diff options
| author | Oleg Nesterov <[email protected]> | 2014-01-23 23:55:31 +0000 |
|---|---|---|
| committer | Linus Torvalds <[email protected]> | 2014-01-24 00:37:01 +0000 |
| commit | abacd2fe3ca10b3ade57f3634053241a660002c2 (patch) | |
| tree | e3d8d77e9b12d2e57a90a026a225313ccca9ddb1 /fs/proc/array.c | |
| parent | Documentation/cpu-hotplug.txt: fix a typo in example code (diff) | |
| download | kernel-abacd2fe3ca10b3ade57f3634053241a660002c2.tar.gz kernel-abacd2fe3ca10b3ade57f3634053241a660002c2.zip | |
coredump: set_dumpable: fix the theoretical race with itself
set_dumpable() updates MMF_DUMPABLE_MASK in a non-trivial way to ensure
that get_dumpable() can't observe the intermediate state, but this all
can't help if multiple threads call set_dumpable() at the same time.
And in theory commit_creds()->set_dumpable(SUID_DUMP_ROOT) racing with
sys_prctl()->set_dumpable(SUID_DUMP_DISABLE) can result in SUID_DUMP_USER.
Change this code to update both bits atomically via cmpxchg().
Note: this assumes that it is safe to mix bitops and cmpxchg. IOW, if,
say, an architecture implements cmpxchg() using the locking (like
arch/parisc/lib/bitops.c does), then it should use the same locks for
set_bit/etc.
Signed-off-by: Oleg Nesterov <[email protected]>
Acked-by: Kees Cook <[email protected]>
Cc: Alex Kelly <[email protected]>
Cc: "Eric W. Biederman" <[email protected]>
Cc: Josh Triplett <[email protected]>
Cc: Petr Matousek <[email protected]>
Cc: Vasily Kulikov <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Diffstat (limited to 'fs/proc/array.c')
0 files changed, 0 insertions, 0 deletions