Piteball/android_kernel_google_msm
1
0
Fork 0
mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00
Code Issues Projects Releases Wiki Activity

[PATCH] proc_readfd_common() race fix

Browse source 
Since we drop the rcu_read_lock inside the loop, we can't assume
that files->fdt will remain unchanged (and not freed) between
iterations.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
Al Viro 2008-04-22 01:32:44 -04:00
parent ed15243717
commit 9b4f526cdc
1 changed files with 1 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
fs/proc/base.c
View file

@ -1626,7 +1626,6 @@ static int proc_readfd_common(struct file * filp, void * dirent,
unsigned int fd, ino; unsigned int fd, ino;
int retval; int retval;
struct files_struct * files; struct files_struct * files;
struct fdtable *fdt;
retval = -ENOENT; retval = -ENOENT;
if (!p) if (!p)
@ -1649,9 +1648,8 @@ static int proc_readfd_common(struct file * filp, void * dirent,
if (!files) if (!files)
goto out; goto out;
rcu_read_lock(); rcu_read_lock();
fdt = files_fdtable(files);
for (fd = filp->f_pos-2; for (fd = filp->f_pos-2;
fd < fdt->max_fds; fd < files_fdtable(files)->max_fds;
fd++, filp->f_pos++) { fd++, filp->f_pos++) {
char name[PROC_NUMBUF]; char name[PROC_NUMBUF];
int len; int len;