mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-04 04:04:19 +00:00
pids: sys_getsid: fix unsafe *pid usage, fix possible 0 instead of -ESRCH
1. sys_getsid() needs rcu_read_lock() to derive the session _nr, even if the task is current, otherwise we can race with another thread which does sys_setsid(). 2. The task can exit between find_task_by_vpid() and task_session_vnr(), in that unlikely case sys_getsid() returns 0 instead of -ESRCH. Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru> Cc: Roland McGrath <roland@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
7d8da0962e
commit
1dd768c081
35
kernel/sys.c
35
kernel/sys.c
@ -1022,23 +1022,30 @@ asmlinkage long sys_getpgrp(void)
|
||||
|
||||
asmlinkage long sys_getsid(pid_t pid)
|
||||
{
|
||||
if (!pid)
|
||||
return task_session_vnr(current);
|
||||
else {
|
||||
int retval;
|
||||
struct task_struct *p;
|
||||
struct task_struct *p;
|
||||
struct pid *sid;
|
||||
int retval;
|
||||
|
||||
rcu_read_lock();
|
||||
p = find_task_by_vpid(pid);
|
||||
rcu_read_lock();
|
||||
if (!pid)
|
||||
sid = task_session(current);
|
||||
else {
|
||||
retval = -ESRCH;
|
||||
if (p) {
|
||||
retval = security_task_getsid(p);
|
||||
if (!retval)
|
||||
retval = task_session_vnr(p);
|
||||
}
|
||||
rcu_read_unlock();
|
||||
return retval;
|
||||
p = find_task_by_vpid(pid);
|
||||
if (!p)
|
||||
goto out;
|
||||
sid = task_session(p);
|
||||
if (!sid)
|
||||
goto out;
|
||||
|
||||
retval = security_task_getsid(p);
|
||||
if (retval)
|
||||
goto out;
|
||||
}
|
||||
retval = pid_vnr(sid);
|
||||
out:
|
||||
rcu_read_unlock();
|
||||
return retval;
|
||||
}
|
||||
|
||||
asmlinkage long sys_setsid(void)
|
||||
|
Loading…
Reference in New Issue
Block a user