diff options
author | Oleg Nesterov <oleg@redhat.com> | 2009-04-02 19:58:36 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2009-04-02 22:05:02 -0400 |
commit | 2ae448efc87df6d328f5835969076c7f9fce59c3 (patch) | |
tree | f110b43fa7c6b3c80f9b18a8e4fef728ed57f448 | |
parent | 6dda81f4384b94930826eded254d8c16f89a9248 (diff) |
pids: improve get_task_pid() to fix the unsafe sys_wait4()->task_pgrp()
sys_wait4() does get_pid(task_pgrp(current)), this is not safe. We can
add rcu lock/unlock around, but we already have get_task_pid() which can
be improved to handle the special pids in more reliable manner.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Cc: Louis Rilling <Louis.Rilling@kerlabs.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Pavel Emelyanov <xemul@openvz.org>
Cc: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
Cc: Roland McGrath <roland@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r-- | kernel/exit.c | 2 | ||||
-rw-r--r-- | kernel/pid.c | 2 |
2 files changed, 3 insertions, 1 deletions
diff --git a/kernel/exit.c b/kernel/exit.c index 029415d9f82e..384f09caf2ef 100644 --- a/kernel/exit.c +++ b/kernel/exit.c | |||
@@ -1737,7 +1737,7 @@ SYSCALL_DEFINE4(wait4, pid_t, upid, int __user *, stat_addr, | |||
1737 | pid = find_get_pid(-upid); | 1737 | pid = find_get_pid(-upid); |
1738 | } else if (upid == 0) { | 1738 | } else if (upid == 0) { |
1739 | type = PIDTYPE_PGID; | 1739 | type = PIDTYPE_PGID; |
1740 | pid = get_pid(task_pgrp(current)); | 1740 | pid = get_task_pid(current, PIDTYPE_PGID); |
1741 | } else /* upid > 0 */ { | 1741 | } else /* upid > 0 */ { |
1742 | type = PIDTYPE_PID; | 1742 | type = PIDTYPE_PID; |
1743 | pid = find_get_pid(upid); | 1743 | pid = find_get_pid(upid); |
diff --git a/kernel/pid.c b/kernel/pid.c index 1b3586fe753a..6628abcc520e 100644 --- a/kernel/pid.c +++ b/kernel/pid.c | |||
@@ -403,6 +403,8 @@ struct pid *get_task_pid(struct task_struct *task, enum pid_type type) | |||
403 | { | 403 | { |
404 | struct pid *pid; | 404 | struct pid *pid; |
405 | rcu_read_lock(); | 405 | rcu_read_lock(); |
406 | if (type != PIDTYPE_PID) | ||
407 | task = task->group_leader; | ||
406 | pid = get_pid(task->pids[type].pid); | 408 | pid = get_pid(task->pids[type].pid); |
407 | rcu_read_unlock(); | 409 | rcu_read_unlock(); |
408 | return pid; | 410 | return pid; |