cap_get_target_pid() protects the task lookup with tasklist_lock.
security_capget() is called under tasklist_lock as well but
tasklist_lock does not protect anything there. The capabilities are
protected by RCU already.
So tasklist_lock only protects the lookup and prevents the task going
away, which can be done with rcu_read_lock() as well.
Signed-off-by: Thomas Gleixner <[email protected]>
---
kernel/capability.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Index: linux-2.6-tip/kernel/capability.c
===================================================================
--- linux-2.6-tip.orig/kernel/capability.c
+++ linux-2.6-tip/kernel/capability.c
@@ -135,7 +135,7 @@ static inline int cap_get_target_pid(pid
if (pid && (pid != task_pid_vnr(current))) {
struct task_struct *target;
- read_lock(&tasklist_lock);
+ rcu_read_lock();
target = find_task_by_vpid(pid);
if (!target)
@@ -143,7 +143,7 @@ static inline int cap_get_target_pid(pid
else
ret = security_capget(target, pEp, pIp, pPp);
- read_unlock(&tasklist_lock);
+ rcu_read_unlock();
} else
ret = security_capget(current, pEp, pIp, pPp);
On Wed, 9 Dec 2009, Thomas Gleixner wrote:
> cap_get_target_pid() protects the task lookup with tasklist_lock.
> security_capget() is called under tasklist_lock as well but
> tasklist_lock does not protect anything there. The capabilities are
> protected by RCU already.
>
> So tasklist_lock only protects the lookup and prevents the task going
> away, which can be done with rcu_read_lock() as well.
>
> Signed-off-by: Thomas Gleixner <[email protected]>
Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#next
--
James Morris
<[email protected]>