mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-06 00:39:48 +00:00
proc: save 2 atomic ops on write to "/proc/*/attr/*"
Code checks if write is done by current to its own attributes. For that get/put pair is unnecessary as it can be done under RCU. Note: rcu_read_unlock() can be done even earlier since pointer to a task is not dereferenced. It depends if /proc code should look scary or not: rcu_read_lock(); task = pid_task(...); rcu_read_unlock(); if (!task) return -ESRCH; if (task != current) return -EACCESS: P.S.: rename "length" variable. Code like this length = -EINVAL; should not exist. Link: http://lkml.kernel.org/r/20180627200218.GF18113@avx2 Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Reviewed-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
a44937fe4e
commit
41089b6d3e
1 changed files with 19 additions and 19 deletions
|
@ -2517,47 +2517,47 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf,
|
||||||
size_t count, loff_t *ppos)
|
size_t count, loff_t *ppos)
|
||||||
{
|
{
|
||||||
struct inode * inode = file_inode(file);
|
struct inode * inode = file_inode(file);
|
||||||
|
struct task_struct *task;
|
||||||
void *page;
|
void *page;
|
||||||
ssize_t length;
|
int rv;
|
||||||
struct task_struct *task = get_proc_task(inode);
|
|
||||||
|
|
||||||
length = -ESRCH;
|
|
||||||
if (!task)
|
|
||||||
goto out_no_task;
|
|
||||||
|
|
||||||
|
rcu_read_lock();
|
||||||
|
task = pid_task(proc_pid(inode), PIDTYPE_PID);
|
||||||
|
if (!task) {
|
||||||
|
rcu_read_unlock();
|
||||||
|
return -ESRCH;
|
||||||
|
}
|
||||||
/* A task may only write its own attributes. */
|
/* A task may only write its own attributes. */
|
||||||
length = -EACCES;
|
if (current != task) {
|
||||||
if (current != task)
|
rcu_read_unlock();
|
||||||
goto out;
|
return -EACCES;
|
||||||
|
}
|
||||||
|
rcu_read_unlock();
|
||||||
|
|
||||||
if (count > PAGE_SIZE)
|
if (count > PAGE_SIZE)
|
||||||
count = PAGE_SIZE;
|
count = PAGE_SIZE;
|
||||||
|
|
||||||
/* No partial writes. */
|
/* No partial writes. */
|
||||||
length = -EINVAL;
|
|
||||||
if (*ppos != 0)
|
if (*ppos != 0)
|
||||||
goto out;
|
return -EINVAL;
|
||||||
|
|
||||||
page = memdup_user(buf, count);
|
page = memdup_user(buf, count);
|
||||||
if (IS_ERR(page)) {
|
if (IS_ERR(page)) {
|
||||||
length = PTR_ERR(page);
|
rv = PTR_ERR(page);
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Guard against adverse ptrace interaction */
|
/* Guard against adverse ptrace interaction */
|
||||||
length = mutex_lock_interruptible(¤t->signal->cred_guard_mutex);
|
rv = mutex_lock_interruptible(¤t->signal->cred_guard_mutex);
|
||||||
if (length < 0)
|
if (rv < 0)
|
||||||
goto out_free;
|
goto out_free;
|
||||||
|
|
||||||
length = security_setprocattr(file->f_path.dentry->d_name.name,
|
rv = security_setprocattr(file->f_path.dentry->d_name.name, page, count);
|
||||||
page, count);
|
|
||||||
mutex_unlock(¤t->signal->cred_guard_mutex);
|
mutex_unlock(¤t->signal->cred_guard_mutex);
|
||||||
out_free:
|
out_free:
|
||||||
kfree(page);
|
kfree(page);
|
||||||
out:
|
out:
|
||||||
put_task_struct(task);
|
return rv;
|
||||||
out_no_task:
|
|
||||||
return length;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static const struct file_operations proc_pid_attr_operations = {
|
static const struct file_operations proc_pid_attr_operations = {
|
||||||
|
|
Loading…
Reference in a new issue