lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1233185210-23098-7-git-send-email-gregkh@suse.de>
Date:	Wed, 28 Jan 2009 15:26:47 -0800
From:	Greg Kroah-Hartman <gregkh@...e.de>
To:	linux-kernel@...r.kernel.org
Cc:	Oleg Nesterov <oleg@...hat.com>,
	Arve Hjønnevåg <arve@...roid.com>,
	Brian Swetland <swetland@...gle.com>,
	Greg Kroah-Hartman <gregkh@...e.de>
Subject: [PATCH 07/10] Staging: android: task_get_unused_fd_flags: fix the wrong usage of tsk->signal

From: Oleg Nesterov <oleg@...hat.com>

Compile tested.

task_struct->signal is not protected by RCU, the code is bogus.
Change the code to take ->siglock to pin ->signal.

Signed-off-by: Oleg Nesterov <oleg@...hat.com>
Cc: Arve Hjønnevåg <arve@...roid.com>
Cc: Brian Swetland <swetland@...gle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@...e.de>
---
 drivers/staging/android/binder.c |   10 +++++-----
 1 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/drivers/staging/android/binder.c b/drivers/staging/android/binder.c
index ab014bc..758131c 100644
--- a/drivers/staging/android/binder.c
+++ b/drivers/staging/android/binder.c
@@ -319,6 +319,7 @@ int task_get_unused_fd_flags(struct task_struct *tsk, int flags)
 	int fd, error;
 	struct fdtable *fdt;
 	unsigned long rlim_cur;
+	unsigned long irqs;
 
 	if (files == NULL)
 		return -ESRCH;
@@ -335,12 +336,11 @@ repeat:
 	 * N.B. For clone tasks sharing a files structure, this test
 	 * will limit the total number of files that can be opened.
 	 */
-	rcu_read_lock();
-	if (tsk->signal)
+	rlim_cur = 0;
+	if (lock_task_sighand(tsk, &irqs)) {
 		rlim_cur = tsk->signal->rlim[RLIMIT_NOFILE].rlim_cur;
-	else
-		rlim_cur = 0;
-	rcu_read_unlock();
+		unlock_task_sighand(tsk, &irqs);
+	}
 	if (fd >= rlim_cur)
 		goto out;
 
-- 
1.6.0.2

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ