[PATCH] android: task_get_unused_fd_flags: fix the wrong usage of tsk->signal

[PATCH] android: task_get_unused_fd_flags: fix the wrong usage of tsk->signal

[Oleg Nesterov]

Compile tested.

task_struct->signal is not protected by RCU, the code is bogus.
Change the code to take ->siglock to pin ->signal.

Signed-off-by: Oleg Nesterov <oleg@redhat.com>

--- CUR/drivers/staging/android/binder.c~ANDROID	2009-01-12 23:07:43.000000000 +0100
+++ CUR/drivers/staging/android/binder.c	2009-01-18 18:06:12.000000000 +0100
@@ -319,6 +319,7 @@ int task_get_unused_fd_flags(struct task
 	int fd, error;
 	struct fdtable *fdt;
 	unsigned long rlim_cur;
+	unsigned long irqs;
 
 	if (files == NULL)
 		return -ESRCH;
@@ -335,12 +336,11 @@ repeat:
 	 * N.B. For clone tasks sharing a files structure, this test
 	 * will limit the total number of files that can be opened.
 	 */
-	rcu_read_lock();
-	if (tsk->signal)
+	rlim_cur = 0;
+	if (lock_task_sighand(tsk, &irqs)) {
 		rlim_cur = tsk->signal->rlim[RLIMIT_NOFILE].rlim_cur;
-	else
-		rlim_cur = 0;
-	rcu_read_unlock();
+		unlock_task_sighand(tsk, &irqs);
+	}
 	if (fd >= rlim_cur)
 		goto out;
 

Re: [PATCH] android: task_get_unused_fd_flags: fix the wrong usage of tsk->signal

[Greg KH]

On Sun, Jan 18, 2009 at 06:17:20PM +0100, Oleg Nesterov wrote:
> Compile tested.
> 
> task_struct->signal is not protected by RCU, the code is bogus.
> Change the code to take ->siglock to pin ->signal.
> 
> Signed-off-by: Oleg Nesterov <oleg@redhat.com>

Thanks for the fix, I'll queue it up next week.

greg k-h