Home » Mailing list archives » git-commits-head » 2009 » April » 3

pids: improve get_task_pid() to fix the unsafe sys_wait4()->task_pgrp()

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Linux Kernel Mailing List
Subject: pids: improve get_task_pid() to fix the unsafe sys_wait4()->task_pgrp()
Date: Thursday, April 2, 2009 - 10:02 pm

Gitweb:     http://git.kernel.org/linus/2ae448efc87df6d328f5835969076c7f9fce59c3
Commit:     2ae448efc87df6d328f5835969076c7f9fce59c3
Parent:     6dda81f4384b94930826eded254d8c16f89a9248
Author:     Oleg Nesterov <oleg@redhat.com>
AuthorDate: Thu Apr 2 16:58:36 2009 -0700
Committer:  Linus Torvalds <torvalds@linux-foundation.org>
CommitDate: Thu Apr 2 19:05:02 2009 -0700

    pids: improve get_task_pid() to fix the unsafe sys_wait4()->task_pgrp()
    
    sys_wait4() does get_pid(task_pgrp(current)), this is not safe.  We can
    add rcu lock/unlock around, but we already have get_task_pid() which can
    be improved to handle the special pids in more reliable manner.
    
    Signed-off-by: Oleg Nesterov <oleg@redhat.com>
    Cc: Louis Rilling <Louis.Rilling@kerlabs.com>
    Cc: "Eric W. Biederman" <ebiederm@xmission.com>
    Cc: Pavel Emelyanov <xemul@openvz.org>
    Cc: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
    Cc: Roland McGrath <roland@redhat.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
---
 kernel/exit.c |    2 +-
 kernel/pid.c  |    2 ++
 2 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/kernel/exit.c b/kernel/exit.c
index 029415d..384f09c 100644
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -1737,7 +1737,7 @@ SYSCALL_DEFINE4(wait4, pid_t, upid, int __user *, stat_addr,
 		pid = find_get_pid(-upid);
 	} else if (upid == 0) {
 		type = PIDTYPE_PGID;
-		pid = get_pid(task_pgrp(current));
+		pid = get_task_pid(current, PIDTYPE_PGID);
 	} else /* upid > 0 */ {
 		type = PIDTYPE_PID;
 		pid = find_get_pid(upid);
diff --git a/kernel/pid.c b/kernel/pid.c
index 1b3586f..6628abc 100644
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@ -403,6 +403,8 @@ struct pid *get_task_pid(struct task_struct *task, enum pid_type type)
 {
 	struct pid *pid;
 	rcu_read_lock();
+	if (type != PIDTYPE_PID)
+		task = task->group_leader;
 	pid = get_pid(task->pids[type].pid);
 	rcu_read_unlock();
 	return pid;
--
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
pids: improve get_task_pid() to fix the unsafe sys_wait4() ..., Linux Kernel Mailing ..., (Thu Apr 2, 10:02 pm)