Re: [PATCH 4/5] Use copy_wait_opts_to_user() in wait_task_zombie()

From: Oleg Nesterov
Date: Mon Jun 15 2009 - 12:48:29 EST

Next message: Bartlomiej Zolnierkiewicz: "Re: linux-next: ide tree build failure"
Previous message: davidb: "Re: HTC Dream aka. t-mobile g1 support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 05/11, Vitaly Mayatskikh wrote:
>
> @@ -1267,36 +1265,21 @@ static int wait_task_zombie(struct wait_opts *wo, struct task_struct *p)
> */
> read_unlock(&tasklist_lock);
>
> - retval = wo->wo_rusage
> - ? getrusage(p, RUSAGE_BOTH, wo->wo_rusage) : 0;
> status = (p->signal->flags & SIGNAL_GROUP_EXIT)
> ? p->signal->group_exit_code : p->exit_code;
> - if (!retval && wo->wo_stat)
> + if (wo->wo_stat)
> retval = put_user(status, wo->wo_stat);

We don't check retval, and then later

> [...snip...]
> + retval = copy_wait_opts_to_user(wo, p, pid, uid, why, status, SIGCHLD);

we overwrite it.

This needs a fix.

Oleg.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Bartlomiej Zolnierkiewicz: "Re: linux-next: ide tree build failure"
Previous message: davidb: "Re: HTC Dream aka. t-mobile g1 support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]