aboutsummaryrefslogtreecommitdiffstats
path: root/kernel/futex.c
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2008-11-13 18:39:19 -0500
committerJames Morris <jmorris@namei.org>2008-11-13 18:39:19 -0500
commitc69e8d9c01db2adc503464993c358901c9af9de4 (patch)
treebed94aaa9aeb7a7834d1c880f72b62a11a752c78 /kernel/futex.c
parent86a264abe542cfececb4df129bc45a0338d8cdb9 (diff)
CRED: Use RCU to access another task's creds and to release a task's own creds
Use RCU to access another task's creds and to release a task's own creds. This means that it will be possible for the credentials of a task to be replaced without another task (a) requiring a full lock to read them, and (b) seeing deallocated memory. Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: James Morris <jmorris@namei.org> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'kernel/futex.c')
-rw-r--r--kernel/futex.c22
1 files changed, 14 insertions, 8 deletions
diff --git a/kernel/futex.c b/kernel/futex.c
index 28421d8210b8..4fe790e89d0f 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -439,15 +439,20 @@ static void free_pi_state(struct futex_pi_state *pi_state)
439static struct task_struct * futex_find_get_task(pid_t pid) 439static struct task_struct * futex_find_get_task(pid_t pid)
440{ 440{
441 struct task_struct *p; 441 struct task_struct *p;
442 uid_t euid = current_euid(); 442 const struct cred *cred = current_cred(), *pcred;
443 443
444 rcu_read_lock(); 444 rcu_read_lock();
445 p = find_task_by_vpid(pid); 445 p = find_task_by_vpid(pid);
446 if (!p || (euid != p->cred->euid && 446 if (!p) {
447 euid != p->cred->uid))
448 p = ERR_PTR(-ESRCH); 447 p = ERR_PTR(-ESRCH);
449 else 448 } else {
450 get_task_struct(p); 449 pcred = __task_cred(p);
450 if (cred->euid != pcred->euid &&
451 cred->euid != pcred->uid)
452 p = ERR_PTR(-ESRCH);
453 else
454 get_task_struct(p);
455 }
451 456
452 rcu_read_unlock(); 457 rcu_read_unlock();
453 458
@@ -1831,7 +1836,7 @@ sys_get_robust_list(int pid, struct robust_list_head __user * __user *head_ptr,
1831{ 1836{
1832 struct robust_list_head __user *head; 1837 struct robust_list_head __user *head;
1833 unsigned long ret; 1838 unsigned long ret;
1834 uid_t euid = current_euid(); 1839 const struct cred *cred = current_cred(), *pcred;
1835 1840
1836 if (!futex_cmpxchg_enabled) 1841 if (!futex_cmpxchg_enabled)
1837 return -ENOSYS; 1842 return -ENOSYS;
@@ -1847,8 +1852,9 @@ sys_get_robust_list(int pid, struct robust_list_head __user * __user *head_ptr,
1847 if (!p) 1852 if (!p)
1848 goto err_unlock; 1853 goto err_unlock;
1849 ret = -EPERM; 1854 ret = -EPERM;
1850 if (euid != p->cred->euid && 1855 pcred = __task_cred(p);
1851 euid != p->cred->uid && 1856 if (cred->euid != pcred->euid &&
1857 cred->euid != pcred->uid &&
1852 !capable(CAP_SYS_PTRACE)) 1858 !capable(CAP_SYS_PTRACE))
1853 goto err_unlock; 1859 goto err_unlock;
1854 head = p->robust_list; 1860 head = p->robust_list;