capabilities: Use RCU to protect task lookup in sys_capget

cap_get_target_pid() protects the task lookup with tasklist_lock. security_capget() is called under tasklist_lock as well but tasklist_lock does not protect anything there. The capabilities are protected by RCU already. So tasklist_lock only protects the lookup and prevents the task going away, which can be done with rcu_read_lock() as well. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: James Morris <jmorris@namei.org>

capabilities: Use RCU to protect task lookup in sys_capget
cap_get_target_pid() protects the task lookup with tasklist_lock. security_capget() is called under tasklist_lock as well but tasklist_lock does not protect anything there. The capabilities are protected by RCU already. So tasklist_lock only protects the lookup and prevents the task going away, which can be done with rcu_read_lock() as well. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: James Morris <jmorris@namei.org>
Thomas Gleixner · James Morris
1 parent 67fa4880c5
Showing 1 changed file with 2 additions and 2 deletions Side-by-side Diff
kernel/capability.c
@@ -135,7 +135,7 @@
 	if (pid && (pid != task_pid_vnr(current))) {
 		struct task_struct *target;
  
-		read_lock(&tasklist_lock);
+		rcu_read_lock();
  
 		target = find_task_by_vpid(pid);
 		if (!target)
@@ -143,7 +143,7 @@
 		else
 			ret = security_capget(target, pEp, pIp, pPp);
  
-		read_unlock(&tasklist_lock);
+		rcu_read_unlock();
 	} else
 		ret = security_capget(current, pEp, pIp, pPp);
...	...	@@ -135,7 +135,7 @@
135	135	if (pid && (pid != task_pid_vnr(current))) {
136	136	struct task_struct *target;
137	137
138		- read_lock(&tasklist_lock);
	138	+ rcu_read_lock();
139	139
140	140	target = find_task_by_vpid(pid);
141	141	if (!target)
...	...	@@ -143,7 +143,7 @@
143	143	else
144	144	ret = security_capget(target, pEp, pIp, pPp);
145	145
146		- read_unlock(&tasklist_lock);
	146	+ rcu_read_unlock();
147	147	} else
148	148	ret = security_capget(current, pEp, pIp, pPp);
149	149