Commit 12a3de0a authored by Oleg Nesterov's avatar Oleg Nesterov Committed by Linus Torvalds

pids: sys_getpgid: fix unsafe *pid usage, s/tasklist/rcu/

1. sys_getpgid() needs rcu_read_lock() to derive the pgrp _nr, even if
   the task is current, otherwise we can race with another thread which
   does sys_setpgid().

2. Use rcu_read_lock() instead of tasklist_lock when pid != 0, make sure
   that we don't use the NULL pid if the task exits right after successful
   find_task_by_vpid().
Signed-off-by: default avatarOleg Nesterov <oleg@tv-sign.ru>
Cc: Roland McGrath <roland@redhat.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 1dd768c0
...@@ -991,31 +991,37 @@ out: ...@@ -991,31 +991,37 @@ out:
asmlinkage long sys_getpgid(pid_t pid) asmlinkage long sys_getpgid(pid_t pid)
{ {
struct task_struct *p;
struct pid *grp;
int retval;
rcu_read_lock();
if (!pid) if (!pid)
return task_pgrp_vnr(current); grp = task_pgrp(current);
else { else {
int retval;
struct task_struct *p;
read_lock(&tasklist_lock);
p = find_task_by_vpid(pid);
retval = -ESRCH; retval = -ESRCH;
if (p) { p = find_task_by_vpid(pid);
retval = security_task_getpgid(p); if (!p)
if (!retval) goto out;
retval = task_pgrp_vnr(p); grp = task_pgrp(p);
} if (!grp)
read_unlock(&tasklist_lock); goto out;
return retval;
retval = security_task_getpgid(p);
if (retval)
goto out;
} }
retval = pid_vnr(grp);
out:
rcu_read_unlock();
return retval;
} }
#ifdef __ARCH_WANT_SYS_GETPGRP #ifdef __ARCH_WANT_SYS_GETPGRP
asmlinkage long sys_getpgrp(void) asmlinkage long sys_getpgrp(void)
{ {
/* SMP - assuming writes are word atomic this is fine */ return sys_getpgid(0);
return task_pgrp_vnr(current);
} }
#endif #endif
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment