On Fri, Aug 08, 2003 at 08:53:21PM +1000, herbert wrote:
> 
> The steal_locks() call in binfmt_elf.c is buggy.  It steals locks from
> a files entry whose reference was dropped much earlier.  This allows it
> to steal other process's locks.
> 
> The following patch calls steal_locks() earlier so that this does not
> happen.

My patch is buggy too.  If a file is closed by another clone between
the two steal_locks calls the lock will again be lost.  Fortunately
this much harder to trigger than the previous bug.

The following patch fixes that.
-- 
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt