diff options
| author | Roland McGrath <roland@redhat.com> | 2007-11-13 22:11:50 -0800 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@suse.de> | 2007-11-16 10:26:41 -0800 |
| commit | 5ef016ad9ba96a77a7249a2bd8d3196af5bfd920 (patch) | |
| tree | 07525d7bb9183decfd4214f34e81a60f6b6d963f | |
| parent | e405fd3dce2abe36894ab5955fd17aff0e45daf0 (diff) | |
wait_task_stopped: Check p->exit_state instead of TASK_TRACED (CVE-2007-5500)
patch a3474224e6a01924be40a8255636ea5522c1023a in mainline
The original meaning of the old test (p->state > TASK_STOPPED) was
"not dead", since it was before TASK_TRACED existed and before the
state/exit_state split. It was a wrong correction in commit
14bf01bb0599c89fc7f426d20353b76e12555308 to make this test for
TASK_TRACED instead. It should have been changed when TASK_TRACED
was introducted and again when exit_state was introduced.
Signed-off-by: Roland McGrath <roland@redhat.com>
Cc: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Alexey Dobriyan <adobriyan@sw.ru>
Cc: Kees Cook <kees@ubuntu.com>
Acked-by: Scott James Remnant <scott@ubuntu.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| -rw-r--r-- | kernel/exit.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/kernel/exit.c b/kernel/exit.c index 5c8ecbaa19a5..e3adc4668615 100644 --- a/kernel/exit.c +++ b/kernel/exit.c @@ -1336,8 +1336,7 @@ static int wait_task_stopped(struct task_struct *p, int delayed_group_leader, int why = (p->ptrace & PT_PTRACED) ? CLD_TRAPPED : CLD_STOPPED; exit_code = p->exit_code; - if (unlikely(!exit_code) || - unlikely(p->state & TASK_TRACED)) + if (unlikely(!exit_code) || unlikely(p->exit_state)) goto bail_ref; return wait_noreap_copyout(p, pid, uid, why, (exit_code << 8) | 0x7f, |