wait_task_stopped: Check p->exit_state instead of TASK_TRACED (CVE-2007-5500)

patch a3474224e6a01924be40a8255636ea5522c1023a in mainline

The original meaning of the old test (p->state > TASK_STOPPED) was
"not dead", since it was before TASK_TRACED existed and before the
state/exit_state split.  It was a wrong correction in commit
14bf01bb0599c89fc7f426d20353b76e12555308 to make this test for
TASK_TRACED instead.  It should have been changed when TASK_TRACED
was introducted and again when exit_state was introduced.

Signed-off-by: Roland McGrath <roland@redhat.com>
Signed-off-by: Adrian Bunk <bunk@kernel.org>

diff --git a/kernel/exit.c b/kernel/exit.c
index 00f0821726f7708fb035448ab3470dad8c46968a..9aacb335794144861ac3e376a0892a83034aa3d2 100644 (file)
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -1221,8 +1221,7 @@ static int wait_task_stopped(task_t *p, int delayed_group_leader, int noreap,
                int why = (p->ptrace & PT_PTRACED) ? CLD_TRAPPED : CLD_STOPPED;
 
                exit_code = p->exit_code;
-               if (unlikely(!exit_code) ||
-                   unlikely(p->state & TASK_TRACED))
+               if (unlikely(!exit_code) || unlikely(p->exit_state))
                        goto bail_ref;
                return wait_noreap_copyout(p, pid, uid,
                                           why, (exit_code << 8) | 0x7f,