Sophie

Sophie

distrib > Scientific%20Linux > 5x > x86_64 > by-pkgid > fc11cd6e1c513a17304da94a5390f3cd > files > 3747

kernel-2.6.18-194.11.1.el5.src.rpm

From: Neil Horman <nhorman@redhat.com>
Date: Thu, 15 May 2008 10:26:36 -0400
Subject: [sys] sys_setrlimit: prevent setting RLIMIT_CPU to 0
Message-id: 20080515142636.GB19678@hmsendeavour.rdu.redhat.com
O-Subject: [RHEL 5.3 PATCH] fix sys_setrlimit to properly prevent setting RLIMIT_CPU to 0 (bz 437122)
Bugzilla: 437122
RH-Acked-by: Rik van Riel <riel@redhat.com>
RH-Acked-by: Larry Woodman <lwoodman@redhat.com>

Hey all-
	Awhile back, a fix went in upstream to prevent users from setting
RLIMIT_CPU to zero (which meant unlimited cpu time rather than zero cpu time),
by cheating and setting a value of 1 second instead.  It was a good patch, but
was coded in the wrong place and so, wound up doing nothing.  This is a backport
of commit 9926e4c74300c4b31dee007298c6475d33369df0 and moves that code to the
right location.  Tested successfully by me, resolves bz 437122.

Regards
Neil

 kernel/sys.c |   19 ++++++++++---------
 1 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/kernel/sys.c b/kernel/sys.c
index 21bf335..7695fc5 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -1808,6 +1808,16 @@ asmlinkage long sys_setrlimit(unsigned int resource, struct rlimit __user *rlim)
 	if (retval)
 		return retval;
 
+	if (resource == RLIMIT_CPU && new_rlim.rlim_cur == 0) {
+		/*
+		 * The caller is asking for an immediate RLIMIT_CPU
+		 * expiry.  But we use the zero value to mean "it was
+		 * never set".  So let's cheat and make it one second
+		 * instead
+		 */
+		new_rlim.rlim_cur = 1;
+	}
+
 	task_lock(current->group_leader);
 	*old_rlim = new_rlim;
 	task_unlock(current->group_leader);
@@ -1829,15 +1839,6 @@ asmlinkage long sys_setrlimit(unsigned int resource, struct rlimit __user *rlim)
 		unsigned long rlim_cur = new_rlim.rlim_cur;
 		cputime_t cputime;
 
-		if (rlim_cur == 0) {
-			/*
-			 * The caller is asking for an immediate RLIMIT_CPU
-			 * expiry.  But we use the zero value to mean "it was
-			 * never set".  So let's cheat and make it one second
-			 * instead
-			 */
-			rlim_cur = 1;
-		}
 		cputime = secs_to_cputime(rlim_cur);
 		read_lock(&tasklist_lock);
 		spin_lock_irq(&current->sighand->siglock);

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional