[PATCH] proc_readfd_common() race fix
authorAl Viro <viro@zeniv.linux.org.uk>
Tue, 22 Apr 2008 05:32:44 +0000 (01:32 -0400)
committerAl Viro <viro@zeniv.linux.org.uk>
Tue, 22 Apr 2008 23:55:03 +0000 (19:55 -0400)
Since we drop the rcu_read_lock inside the loop, we can't assume
that files->fdt will remain unchanged (and not freed) between
iterations.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
fs/proc/base.c

index 81d7d145292a613383dece3beed71a88b784440e..7313c62e3e9dd47f103bd1cf5e0e32f3e3356356 100644 (file)
@@ -1626,7 +1626,6 @@ static int proc_readfd_common(struct file * filp, void * dirent,
        unsigned int fd, ino;
        int retval;
        struct files_struct * files;
-       struct fdtable *fdt;
 
        retval = -ENOENT;
        if (!p)
@@ -1649,9 +1648,8 @@ static int proc_readfd_common(struct file * filp, void * dirent,
                        if (!files)
                                goto out;
                        rcu_read_lock();
-                       fdt = files_fdtable(files);
                        for (fd = filp->f_pos-2;
-                            fd < fdt->max_fds;
+                            fd < files_fdtable(files)->max_fds;
                             fd++, filp->f_pos++) {
                                char name[PROC_NUMBUF];
                                int len;