Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 86f162f4 authored by Jiri Slaby's avatar Jiri Slaby Committed by Jiri Slaby
Browse files

rlimits: do security check under task_lock 



Do security_task_setrlimit under task_lock. Other tasks may change
limits under our hands while we are checking limits inside the
function. From now on, they can't.

Note that all the security work is done under a spinlock here now.
Security hooks count with that, they are called from interrupt context
(like security_task_kill) and with spinlocks already held (e.g.
capable->security_capable).

Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
Acked-by: default avatarJames Morris <jmorris@namei.org>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
parent 1c1e618d

kernel/sys.c

+10 −10
Original line number Diff line number Diff line
@@ -1277,7 +1277,7 @@ int do_setrlimit(struct task_struct *tsk, unsigned int resource, 
		struct rlimit *new_rlim)

{

	struct rlimit *old_rlim;

	int retval;

	int retval = 0;



	if (resource >= RLIM_NLIMITS)

		return -EINVAL;
@@ -1293,9 +1293,14 @@ int do_setrlimit(struct task_struct *tsk, unsigned int resource, 
		goto out;

	}



	retval = security_task_setrlimit(tsk->group_leader, resource, new_rlim);

	if (retval)

		goto out;

	old_rlim = tsk->signal->rlim + resource;

	task_lock(tsk->group_leader);

	if (new_rlim->rlim_max > old_rlim->rlim_max &&

			!capable(CAP_SYS_RESOURCE))

		retval = -EPERM;

	if (!retval)

		retval = security_task_setrlimit(tsk->group_leader, resource,

				new_rlim);



	if (resource == RLIMIT_CPU && new_rlim->rlim_cur == 0) {

		/*
@@ -1307,12 +1312,7 @@ int do_setrlimit(struct task_struct *tsk, unsigned int resource, 
		new_rlim->rlim_cur = 1;

	}



	old_rlim = tsk->signal->rlim + resource;

	task_lock(tsk->group_leader);

	if (new_rlim->rlim_max > old_rlim->rlim_max &&

			!capable(CAP_SYS_RESOURCE))

		retval = -EPERM;

	else

	if (!retval)

		*old_rlim = *new_rlim;

	task_unlock(tsk->group_leader);