| From ccb8c76757e3a3d20265965ab5d94ba66be2b116 Mon Sep 17 00:00:00 2001 |
| From: Thomas Gleixner <tglx@linutronix.de> |
| Date: Wed, 9 Dec 2009 22:14:21 +0100 |
| Subject: [PATCH] proc: Add missing rcu protection for __task_cred() in task_sig() |
| |
| commit ccb8c76757e3a3d20265965ab5d94ba66be2b116 in tip. |
| |
| task_sig() accesses __task_cred() without being in a RCU read side |
| critical section. tasklist_lock is not protecting that when |
| CONFIG_TREE_PREEMPT_RCU=y. |
| |
| Add a rcu_read_lock/unlock() section around the code which accesses |
| __task_cred(). |
| |
| Signed-off-by: Thomas Gleixner <tglx@linutronix.de> |
| Cc: David Howells <dhowells@redhat.com> |
| Cc: James Morris <jmorris@namei.org> |
| Cc: linux-security-module@vger.kernel.org |
| Cc: Al Viro <viro@zeniv.linux.org.uk> |
| |
| diff --git a/fs/proc/array.c b/fs/proc/array.c |
| index 91e2ae1..3dc9016 100644 |
| --- a/fs/proc/array.c |
| +++ b/fs/proc/array.c |
| @@ -271,7 +271,9 @@ static inline void task_sig(struct seq_file *m, struct task_struct *p) |
| blocked = p->blocked; |
| collect_sigign_sigcatch(p, &ignored, &caught); |
| num_threads = atomic_read(&p->signal->count); |
| + rcu_read_lock(); |
| qsize = atomic_read(&__task_cred(p)->user->sigpending); |
| + rcu_read_unlock(); |
| qlim = p->signal->rlim[RLIMIT_SIGPENDING].rlim_cur; |
| unlock_task_sighand(p, &flags); |
| } |
| -- |
| 1.7.1.1 |
| |