Commit 1dd768c0 authored by Oleg Nesterov's avatar Oleg Nesterov Committed by Linus Torvalds

pids: sys_getsid: fix unsafe *pid usage, fix possible 0 instead of -ESRCH

1. sys_getsid() needs rcu_read_lock() to derive the session _nr, even if
   the task is current, otherwise we can race with another thread which
   does sys_setsid().

2. The task can exit between find_task_by_vpid() and task_session_vnr(),
   in that unlikely case sys_getsid() returns 0 instead of -ESRCH.
Signed-off-by: default avatarOleg Nesterov <oleg@tv-sign.ru>
Cc: Roland McGrath <roland@redhat.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 7d8da096
......@@ -1022,23 +1022,30 @@ asmlinkage long sys_getpgrp(void)
asmlinkage long sys_getsid(pid_t pid)
{
if (!pid)
return task_session_vnr(current);
else {
int retval;
struct task_struct *p;
struct pid *sid;
int retval;
rcu_read_lock();
p = find_task_by_vpid(pid);
if (!pid)
sid = task_session(current);
else {
retval = -ESRCH;
if (p) {
p = find_task_by_vpid(pid);
if (!p)
goto out;
sid = task_session(p);
if (!sid)
goto out;
retval = security_task_getsid(p);
if (!retval)
retval = task_session_vnr(p);
if (retval)
goto out;
}
retval = pid_vnr(sid);
out:
rcu_read_unlock();
return retval;
}
}
asmlinkage long sys_setsid(void)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment