proc: hold cred_guard_mutex in check_mem_permission()

Avoid a potential race when task exec's and we get a new ->mm but check against the old credentials in ptrace_may_access(). Holding of the mutex is implemented by factoring out the body of the code into a helper function __check_mem_permission(). Performing this factorization now simplifies upcoming changes and minimizes churn in the diff's. Signed-off-by: Stephen Wilson <wilsons@start.ca> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
author: Stephen Wilson <wilsons@start.ca> 2011-03-13 15:49:22 -0400
committer: Al Viro <viro@zeniv.linux.org.uk> 2011-03-23 16:36:58 -0400
commit: 18f661bcf898742212182d75f22f05b048cc04bb (patch)
tree: 3a0a6edc6e4240bda06fe52d565fe4b1cb4d8b84 /fs/proc/base.c
parent: 26947f8c8f9598209001cdcd31bb2162a2e54691 (diff)
1 files changed, 22 insertions, 4 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 9af49a3984f1..013f116b3223 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -191,10 +191,7 @@ static int proc_root_link(struct inode *inode, struct path *path)
        return result;
 }
-/*
+static int __check_mem_permission(struct task_struct *task)
- * Return zero if current may access user memory in @task, -error if not.
- */
-static int check_mem_permission(struct task_struct *task)
 {
        /*
         * A task can always look at itself, in case it chooses
@@ -222,6 +219,27 @@ static int check_mem_permission(struct task_struct *task)
        return -EPERM;
 }
+/*
+ * Return zero if current may access user memory in @task, -error if not.
+ */
+static int check_mem_permission(struct task_struct *task)
+{
+        int err;
+        /*
+         * Avoid racing if task exec's as we might get a new mm but validate
+         * against old credentials.
+         */
+        err = mutex_lock_killable(&task->signal->cred_guard_mutex);
+        if (err)
+                return err;
+        err = __check_mem_permission(task);
+        mutex_unlock(&task->signal->cred_guard_mutex);
+        return err;
+}
 struct mm_struct *mm_for_maps(struct task_struct *task)
 {
        struct mm_struct *mm;
author	Stephen Wilson <wilsons@start.ca>	2011-03-13 15:49:22 -0400
committer	Al Viro <viro@zeniv.linux.org.uk>	2011-03-23 16:36:58 -0400
commit	18f661bcf898742212182d75f22f05b048cc04bb (patch)
tree	3a0a6edc6e4240bda06fe52d565fe4b1cb4d8b84 /fs/proc/base.c
parent	26947f8c8f9598209001cdcd31bb2162a2e54691 (diff)

diff --git a/fs/proc/base.c b/fs/proc/base.c index 9af49a3984f1..013f116b3223 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c
@@ -191,10 +191,7 @@ static int proc_root_link(struct inode inode, struct path path)
191	return result;	191	return result;
192	}	192	}
193		193
194	/*	194	static int __check_mem_permission(struct task_struct *task)
195	* Return zero if current may access user memory in @task, -error if not.
196	*/
197	static int check_mem_permission(struct task_struct *task)
198	{	195	{
199	/*	196	/*
200	* A task can always look at itself, in case it chooses	197	* A task can always look at itself, in case it chooses
@@ -222,6 +219,27 @@ static int check_mem_permission(struct task_struct *task)
222	return -EPERM;	219	return -EPERM;
223	}	220	}
224		221
		222	/*
		223	* Return zero if current may access user memory in @task, -error if not.
		224	*/
		225	static int check_mem_permission(struct task_struct *task)
		226	{
		227	int err;
		228
		229	/*
		230	* Avoid racing if task exec's as we might get a new mm but validate
		231	* against old credentials.
		232	*/
		233	err = mutex_lock_killable(&task->signal->cred_guard_mutex);
		234	if (err)
		235	return err;
		236
		237	err = __check_mem_permission(task);
		238	mutex_unlock(&task->signal->cred_guard_mutex);
		239
		240	return err;
		241	}
		242
225	struct mm_struct mm_for_maps(struct task_struct task)	243	struct mm_struct mm_for_maps(struct task_struct task)
226	{	244	{
227	struct mm_struct *mm;	245	struct mm_struct *mm;