);

}

static inline void posixtimer_sigqueue_getref(struct sigqueue *q)

{

	struct k_itimer *tmr = container_of(q, struct k_itimer, sigq);

	WARN_ON_ONCE(!rcuref_get(&tmr->rcuref));

}

static inline void posixtimer_sigqueue_putref(struct sigqueue *q)

{

	struct k_itimer *tmr = container_of(q, struct k_itimer, sigq);

	posixtimer_putref(tmr);

}

#else  /* CONFIG_POSIX_TIMERS */

static inline void posixtimer_sigqueue_getref(struct sigqueue *q) { }

static inline void posixtimer_sigqueue_putref(struct sigqueue *q) { }

#endif /* !CONFIG_POSIX_TIMERS */

#endif

static void __sigqueue_free(struct sigqueue *q)

{

	if (q->flags & SIGQUEUE_PREALLOC)

	if (q->flags & SIGQUEUE_PREALLOC) {

		posixtimer_sigqueue_putref(q);

		return;

	}

	if (q->ucounts) {

		dec_rlimit_put_ucounts(q->ucounts, UCOUNT_RLIMIT_SIGPENDING);

		q->ucounts = NULL;

		copy_siginfo(info, &first->info);

		/*

		 * posix-timer signals are preallocated and freed when the

		 * timer goes away. Either directly or by clearing

		 * SIGQUEUE_PREALLOC so that the next delivery will free

		 * them. Spare the extra round through __sigqueue_free()

		 * which is ignoring preallocated signals.

		 * posix-timer signals are preallocated and freed when the last

		 * reference count is dropped in posixtimer_deliver_signal() or

		 * immediately on timer deletion when the signal is not pending.

		 * Spare the extra round through __sigqueue_free() which is

		 * ignoring preallocated signals.

		 */

		if (unlikely((first->flags & SIGQUEUE_PREALLOC) && (info->si_code == SI_TIMER)))

			*timer_sigq = first;

int posixtimer_send_sigqueue(struct k_itimer *tmr)

{

	struct sigqueue *q = tmr->sigq;

	struct sigqueue *q = &tmr->sigq;

	int sig = q->info.si_signo;

	struct task_struct *t;

	unsigned long flags;

	ret = 0;

	if (unlikely(!list_empty(&q->list))) {

		/* This holds a reference count already */

		result = TRACE_SIGNAL_ALREADY_PENDING;

		goto out;

	}

	posixtimer_sigqueue_getref(q);

	posixtimer_queue_sigqueue(q, t, tmr->it_pid_type);

	result = TRACE_SIGNAL_DELIVERED;

out:

	hrtimer_restart(timer);

}

/*

 * This function is called from the signal delivery code. It decides

 * whether the signal should be dropped and rearms interval timers.

 */

bool posixtimer_deliver_signal(struct kernel_siginfo *info, struct sigqueue *timer_sigq)

static bool __posixtimer_deliver_signal(struct kernel_siginfo *info, struct k_itimer *timr)

{

	struct k_itimer *timr;

	unsigned long flags;

	bool ret = false;

	guard(spinlock)(&timr->it_lock);

	/*

	 * Release siglock to ensure proper locking order versus

	 * timr::it_lock. Keep interrupts disabled.

	 * Check if the timer is still alive or whether it got modified

	 * since the signal was queued. In either case, don't rearm and

	 * drop the signal.

	 */

	spin_unlock(&current->sighand->siglock);

	if (timr->it_signal_seq != info->si_sys_private || WARN_ON_ONCE(!timr->it_signal))

		return false;

	timr = lock_timer(info->si_tid, &flags);

	if (!timr)

		goto out;

	if (!timr->it_interval || WARN_ON_ONCE(timr->it_status != POSIX_TIMER_REQUEUE_PENDING))

		return true;

	if (timr->it_signal_seq != info->si_sys_private)

		goto out_unlock;

	if (timr->it_interval && !WARN_ON_ONCE(timr->it_status != POSIX_TIMER_REQUEUE_PENDING)) {

	timr->kclock->timer_rearm(timr);

	timr->it_status = POSIX_TIMER_ARMED;

	timr->it_overrun_last = timr->it_overrun;

	timr->it_overrun = -1LL;

	++timr->it_signal_seq;

	info->si_overrun = timer_overrun_to_int(timr);

	return true;

}

	ret = true;

out_unlock:

	unlock_timer(timr, flags);

out:

/*

 * This function is called from the signal delivery code. It decides

 * whether the signal should be dropped and rearms interval timers.  The

 * timer can be unconditionally accessed as there is a reference held on

 * it.

 */

bool posixtimer_deliver_signal(struct kernel_siginfo *info, struct sigqueue *timer_sigq)

{

	struct k_itimer *timr = container_of(timer_sigq, struct k_itimer, sigq);

	bool ret;

	/*

	 * Release siglock to ensure proper locking order versus

	 * timr::it_lock. Keep interrupts disabled.

	 */

	spin_unlock(&current->sighand->siglock);

	ret = __posixtimer_deliver_signal(info, timr);

	/* Drop the reference which was acquired when the signal was queued */

	posixtimer_putref(timr);

	spin_lock(&current->sighand->siglock);

	/* Don't expose the si_sys_private value to userspace */

	if (!tmr)

		return tmr;

	if (unlikely(!(tmr->sigq = sigqueue_alloc()))) {

	if (unlikely(!posixtimer_init_sigqueue(&tmr->sigq))) {

		kmem_cache_free(posix_timers_cache, tmr);

		return NULL;

	}

	clear_siginfo(&tmr->sigq->info);

	rcuref_init(&tmr->rcuref, 1);

	return tmr;

}

void posixtimer_free_timer(struct k_itimer *tmr)

{

	put_pid(tmr->it_pid);

	sigqueue_free(tmr->sigq);

	if (tmr->sigq.ucounts)

		dec_rlimit_put_ucounts(tmr->sigq.ucounts, UCOUNT_RLIMIT_SIGPENDING);

	kfree_rcu(tmr, rcu);

}

			goto out;

		}

		new_timer->it_sigev_notify     = event->sigev_notify;

		new_timer->sigq->info.si_signo = event->sigev_signo;

		new_timer->sigq->info.si_value = event->sigev_value;

		new_timer->sigq.info.si_signo = event->sigev_signo;

		new_timer->sigq.info.si_value = event->sigev_value;

	} else {

		new_timer->it_sigev_notify     = SIGEV_SIGNAL;

		new_timer->sigq->info.si_signo = SIGALRM;

		memset(&new_timer->sigq->info.si_value, 0, sizeof(sigval_t));

		new_timer->sigq->info.si_value.sival_int = new_timer->it_id;

		new_timer->sigq.info.si_signo = SIGALRM;

		memset(&new_timer->sigq.info.si_value, 0, sizeof(sigval_t));

		new_timer->sigq.info.si_value.sival_int = new_timer->it_id;

		new_timer->it_pid = get_pid(task_tgid(current));

	}

	else

		new_timer->it_pid_type = PIDTYPE_TGID;

	new_timer->sigq->info.si_tid   = new_timer->it_id;

	new_timer->sigq->info.si_code  = SI_TIMER;

	new_timer->sigq.info.si_tid = new_timer->it_id;

	new_timer->sigq.info.si_code = SI_TIMER;

	if (copy_to_user(created_timer_id, &new_timer_id, sizeof (new_timer_id))) {

		error = -EFAULT;

	 *  1) Set timr::it_signal to NULL with timr::it_lock held

	 *  2) Release timr::it_lock

	 *  3) Remove from the hash under hash_lock

	 *  4) Call RCU for removal after the grace period

	 *  4) Put the reference count.

	 *

	 * The reference count might not drop to zero if timr::sigq is

	 * queued. In that case the signal delivery or flush will put the

	 * last reference count.

	 *

	 * When the reference count reaches zero, the timer is scheduled

	 * for RCU removal after the grace period.

	 *

	 * Holding rcu_read_lock() accross the lookup ensures that

	 * the timer cannot be freed.