While syscall kill() gives users the ability to send certain signal to certain process in the user space of Linux, the story is totally different if we want to send signals from the kernel space to the user space. After some googling, I have found an excellent page describing this topic with real code examples. All the code here is based on these examples with few changes to make them work on the latest kernel (3.13.0). Have fun~
Signal is eventually the struct siginfo in the kernel code. To send a signal, we have to construct this signal at first. To make sure the process in the user space is always able to receive this signal, we will use real-time signal rather than the normal signal, as it is explained in the reference. A new signal number (SIG_TEST, 44) is also defined to avoid potential conflict with existing signals, which are architecture dependent.
As the user space routine, the kernel has to know the pid of target process before sending a signal. There are different ways for communications between the kernel space and the user space, such as netlink socket, relay or /proc. Here, debugfs is used to create a new entry under /sys/kernel/debug. The write operations call back is implemented allowing the kernel to receive the value (pid) written by the user space.
3. task, send_sig_info()
As process is actually the struct task in the kernel, we have to find the corresponding task once given the pid – pid_task(find_pid_ns(pid, &init_pid_ns), PIDTYPE_PID). (Note that older kernels may have different ways to do this). Once we have got the task, send_sig_info() is called to deliver this signal with the signal data (because of real-time signal) to the target task (process) – send_sig_info(SIG_TEST, &info, t).