diff options
author | Oleg Nesterov <oleg@redhat.com> | 2009-07-10 03:27:40 +0200 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2009-08-16 14:19:14 -0700 |
commit | c6d59cb0341e2c3aed3eb65cbf166a686c3443aa (patch) | |
tree | e9d8f205f258516747544909774a59cfd441bd83 | |
parent | 17dc3e97d6d51df33cb6e35fabb62b91ef14cf2c (diff) |
mm_for_maps: take ->cred_guard_mutex to fix the race with exec
commit 704b836cbf19e885f8366bccb2e4b0474346c02d upstream.
The problem is minor, but without ->cred_guard_mutex held we can race
with exec() and get the new ->mm but check old creds.
Now we do not need to re-check task->mm after ptrace_may_access(), it
can't be changed to the new mm under us.
Strictly speaking, this also fixes another very minor problem. Unless
security check fails or the task exits mm_for_maps() should never
return NULL, the caller should get either old or new ->mm.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-rw-r--r-- | fs/proc/base.c | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c index 8764fffd737..f705cfd69e2 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -234,19 +234,19 @@ static int check_mem_permission(struct task_struct *task) struct mm_struct *mm_for_maps(struct task_struct *task) { - struct mm_struct *mm = get_task_mm(task); + struct mm_struct *mm; - if (mm && mm != current->mm) { - /* - * task->mm can be changed before security check, - * in that case we must notice the change after. - */ - if (!ptrace_may_access(task, PTRACE_MODE_READ) || - mm != task->mm) { - mmput(mm); - mm = NULL; - } + if (mutex_lock_killable(&task->cred_exec_mutex)) + return NULL; + + mm = get_task_mm(task); + if (mm && mm != current->mm && + !ptrace_may_access(task, PTRACE_MODE_READ)) { + mmput(mm); + mm = NULL; } + mutex_unlock(&task->cred_exec_mutex); + return mm; } |