From 70b83579b39dc1369bc58ab395259bd254bf4a38 Mon Sep 17 00:00:00 2001 From: Jiri Slaby Date: Sat, 14 Nov 2009 17:37:04 +0100 Subject: [PATCH] core: do security check under task_lock References: FATE#305733 Patch-mainline: no (later) Do security_task_setrlimit under task_lock. Other tasks may change limits under our hands while we are checking limits inside the function. From now on, they can't. Signed-off-by: Jiri Slaby Acked-by: James Morris Cc: Heiko Carstens Cc: Andrew Morton Cc: Ingo Molnar --- kernel/sys.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) --- a/kernel/sys.c +++ b/kernel/sys.c @@ -1307,7 +1307,7 @@ int do_setrlimit(struct task_struct *tsk struct rlimit *new_rlim) { struct rlimit *old_rlim; - int retval; + int retval = 0; if (resource >= RLIM_NLIMITS) return -EINVAL; @@ -1326,10 +1326,6 @@ int do_setrlimit(struct task_struct *tsk } } - retval = security_task_setrlimit(tsk, resource, new_rlim); - if (retval) - goto out; - if (resource == RLIMIT_CPU && new_rlim->rlim_cur == 0) { /* * The caller is asking for an immediate RLIMIT_CPU @@ -1342,11 +1338,13 @@ int do_setrlimit(struct task_struct *tsk old_rlim = tsk->signal->rlim + resource; task_lock(tsk->group_leader); - if ((new_rlim->rlim_max <= old_rlim->rlim_max) || - capable(CAP_SYS_RESOURCE)) - *old_rlim = *new_rlim; - else + if ((new_rlim->rlim_max > old_rlim->rlim_max) && + !capable(CAP_SYS_RESOURCE)) retval = -EPERM; + if (!retval) + retval = security_task_setrlimit(tsk, resource, new_rlim); + if (!retval) + *old_rlim = *new_rlim; task_unlock(tsk->group_leader); if (retval || resource != RLIMIT_CPU)