Commit 1dd768c0 authored Apr 30, 2008 by Oleg Nesterov Committed by Linus Torvalds Apr 30, 2008

pids: sys_getsid: fix unsafe *pid usage, fix possible 0 instead of -ESRCH



1. sys_getsid() needs rcu_read_lock() to derive the session _nr, even if
   the task is current, otherwise we can race with another thread which
   does sys_setsid().

2. The task can exit between find_task_by_vpid() and task_session_vnr(),
   in that unlikely case sys_getsid() returns 0 instead of -ESRCH.

Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Roland McGrath <roland@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

parent 7d8da096

kernel/sys.c

+20 −13

Original line number	Diff line number	Diff line
		@@ -1022,24 +1022,31 @@ asmlinkage long sys_getpgrp(void)

		asmlinkage long sys_getsid(pid_t pid)
		{
		if (!pid)
		return task_session_vnr(current);
		else {
		int retval;
		struct task_struct *p;
		struct pid *sid;
		int retval;

		rcu_read_lock();
		p = find_task_by_vpid(pid);
		if (!pid)
		sid = task_session(current);
		else {
		retval = -ESRCH;
		if (p) {
		p = find_task_by_vpid(pid);
		if (!p)
		goto out;
		sid = task_session(p);
		if (!sid)
		goto out;

		retval = security_task_getsid(p);
		if (!retval)
		retval = task_session_vnr(p);
		if (retval)
		goto out;
		}
		retval = pid_vnr(sid);
		out:
		rcu_read_unlock();
		return retval;
		}
		}

		asmlinkage long sys_setsid(void)
		{