aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorOleg Nesterov <oleg@redhat.com>2009-04-02 19:58:36 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2009-04-02 22:05:02 -0400
commit2ae448efc87df6d328f5835969076c7f9fce59c3 (patch)
treef110b43fa7c6b3c80f9b18a8e4fef728ed57f448
parent6dda81f4384b94930826eded254d8c16f89a9248 (diff)
pids: improve get_task_pid() to fix the unsafe sys_wait4()->task_pgrp()
sys_wait4() does get_pid(task_pgrp(current)), this is not safe. We can add rcu lock/unlock around, but we already have get_task_pid() which can be improved to handle the special pids in more reliable manner. Signed-off-by: Oleg Nesterov <oleg@redhat.com> Cc: Louis Rilling <Louis.Rilling@kerlabs.com> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Pavel Emelyanov <xemul@openvz.org> Cc: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com> Cc: Roland McGrath <roland@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--kernel/exit.c2
-rw-r--r--kernel/pid.c2
2 files changed, 3 insertions, 1 deletions
diff --git a/kernel/exit.c b/kernel/exit.c
index 029415d9f82e..384f09caf2ef 100644
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -1737,7 +1737,7 @@ SYSCALL_DEFINE4(wait4, pid_t, upid, int __user *, stat_addr,
1737 pid = find_get_pid(-upid); 1737 pid = find_get_pid(-upid);
1738 } else if (upid == 0) { 1738 } else if (upid == 0) {
1739 type = PIDTYPE_PGID; 1739 type = PIDTYPE_PGID;
1740 pid = get_pid(task_pgrp(current)); 1740 pid = get_task_pid(current, PIDTYPE_PGID);
1741 } else /* upid > 0 */ { 1741 } else /* upid > 0 */ {
1742 type = PIDTYPE_PID; 1742 type = PIDTYPE_PID;
1743 pid = find_get_pid(upid); 1743 pid = find_get_pid(upid);
diff --git a/kernel/pid.c b/kernel/pid.c
index 1b3586fe753a..6628abcc520e 100644
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@ -403,6 +403,8 @@ struct pid *get_task_pid(struct task_struct *task, enum pid_type type)
403{ 403{
404 struct pid *pid; 404 struct pid *pid;
405 rcu_read_lock(); 405 rcu_read_lock();
406 if (type != PIDTYPE_PID)
407 task = task->group_leader;
406 pid = get_pid(task->pids[type].pid); 408 pid = get_pid(task->pids[type].pid);
407 rcu_read_unlock(); 409 rcu_read_unlock();
408 return pid; 410 return pid;