Google Git
Sign in
kunit/linux/9b4f526cdc0f95f635607dfba6ac788b3deca188^!/./fs/proc
commit
9b4f526cdc0f95f635607dfba6ac788b3deca188
[log]
author
Al Viro <viro@zeniv.linux.org.uk>
Tue Apr 22 01:32:44 2008 -0400
committer
Al Viro <viro@zeniv.linux.org.uk>
Tue Apr 22 19:55:03 2008 -0400
tree
f9f324dbd88856fdaeff1d0146059806bacba26f
parent
ed1524371716466e9c762808b02601d0d0276a92 [diff]
[PATCH] proc_readfd_common() race fix

Since we drop the rcu_read_lock inside the loop, we can't assume
that files->fdt will remain unchanged (and not freed) between
iterations.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

diff --git a/fs/proc/base.c b/fs/proc/base.c
index 81d7d14..7313c62 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c

@@ -1626,7 +1626,6 @@
 	unsigned int fd, ino;
 	int retval;
 	struct files_struct * files;
-	struct fdtable *fdt;
 
 	retval = -ENOENT;
 	if (!p)
@@ -1649,9 +1648,8 @@
 			if (!files)
 				goto out;
 			rcu_read_lock();
-			fdt = files_fdtable(files);
 			for (fd = filp->f_pos-2;
-			     fd < fdt->max_fds;
+			     fd < files_fdtable(files)->max_fds;
 			     fd++, filp->f_pos++) {
 				char name[PROC_NUMBUF];
 				int len;