Staging: android: task_get_unused_fd_flags: fix the wrong usage of tsk->signal

Compile tested.

task_struct->signal is not protected by RCU, the code is bogus.
Change the code to take ->siglock to pin ->signal.

Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Cc: Arve Hjønnevåg <arve@android.com>
Cc: Brian Swetland <swetland@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

diff --git a/drivers/staging/android/binder.c b/drivers/staging/android/binder.c
index ab014bc96831c6526ed586c560122487795a0d0a..758131cad08a3e36e374a497f3f83d4f5dc08547 100644 (file)
--- a/drivers/staging/android/binder.c
+++ b/drivers/staging/android/binder.c
@@ -319,6 +319,7 @@ int task_get_unused_fd_flags(struct task_struct *tsk, int flags)
        int fd, error;
        struct fdtable *fdt;
        unsigned long rlim_cur;
+       unsigned long irqs;
 
        if (files == NULL)
                return -ESRCH;
@@ -335,12 +336,11 @@ repeat:
         * N.B. For clone tasks sharing a files structure, this test
         * will limit the total number of files that can be opened.
         */
-       rcu_read_lock();
-       if (tsk->signal)
+       rlim_cur = 0;
+       if (lock_task_sighand(tsk, &irqs)) {
                rlim_cur = tsk->signal->rlim[RLIMIT_NOFILE].rlim_cur;
-       else
-               rlim_cur = 0;
-       rcu_read_unlock();
+               unlock_task_sighand(tsk, &irqs);
+       }
        if (fd >= rlim_cur)
                goto out;