aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/staging
diff options
context:
space:
mode:
authorOleg Nesterov <oleg@redhat.com>2009-01-18 12:17:20 -0500
committerGreg Kroah-Hartman <gregkh@kvm.kroah.org>2009-01-28 18:49:05 -0500
commit1176e83aff6f15b6ae4d1b53c16124884ad29363 (patch)
treecc808cf2a4f9b6306277bab178f3f055d54765a6 /drivers/staging
parent191805ac41a63929003faa33365027d3fb924d71 (diff)
Staging: android: task_get_unused_fd_flags: fix the wrong usage of tsk->signal
Compile tested. task_struct->signal is not protected by RCU, the code is bogus. Change the code to take ->siglock to pin ->signal. Signed-off-by: Oleg Nesterov <oleg@redhat.com> Cc: Arve Hjønnevåg <arve@android.com> Cc: Brian Swetland <swetland@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'drivers/staging')
-rw-r--r--drivers/staging/android/binder.c10
1 files changed, 5 insertions, 5 deletions
diff --git a/drivers/staging/android/binder.c b/drivers/staging/android/binder.c
index ab014bc96831..758131cad08a 100644
--- a/drivers/staging/android/binder.c
+++ b/drivers/staging/android/binder.c
@@ -319,6 +319,7 @@ int task_get_unused_fd_flags(struct task_struct *tsk, int flags)
319 int fd, error; 319 int fd, error;
320 struct fdtable *fdt; 320 struct fdtable *fdt;
321 unsigned long rlim_cur; 321 unsigned long rlim_cur;
322 unsigned long irqs;
322 323
323 if (files == NULL) 324 if (files == NULL)
324 return -ESRCH; 325 return -ESRCH;
@@ -335,12 +336,11 @@ repeat:
335 * N.B. For clone tasks sharing a files structure, this test 336 * N.B. For clone tasks sharing a files structure, this test
336 * will limit the total number of files that can be opened. 337 * will limit the total number of files that can be opened.
337 */ 338 */
338 rcu_read_lock(); 339 rlim_cur = 0;
339 if (tsk->signal) 340 if (lock_task_sighand(tsk, &irqs)) {
340 rlim_cur = tsk->signal->rlim[RLIMIT_NOFILE].rlim_cur; 341 rlim_cur = tsk->signal->rlim[RLIMIT_NOFILE].rlim_cur;
341 else 342 unlock_task_sighand(tsk, &irqs);
342 rlim_cur = 0; 343 }
343 rcu_read_unlock();
344 if (fd >= rlim_cur) 344 if (fd >= rlim_cur)
345 goto out; 345 goto out;
346 346