On 08/18, Neil Horman wrote:
>
> +static int proc_pid_limits(struct task_struct *task, char *buffer)
> +{
> + unsigned int i;
> + int count = 0;
> + unsigned long flags;
> + char *bufptr = buffer;
> +
> + struct rlimit rlim[RLIM_NLIMITS];
> +
> + rcu_read_lock();
> + lock_task_sighand(task,&flags);
> + if (task->signal == NULL){
> + unlock_task_sighand(task, &flags);
> + rcu_read_unlock();
> + return 0;
> + }
> + memcpy(rlim, task->signal->rlim, sizeof(struct rlimit) * RLIM_NLIMITS);
> + unlock_task_sighand(task, &flags);
> + rcu_read_unlock();
No, no. If lock_task_sighand() fails, ->signal _should be_ == NULL, but the
"if (task->signal == NULL)" check is not reliable, we don't have any barriers
to serialize with __exit_signal().
More importantly, it is very wrong to do unlock_task_sighand() in that case,
this means NULL pointer dereference.
What we need is:
rcu_read_lock();
if (!lock_task_sighand(task, &flags)) {
rcu_read_unlock();
return 0;
}
memcpy(rlim, task->signal->rlim, sizeof(rlim));
unlock_task_sighand(task, &flags);
rcu_read_unlock();
No need to check ->signal != NULL if lock_task_sighand() succeeds.
Oleg.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
