stuartl/linux-mainline
1
0
Fork 0
mirror of https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux synced 2025-10-09 02:15:24 +10:00
Code Issues Releases Wiki Activity

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace

Browse Source 
Pull proc fix from Eric Biederman:
 "A brown paper bag slipped through my proc changes, and syzcaller
  caught it when the code ended up in your tree.

  I have opted to fix it the simplest cleanest way I know how, so there
  is no reasonable chance for the bug to repeat"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
  proc: Use a dedicated lock in struct pid
This commit is contained in:
Linus Torvalds 2020-04-10 12:59:56 -07:00
commit 87ad46e601
3 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
fs/proc/base.c
View File

@ -1839,9 +1839,9 @@ void proc_pid_evict_inode(struct proc_inode *ei)
struct pid *pid = ei->pid; struct pid *pid = ei->pid;
if (S_ISDIR(ei->vfs_inode.i_mode)) { if (S_ISDIR(ei->vfs_inode.i_mode)) {
spin_lock(&pid->wait_pidfd.lock); spin_lock(&pid->lock);
hlist_del_init_rcu(&ei->sibling_inodes); hlist_del_init_rcu(&ei->sibling_inodes);
spin_unlock(&pid->wait_pidfd.lock); spin_unlock(&pid->lock);
} }
put_pid(pid); put_pid(pid);
@ -1877,9 +1877,9 @@ struct inode *proc_pid_make_inode(struct super_block * sb,
/* Let the pid remember us for quick removal */ /* Let the pid remember us for quick removal */
ei->pid = pid; ei->pid = pid;
if (S_ISDIR(mode)) { if (S_ISDIR(mode)) {
spin_lock(&pid->wait_pidfd.lock); spin_lock(&pid->lock);
hlist_add_head_rcu(&ei->sibling_inodes, &pid->inodes); hlist_add_head_rcu(&ei->sibling_inodes, &pid->inodes);
spin_unlock(&pid->wait_pidfd.lock); spin_unlock(&pid->lock);
} }
task_dump_owner(task, 0, &inode->i_uid, &inode->i_gid); task_dump_owner(task, 0, &inode->i_uid, &inode->i_gid);
@ -3273,7 +3273,7 @@ static const struct inode_operations proc_tgid_base_inode_operations = {
void proc_flush_pid(struct pid *pid) void proc_flush_pid(struct pid *pid)
{ {
proc_invalidate_siblings_dcache(&pid->inodes, &pid->wait_pidfd.lock); proc_invalidate_siblings_dcache(&pid->inodes, &pid->lock);
put_pid(pid); put_pid(pid);
} }

1
include/linux/pid.h
View File

@ -60,6 +60,7 @@ struct pid
{ {
refcount_t count; refcount_t count;
unsigned int level; unsigned int level;
spinlock_t lock;
/* lists of tasks that use this pid */ /* lists of tasks that use this pid */
struct hlist_head tasks[PIDTYPE_MAX]; struct hlist_head tasks[PIDTYPE_MAX];
struct hlist_head inodes; struct hlist_head inodes;

1
kernel/pid.c
View File

@ -256,6 +256,7 @@ struct pid *alloc_pid(struct pid_namespace *ns, pid_t *set_tid,
get_pid_ns(ns); get_pid_ns(ns);
refcount_set(&pid->count, 1); refcount_set(&pid->count, 1);
spin_lock_init(&pid->lock);
for (type = 0; type < PIDTYPE_MAX; ++type) for (type = 0; type < PIDTYPE_MAX; ++type)
INIT_HLIST_HEAD(&pid->tasks[type]); INIT_HLIST_HEAD(&pid->tasks[type]);