From: Oleg Nesterov <oleg@redhat.com>
Date: Sun, 18 Jan 2009 17:17:20 +0000 (+0100)
Subject: Staging: android: task_get_unused_fd_flags: fix the wrong usage of tsk->signal
X-Git-Url: http://git.efficios.com/?a=commitdiff_plain;h=1176e83aff6f15b6ae4d1b53c16124884ad29363;p=deliverable%2Flinux.git

Staging: android: task_get_unused_fd_flags: fix the wrong usage of tsk->signal

Compile tested.

task_struct->signal is not protected by RCU, the code is bogus.
Change the code to take ->siglock to pin ->signal.

Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Cc: Arve Hjønnevåg <arve@android.com>
Cc: Brian Swetland <swetland@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---

diff --git a/drivers/staging/android/binder.c b/drivers/staging/android/binder.c
index ab014bc96831..758131cad08a 100644
--- a/drivers/staging/android/binder.c
+++ b/drivers/staging/android/binder.c
@@ -319,6 +319,7 @@ int task_get_unused_fd_flags(struct task_struct *tsk, int flags)
 	int fd, error;
 	struct fdtable *fdt;
 	unsigned long rlim_cur;
+	unsigned long irqs;
 
 	if (files == NULL)
 		return -ESRCH;
@@ -335,12 +336,11 @@ repeat:
 	 * N.B. For clone tasks sharing a files structure, this test
 	 * will limit the total number of files that can be opened.
 	 */
-	rcu_read_lock();
-	if (tsk->signal)
+	rlim_cur = 0;
+	if (lock_task_sighand(tsk, &irqs)) {
 		rlim_cur = tsk->signal->rlim[RLIMIT_NOFILE].rlim_cur;
-	else
-		rlim_cur = 0;
-	rcu_read_unlock();
+		unlock_task_sighand(tsk, &irqs);
+	}
 	if (fd >= rlim_cur)
 		goto out;