[PATCH] Fix unserialized task->files changing

Fixed race on put_files_struct on exec with proc.  Restoring files on
current on error path may lead to proc having a pointer to already kfree-d
files_struct.

->files changing at exit.c and khtread.c are safe as exit_files() makes all
things under lock.

Found during OpenVZ stress testing.

[akpm@osdl.org: add export]
Signed-off-by: Pavel Emelianov <xemul@openvz.org>
Signed-off-by: Kirill Korotaev <dev@openvz.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

3 files changed, 5 insertions, 10 deletions

diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index dfd8cfb7fb5d..bb43da5cde5c 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -1038,10 +1038,8 @@ out_free_interp:
 out_free_file:
         sys_close(elf_exec_fileno);
 out_free_fh:
-        if (files) {
-                put_files_struct(current->files);
-                current->files = files;
-        }
+        if (files)
+                reset_files_struct(current, files);
 out_free_ph:
         kfree(elf_phdata);
         goto out;
diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c
index 66ba137f8661..1713c48fef54 100644
--- a/fs/binfmt_misc.c
+++ b/fs/binfmt_misc.c
@@ -215,10 +215,8 @@ _error:
         bprm->interp_flags = 0;
         bprm->interp_data = 0;
 _unshare:
-        if (files) {
-                put_files_struct(current->files);
-                current->files = files;
-        }
+        if (files)
+                reset_files_struct(current, files);
         goto _ret;
 }
 
diff --git a/fs/exec.c b/fs/exec.c
index 97df6e0aeaee..a8efe35176b0 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -898,8 +898,7 @@ int flush_old_exec(struct linux_binprm * bprm)
         return 0;
 
 mmap_failed:
-        put_files_struct(current->files);
-        current->files = files;
+        reset_files_struct(current, files);
 out:
         return retval;
 }