Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754011Ab0FWVx5 (ORCPT ); Wed, 23 Jun 2010 17:53:57 -0400 Received: from mail.pripojeni.net ([217.66.174.14]:37334 "EHLO mail.pripojeni.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1753884Ab0FWVxS (ORCPT ); Wed, 23 Jun 2010 17:53:18 -0400 From: Jiri Slaby To: jirislaby@gmail.com Cc: Oleg Nesterov , akpm@linux-foundation.org, adobriyan@gmail.com, nhorman@tuxdriver.com, Stephen Smalley , James Morris , Eric Paris , linux-kernel@vger.kernel.org Subject: [PATCH v4 04/12] rlimits: selinux, do rlimits changes under task_lock Date: Wed, 23 Jun 2010 23:52:05 +0200 Message-Id: <1277329933-8139-4-git-send-email-jslaby@suse.cz> X-Mailer: git-send-email 1.7.1 In-Reply-To: <1277329933-8139-1-git-send-email-jslaby@suse.cz> References: <1277329933-8139-1-git-send-email-jslaby@suse.cz> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1574 Lines: 47 From: Oleg Nesterov When doing an exec, selinux updates rlimits in its code of current process depending on current max. Make sure max or cur doesn't change in the meantime by grabbing task_lock which do_prlimit needs for changing limits too. While at it, use rlimit helper for accessing CPU rlimit a line below. To have a volatile access too. Signed-off-by: Jiri Slaby Cc: Oleg Nesterov --- security/selinux/hooks.c | 6 ++++-- 1 files changed, 4 insertions(+), 2 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index afb18a9..2a8a0a9 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2333,13 +2333,15 @@ static void selinux_bprm_committing_creds(struct linux_binprm *bprm) rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS, PROCESS__RLIMITINH, NULL); if (rc) { + /* protect against do_prlimit() */ + task_lock(current); for (i = 0; i < RLIM_NLIMITS; i++) { rlim = current->signal->rlim + i; initrlim = init_task.signal->rlim + i; rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur); } - update_rlimit_cpu(current, - current->signal->rlim[RLIMIT_CPU].rlim_cur); + task_unlock(current); + update_rlimit_cpu(current, rlimit(RLIMIT_CPU)); } } -- 1.7.1 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/