[PATCH -mm] do_wait-fix-security-checks-fix

On 11/24, Oleg Nesterov wrote:
>
> -		if (!flag) {
> +		if (flag)
> +			continue;

This "last obvious cleanup right before sending the patch" is terribly wrong,
we can't continue, we must advance the tsk to the next_thread().

Please apply.

--- PT/kernel/exit.c~SEC_FIX	2007-11-26 17:10:41.000000000 +0300
+++ PT/kernel/exit.c	2007-11-27 20:41:10.000000000 +0300
@@ -1527,16 +1527,17 @@ repeat:
 			if (retval != 0) /* tasklist_lock released */
 				goto end;
 		}
-		if (flag)
-			continue;
-		list_for_each_entry(p, &tsk->ptrace_children, ptrace_list) {
-			flag = eligible_child(pid, options, p);
-			if (!flag)
-				continue;
-			if (likely(flag > 0))
-				break;
-			retval = flag;
-			goto end;
+		if (!flag) {
+			list_for_each_entry(p, &tsk->ptrace_children,
+								ptrace_list) {
+				flag = eligible_child(pid, options, p);
+				if (!flag)
+					continue;
+				if (likely(flag > 0))
+					break;
+				retval = flag;
+				goto end;
+			}
 		}
 		if (options & __WNOTHREAD)
 			break;

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• References:
  • [RFC, PATCH -mm] do_wait: fix security checks
    • From: Oleg Nesterov <[email protected]>

• Prev by Date: Re: possible BUG: unable to handle kernel NULL pointer dereference at virtual address 00000000
• Next by Date: Re: 2.6.24-rc3-mm1 - Kernel Panic on IO-APIC
• Previous by thread: [RFC, PATCH -mm] do_wait: fix security checks
• Next by thread: [PATCH] wait_task_continued/zombie: don't use task_pid_nr_ns() lockless
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]