[PATCH -mm] do_wait-fix-security-checks-fix

From: Oleg Nesterov
Date: Tue Nov 27 2007 - 12:50:55 EST

Next message: Rik van Riel: "Re: 2.6.24-rc3-mm1 - Kernel Panic on IO-APIC"
Previous message: Udo van den Heuvel: "Re: possible BUG: unable to handle kernel NULL pointer dereferenceat virtual address 00000000"
In reply to: Oleg Nesterov: "[RFC, PATCH -mm] do_wait: fix security checks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/24, Oleg Nesterov wrote:
>
> - if (!flag) {
> + if (flag)
> + continue;

This "last obvious cleanup right before sending the patch" is terribly wrong,
we can't continue, we must advance the tsk to the next_thread().

Please apply.

--- PT/kernel/exit.c~SEC_FIX 2007-11-26 17:10:41.000000000 +0300
+++ PT/kernel/exit.c 2007-11-27 20:41:10.000000000 +0300
@@ -1527,16 +1527,17 @@ repeat:
if (retval != 0) /* tasklist_lock released */
goto end;
}
- if (flag)
- continue;
- list_for_each_entry(p, &tsk->ptrace_children, ptrace_list) {
- flag = eligible_child(pid, options, p);
- if (!flag)
- continue;
- if (likely(flag > 0))
- break;
- retval = flag;
- goto end;
+ if (!flag) {
+ list_for_each_entry(p, &tsk->ptrace_children,
+ ptrace_list) {
+ flag = eligible_child(pid, options, p);
+ if (!flag)
+ continue;
+ if (likely(flag > 0))
+ break;
+ retval = flag;
+ goto end;
+ }
}
if (options & __WNOTHREAD)
break;

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Rik van Riel: "Re: 2.6.24-rc3-mm1 - Kernel Panic on IO-APIC"
Previous message: Udo van den Heuvel: "Re: possible BUG: unable to handle kernel NULL pointer dereferenceat virtual address 00000000"
In reply to: Oleg Nesterov: "[RFC, PATCH -mm] do_wait: fix security checks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]