[PATCH] close race in unshare_files()

updating current->files requires task_lock Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

[PATCH] close race in unshare_files()
updating current->files requires task_lock Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
6b335d9c · Al Viro · 42faad99 · 6b335d9c
Commit 6b335d9c authored Apr 22, 2008 by Al Viro
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 11 deletions

kernel/fork.c kernel/fork.c +9 -11

No files found.
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -805,12 +805,6 @@ static int copy_files(unsigned long clone_flags, struct task_struct * tsk)
 		goto out;
 	}
-	/*
-	 * Note: we may be using current for both targets (See exec.c)
-	 * This works because we cache current->files (old) as oldf. Don't
-	 * break this.
-	 */
-	tsk->files = NULL;
 	newf = dup_fd(oldf, &error);
 	if (!newf)
 		goto out;
@@ -855,7 +849,8 @@ static int copy_io(unsigned long clone_flags, struct task_struct *tsk)
 int unshare_files(void)
 {
 	struct files_struct *files  = current->files;
-	int rc;
+	struct files_struct *newf;
+	int error = 0;
 	BUG_ON(!files);
@@ -866,10 +861,13 @@ int unshare_files(void)
 		atomic_inc(&files->count);
 		return 0;
 	}
-	rc = copy_files(0, current);
+	newf = dup_fd(files, &error);
-	if(rc)
+	if (newf) {
-		current->files = files;
+		task_lock(current);
-	return rc;
+		current->files = newf;
+		task_unlock(current);
+	}
+	return error;
 }
 EXPORT_SYMBOL(unshare_files);