61 lines
1.8 KiB
Diff
61 lines
1.8 KiB
Diff
From 70b83579b39dc1369bc58ab395259bd254bf4a38 Mon Sep 17 00:00:00 2001
|
|
From: Jiri Slaby <jslaby@suse.cz>
|
|
Date: Sat, 14 Nov 2009 17:37:04 +0100
|
|
Subject: [PATCH] core: do security check under task_lock
|
|
References: FATE#305733
|
|
Patch-mainline: no (later)
|
|
|
|
Do security_task_setrlimit under task_lock. Other tasks may
|
|
change limits under our hands while we are checking limits
|
|
inside the function. From now on, they can't.
|
|
|
|
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
|
|
Acked-by: James Morris <jmorris@namei.org>
|
|
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
|
|
Cc: Andrew Morton <akpm@linux-foundation.org>
|
|
Cc: Ingo Molnar <mingo@elte.hu>
|
|
---
|
|
kernel/sys.c | 16 +++++++---------
|
|
1 file changed, 7 insertions(+), 9 deletions(-)
|
|
|
|
--- a/kernel/sys.c
|
|
+++ b/kernel/sys.c
|
|
@@ -1307,7 +1307,7 @@ int do_setrlimit(struct task_struct *tsk
|
|
struct rlimit *new_rlim)
|
|
{
|
|
struct rlimit *old_rlim;
|
|
- int retval;
|
|
+ int retval = 0;
|
|
|
|
if (resource >= RLIM_NLIMITS)
|
|
return -EINVAL;
|
|
@@ -1326,10 +1326,6 @@ int do_setrlimit(struct task_struct *tsk
|
|
}
|
|
}
|
|
|
|
- retval = security_task_setrlimit(tsk, resource, new_rlim);
|
|
- if (retval)
|
|
- goto out;
|
|
-
|
|
if (resource == RLIMIT_CPU && new_rlim->rlim_cur == 0) {
|
|
/*
|
|
* The caller is asking for an immediate RLIMIT_CPU
|
|
@@ -1342,11 +1338,13 @@ int do_setrlimit(struct task_struct *tsk
|
|
|
|
old_rlim = tsk->signal->rlim + resource;
|
|
task_lock(tsk->group_leader);
|
|
- if ((new_rlim->rlim_max <= old_rlim->rlim_max) ||
|
|
- capable(CAP_SYS_RESOURCE))
|
|
- *old_rlim = *new_rlim;
|
|
- else
|
|
+ if ((new_rlim->rlim_max > old_rlim->rlim_max) &&
|
|
+ !capable(CAP_SYS_RESOURCE))
|
|
retval = -EPERM;
|
|
+ if (!retval)
|
|
+ retval = security_task_setrlimit(tsk, resource, new_rlim);
|
|
+ if (!retval)
|
|
+ *old_rlim = *new_rlim;
|
|
task_unlock(tsk->group_leader);
|
|
|
|
if (retval || resource != RLIMIT_CPU)
|