exec:check_unsafe_exec: use while_each_thread() rather than next_thread()
authorOleg Nesterov <oleg@redhat.com>
Thu, 23 Jan 2014 23:55:49 +0000 (15:55 -0800)
committerLinus Torvalds <torvalds@linux-foundation.org>
Fri, 24 Jan 2014 00:37:02 +0000 (16:37 -0800)
next_thread() should be avoided, change check_unsafe_exec() to use
while_each_thread().

Nobody except signal->curr_target actually needs next_thread-like code,
and we need to change (fix) this interface.  This particular code is fine,
p == current.  But in general the code like this can loop forever if p
exits and next_thread(t) can't reach the unhashed thread.

This also saves 32 bytes.

Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
fs/exec.c

index 9cbad5b0187e04132bbebd07491fb59ed4f76a7d..81ae6212187aa8fc4b87bc3c6efe6527d30978ca 100644 (file)
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1243,10 +1243,11 @@ static int check_unsafe_exec(struct linux_binprm *bprm)
        if (current->no_new_privs)
                bprm->unsafe |= LSM_UNSAFE_NO_NEW_PRIVS;
 
+       t = p;
        n_fs = 1;
        spin_lock(&p->fs->lock);
        rcu_read_lock();
-       for (t = next_thread(p); t != p; t = next_thread(t)) {
+       while_each_thread(p, t) {
                if (t->fs == p->fs)
                        n_fs++;
        }