diff options
Diffstat (limited to 'kernel/futex_compat.c')
| -rw-r--r-- | kernel/futex_compat.c | 38 |
1 files changed, 15 insertions, 23 deletions
diff --git a/kernel/futex_compat.c b/kernel/futex_compat.c index 5f9e689dc8f0..83e368b005fc 100644 --- a/kernel/futex_compat.c +++ b/kernel/futex_compat.c | |||
| @@ -10,6 +10,7 @@ | |||
| 10 | #include <linux/compat.h> | 10 | #include <linux/compat.h> |
| 11 | #include <linux/nsproxy.h> | 11 | #include <linux/nsproxy.h> |
| 12 | #include <linux/futex.h> | 12 | #include <linux/futex.h> |
| 13 | #include <linux/ptrace.h> | ||
| 13 | 14 | ||
| 14 | #include <asm/uaccess.h> | 15 | #include <asm/uaccess.h> |
| 15 | 16 | ||
| @@ -136,40 +137,31 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr, | |||
| 136 | { | 137 | { |
| 137 | struct compat_robust_list_head __user *head; | 138 | struct compat_robust_list_head __user *head; |
| 138 | unsigned long ret; | 139 | unsigned long ret; |
| 139 | const struct cred *cred = current_cred(), *pcred; | 140 | struct task_struct *p; |
| 140 | 141 | ||
| 141 | if (!futex_cmpxchg_enabled) | 142 | if (!futex_cmpxchg_enabled) |
| 142 | return -ENOSYS; | 143 | return -ENOSYS; |
| 143 | 144 | ||
| 145 | WARN_ONCE(1, "deprecated: get_robust_list will be deleted in 2013.\n"); | ||
| 146 | |||
| 147 | rcu_read_lock(); | ||
| 148 | |||
| 149 | ret = -ESRCH; | ||
| 144 | if (!pid) | 150 | if (!pid) |
| 145 | head = current->compat_robust_list; | 151 | p = current; |
| 146 | else { | 152 | else { |
| 147 | struct task_struct *p; | ||
| 148 | |||
| 149 | ret = -ESRCH; | ||
| 150 | rcu_read_lock(); | ||
| 151 | p = find_task_by_vpid(pid); | 153 | p = find_task_by_vpid(pid); |
| 152 | if (!p) | 154 | if (!p) |
| 153 | goto err_unlock; | 155 | goto err_unlock; |
| 154 | ret = -EPERM; | ||
| 155 | pcred = __task_cred(p); | ||
| 156 | /* If victim is in different user_ns, then uids are not | ||
| 157 | comparable, so we must have CAP_SYS_PTRACE */ | ||
| 158 | if (cred->user->user_ns != pcred->user->user_ns) { | ||
| 159 | if (!ns_capable(pcred->user->user_ns, CAP_SYS_PTRACE)) | ||
| 160 | goto err_unlock; | ||
| 161 | goto ok; | ||
| 162 | } | ||
| 163 | /* If victim is in same user_ns, then uids are comparable */ | ||
| 164 | if (cred->euid != pcred->euid && | ||
| 165 | cred->euid != pcred->uid && | ||
| 166 | !ns_capable(pcred->user->user_ns, CAP_SYS_PTRACE)) | ||
| 167 | goto err_unlock; | ||
| 168 | ok: | ||
| 169 | head = p->compat_robust_list; | ||
| 170 | rcu_read_unlock(); | ||
| 171 | } | 156 | } |
| 172 | 157 | ||
| 158 | ret = -EPERM; | ||
| 159 | if (!ptrace_may_access(p, PTRACE_MODE_READ)) | ||
| 160 | goto err_unlock; | ||
| 161 | |||
| 162 | head = p->compat_robust_list; | ||
| 163 | rcu_read_unlock(); | ||
| 164 | |||
| 173 | if (put_user(sizeof(*head), len_ptr)) | 165 | if (put_user(sizeof(*head), len_ptr)) |
| 174 | return -EFAULT; | 166 | return -EFAULT; |
| 175 | return put_user(ptr_to_compat(head), head_ptr); | 167 | return put_user(ptr_to_compat(head), head_ptr); |