lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Staging: android: task_get_unused_fd_flags: fix the wrong usage of tsk->signal

Browse Source 
Compile tested.

task_struct->signal is not protected by RCU, the code is bogus.
Change the code to take ->siglock to pin ->signal.

Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Cc: Arve Hjønnevåg <arve@android.com>
Cc: Brian Swetland <swetland@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This commit is contained in:
Oleg Nesterov
2009-01-18 18:17:20 +01:00
committed by Greg Kroah-Hartman
parent 191805ac41
commit 1176e83aff
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
drivers/staging/android/binder.c
View File

@@ -319,6 +319,7 @@ int task_get_unused_fd_flags(struct task_struct *tsk, int flags)
int fd, error; int fd, error;
struct fdtable *fdt; struct fdtable *fdt;
unsigned long rlim_cur; unsigned long rlim_cur;
unsigned long irqs;
if (files == NULL) if (files == NULL)
return -ESRCH; return -ESRCH;
@@ -335,12 +336,11 @@ repeat:
* N.B. For clone tasks sharing a files structure, this test * N.B. For clone tasks sharing a files structure, this test
* will limit the total number of files that can be opened. * will limit the total number of files that can be opened.
*/ */
rcu_read_lock(); rlim_cur = 0;
if (tsk->signal) if (lock_task_sighand(tsk, &irqs)) {
rlim_cur = tsk->signal->rlim[RLIMIT_NOFILE].rlim_cur; rlim_cur = tsk->signal->rlim[RLIMIT_NOFILE].rlim_cur;
else unlock_task_sighand(tsk, &irqs);
rlim_cur = 0; }
rcu_read_unlock();
if (fd >= rlim_cur) if (fd >= rlim_cur)
goto out; goto out;