forked from luck/tmp_suning_uos_patched
mm_for_maps: simplify, use ptrace_may_access()
It would be nice to kill __ptrace_may_access(). It requires task_lock(), but this lock is only needed to read mm->flags in the middle. Convert mm_for_maps() to use ptrace_may_access(), this also simplifies the code a little bit. Also, we do not need to take ->mmap_sem in advance. In fact I think mm_for_maps() should not play with ->mmap_sem at all, the caller should take this lock. With or without this patch, without ->cred_guard_mutex held we can race with exec() and get the new ->mm but check old creds. Signed-off-by: Oleg Nesterov <oleg@redhat.com> Reviewed-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
parent
f4b9a98868
commit
13f0feafa6
|
@ -237,20 +237,19 @@ struct mm_struct *mm_for_maps(struct task_struct *task)
|
|||
struct mm_struct *mm = get_task_mm(task);
|
||||
if (!mm)
|
||||
return NULL;
|
||||
if (mm != current->mm) {
|
||||
/*
|
||||
* task->mm can be changed before security check,
|
||||
* in that case we must notice the change after.
|
||||
*/
|
||||
if (!ptrace_may_access(task, PTRACE_MODE_READ) ||
|
||||
mm != task->mm) {
|
||||
mmput(mm);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
down_read(&mm->mmap_sem);
|
||||
task_lock(task);
|
||||
if (task->mm != mm)
|
||||
goto out;
|
||||
if (task->mm != current->mm &&
|
||||
__ptrace_may_access(task, PTRACE_MODE_READ) < 0)
|
||||
goto out;
|
||||
task_unlock(task);
|
||||
return mm;
|
||||
out:
|
||||
task_unlock(task);
|
||||
up_read(&mm->mmap_sem);
|
||||
mmput(mm);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static int proc_pid_cmdline(struct task_struct *task, char * buffer)
|
||||
|
|
Loading…
Reference in New Issue
Block a user