1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
From d977982e72733db9bfaa20306af8543db173a669 Mon Sep 17 00:00:00 2001
From: Thomas Gleixner <tglx@linutronix.de>
Date: Wed, 9 Dec 2009 22:08:35 +0100
Subject: [PATCH] fs: Add missing rcu protection for __task_cred() in sys_ioprio_get
commit 8f4200b312eb06ab405d2c6d0075ce4bebf738dd in tip.
sys_ioprio_get() accesses __task_cred() without being in a RCU read
side critical section. tasklist_lock is not protecting that when
CONFIG_TREE_PREEMPT_RCU=y.
Add a rcu_read_lock/unlock() section around the code which accesses
__task_cred().
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: David Howells <dhowells@redhat.com>
Cc: James Morris <jmorris@namei.org>
Cc: linux-security-module@vger.kernel.org
Cc: linux-fsdevel@vger.kernel.org
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
---
fs/ioprio.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/fs/ioprio.c b/fs/ioprio.c
index 748cfb9..e391978 100644
--- a/fs/ioprio.c
+++ b/fs/ioprio.c
@@ -231,6 +231,7 @@ SYSCALL_DEFINE2(ioprio_get, int, which, int, who)
if (!user)
break;
+ rcu_read_lock();
do_each_thread(g, p) {
if (__task_cred(p)->uid != user->uid)
continue;
@@ -242,6 +243,7 @@ SYSCALL_DEFINE2(ioprio_get, int, which, int, who)
else
ret = ioprio_best(ret, tmpio);
} while_each_thread(g, p);
+ rcu_read_unlock();
if (who)
free_uid(user);
--
1.7.0.4
|