diff options
author | David Howells <dhowells@redhat.com> | 2008-11-13 18:39:19 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-11-13 18:39:19 -0500 |
commit | c69e8d9c01db2adc503464993c358901c9af9de4 (patch) | |
tree | bed94aaa9aeb7a7834d1c880f72b62a11a752c78 /kernel/futex.c | |
parent | 86a264abe542cfececb4df129bc45a0338d8cdb9 (diff) |
CRED: Use RCU to access another task's creds and to release a task's own creds
Use RCU to access another task's creds and to release a task's own creds.
This means that it will be possible for the credentials of a task to be
replaced without another task (a) requiring a full lock to read them, and (b)
seeing deallocated memory.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'kernel/futex.c')
-rw-r--r-- | kernel/futex.c | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/kernel/futex.c b/kernel/futex.c index 28421d8210b8..4fe790e89d0f 100644 --- a/kernel/futex.c +++ b/kernel/futex.c | |||
@@ -439,15 +439,20 @@ static void free_pi_state(struct futex_pi_state *pi_state) | |||
439 | static struct task_struct * futex_find_get_task(pid_t pid) | 439 | static struct task_struct * futex_find_get_task(pid_t pid) |
440 | { | 440 | { |
441 | struct task_struct *p; | 441 | struct task_struct *p; |
442 | uid_t euid = current_euid(); | 442 | const struct cred *cred = current_cred(), *pcred; |
443 | 443 | ||
444 | rcu_read_lock(); | 444 | rcu_read_lock(); |
445 | p = find_task_by_vpid(pid); | 445 | p = find_task_by_vpid(pid); |
446 | if (!p || (euid != p->cred->euid && | 446 | if (!p) { |
447 | euid != p->cred->uid)) | ||
448 | p = ERR_PTR(-ESRCH); | 447 | p = ERR_PTR(-ESRCH); |
449 | else | 448 | } else { |
450 | get_task_struct(p); | 449 | pcred = __task_cred(p); |
450 | if (cred->euid != pcred->euid && | ||
451 | cred->euid != pcred->uid) | ||
452 | p = ERR_PTR(-ESRCH); | ||
453 | else | ||
454 | get_task_struct(p); | ||
455 | } | ||
451 | 456 | ||
452 | rcu_read_unlock(); | 457 | rcu_read_unlock(); |
453 | 458 | ||
@@ -1831,7 +1836,7 @@ sys_get_robust_list(int pid, struct robust_list_head __user * __user *head_ptr, | |||
1831 | { | 1836 | { |
1832 | struct robust_list_head __user *head; | 1837 | struct robust_list_head __user *head; |
1833 | unsigned long ret; | 1838 | unsigned long ret; |
1834 | uid_t euid = current_euid(); | 1839 | const struct cred *cred = current_cred(), *pcred; |
1835 | 1840 | ||
1836 | if (!futex_cmpxchg_enabled) | 1841 | if (!futex_cmpxchg_enabled) |
1837 | return -ENOSYS; | 1842 | return -ENOSYS; |
@@ -1847,8 +1852,9 @@ sys_get_robust_list(int pid, struct robust_list_head __user * __user *head_ptr, | |||
1847 | if (!p) | 1852 | if (!p) |
1848 | goto err_unlock; | 1853 | goto err_unlock; |
1849 | ret = -EPERM; | 1854 | ret = -EPERM; |
1850 | if (euid != p->cred->euid && | 1855 | pcred = __task_cred(p); |
1851 | euid != p->cred->uid && | 1856 | if (cred->euid != pcred->euid && |
1857 | cred->euid != pcred->uid && | ||
1852 | !capable(CAP_SYS_PTRACE)) | 1858 | !capable(CAP_SYS_PTRACE)) |
1853 | goto err_unlock; | 1859 | goto err_unlock; |
1854 | head = p->robust_list; | 1860 | head = p->robust_list; |