pids: sys_getpgid: fix unsafe *pid usage, s/tasklist/rcu/
1. sys_getpgid() needs rcu_read_lock() to derive the pgrp _nr, even if the task is current, otherwise we can race with another thread which does sys_setpgid(). 2. Use rcu_read_lock() instead of tasklist_lock when pid != 0, make sure that we don't use the NULL pid if the task exits right after successful find_task_by_vpid(). Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru> Cc: Roland McGrath <roland@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
1dd768c081
commit
12a3de0a96
38
kernel/sys.c
38
kernel/sys.c
@ -991,31 +991,37 @@ asmlinkage long sys_setpgid(pid_t pid, pid_t pgid)
|
|||||||
|
|
||||||
asmlinkage long sys_getpgid(pid_t pid)
|
asmlinkage long sys_getpgid(pid_t pid)
|
||||||
{
|
{
|
||||||
if (!pid)
|
struct task_struct *p;
|
||||||
return task_pgrp_vnr(current);
|
struct pid *grp;
|
||||||
else {
|
int retval;
|
||||||
int retval;
|
|
||||||
struct task_struct *p;
|
|
||||||
|
|
||||||
read_lock(&tasklist_lock);
|
rcu_read_lock();
|
||||||
p = find_task_by_vpid(pid);
|
if (!pid)
|
||||||
|
grp = task_pgrp(current);
|
||||||
|
else {
|
||||||
retval = -ESRCH;
|
retval = -ESRCH;
|
||||||
if (p) {
|
p = find_task_by_vpid(pid);
|
||||||
retval = security_task_getpgid(p);
|
if (!p)
|
||||||
if (!retval)
|
goto out;
|
||||||
retval = task_pgrp_vnr(p);
|
grp = task_pgrp(p);
|
||||||
}
|
if (!grp)
|
||||||
read_unlock(&tasklist_lock);
|
goto out;
|
||||||
return retval;
|
|
||||||
|
retval = security_task_getpgid(p);
|
||||||
|
if (retval)
|
||||||
|
goto out;
|
||||||
}
|
}
|
||||||
|
retval = pid_vnr(grp);
|
||||||
|
out:
|
||||||
|
rcu_read_unlock();
|
||||||
|
return retval;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef __ARCH_WANT_SYS_GETPGRP
|
#ifdef __ARCH_WANT_SYS_GETPGRP
|
||||||
|
|
||||||
asmlinkage long sys_getpgrp(void)
|
asmlinkage long sys_getpgrp(void)
|
||||||
{
|
{
|
||||||
/* SMP - assuming writes are word atomic this is fine */
|
return sys_getpgid(0);
|
||||||
return task_pgrp_vnr(current);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
Loading…
Reference in New Issue
Block a user