]> git.karo-electronics.de Git - mv-sheeva.git/blobdiff - security/selinux/hooks.c
projects / mv-sheeva.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
rlimits: selinux, do rlimits changes under task_lock
[mv-sheeva.git] / security / selinux / hooks.c
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 5c9f25ba1c9537faa8e1ea91a482dd8960cb745e..2a8a0a915ff38b49bcf98ad36f249b0cef7f5d00 100644 (file)
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2333,12 +2333,15 @@ static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
        rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
                          PROCESS__RLIMITINH, NULL);
        if (rc) {
+               /* protect against do_prlimit() */
+               task_lock(current);
                for (i = 0; i < RLIM_NLIMITS; i++) {
                        rlim = current->signal->rlim + i;
                        initrlim = init_task.signal->rlim + i;
                        rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
                }
-               update_rlimit_cpu(current->signal->rlim[RLIMIT_CPU].rlim_cur);
+               task_unlock(current);
+               update_rlimit_cpu(current, rlimit(RLIMIT_CPU));
        }
 }
 
@@ -3371,16 +3374,17 @@ static int selinux_task_getioprio(struct task_struct *p)
        return current_has_perm(p, PROCESS__GETSCHED);
 }
 
-static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim)
+static int selinux_task_setrlimit(struct task_struct *p, unsigned int resource,
+               struct rlimit *new_rlim)
 {
-       struct rlimit *old_rlim = current->signal->rlim + resource;
+       struct rlimit *old_rlim = p->signal->rlim + resource;
 
        /* Control the ability to change the hard limit (whether
           lowering or raising it), so that the hard limit can
           later be used as a safe reset point for the soft limit
           upon context transitions.  See selinux_bprm_committing_creds. */
        if (old_rlim->rlim_max != new_rlim->rlim_max)
-               return current_has_perm(current, PROCESS__SETRLIMIT);
+               return current_has_perm(p, PROCESS__SETRLIMIT);
 
        return 0;
 }
Linux for Marvell Sheeva based platforms