proc: fix races against execve() of /proc/PID/fd**

	return error;

}

static int proc_pid_fd_link_getattr(struct vfsmount *mnt, struct dentry *dentry,

		struct kstat *stat)

{

	struct inode *inode = dentry->d_inode;

	struct task_struct *task = get_proc_task(inode);

	int rc;

	if (task == NULL)

		return -ESRCH;

	rc = -EACCES;

	if (lock_trace(task))

		goto out_task;

	generic_fillattr(inode, stat);

	unlock_trace(task);

	rc = 0;

out_task:

	put_task_struct(task);

	return rc;

}

static const struct inode_operations proc_pid_link_inode_operations = {

	.readlink	= proc_pid_readlink,

	.follow_link	= proc_pid_follow_link,

	.setattr	= proc_setattr,

};

static const struct inode_operations proc_fdinfo_link_inode_operations = {

	.setattr	= proc_setattr,

	.getattr	= proc_pid_fd_link_getattr,

};

static const struct inode_operations proc_fd_link_inode_operations = {

	.readlink	= proc_pid_readlink,

	.follow_link	= proc_pid_follow_link,

	.setattr	= proc_setattr,

	.getattr	= proc_pid_fd_link_getattr,

};

/* building an inode */

static int proc_fd_info(struct inode *inode, struct path *path, char *info)

{

	struct task_struct *task = get_proc_task(inode);

	struct files_struct *files = NULL;

	struct task_struct *task;

	struct files_struct *files;

	struct file *file;

	int fd = proc_fd(inode);

	int rc;

	if (task) {

	task = get_proc_task(inode);

	if (!task)

		return -ENOENT;

	rc = -EACCES;

	if (lock_trace(task))

		goto out_task;

	rc = -ENOENT;

	files = get_files_struct(task);

		put_task_struct(task);

	}

	if (files) {

	if (files == NULL)

		goto out_unlock;

	/*

	 * We are not taking a ref to the file structure, so we must

	 * hold ->file_lock.

				 "flags:\t0%o\n",

				 (long long) file->f_pos,

				 f_flags);

		rc = 0;

	} else

		rc = -ENOENT;

	spin_unlock(&files->file_lock);

	put_files_struct(files);

			return 0;

		}

		spin_unlock(&files->file_lock);

		put_files_struct(files);

	}

	return -ENOENT;

out_unlock:

	unlock_trace(task);

out_task:

	put_task_struct(task);

	return rc;

}

static int proc_fd_link(struct inode *inode, struct path *path)

	spin_unlock(&files->file_lock);

	put_files_struct(files);

	inode->i_op = &proc_pid_link_inode_operations;

	inode->i_op = &proc_fd_link_inode_operations;

	inode->i_size = 64;

	ei->op.proc_get_link = proc_fd_link;

	d_set_d_op(dentry, &tid_fd_dentry_operations);

	if (fd == ~0U)

		goto out;

	result = ERR_PTR(-EACCES);

	if (lock_trace(task))

		goto out;

	result = instantiate(dir, dentry, task, &fd);

	unlock_trace(task);

out:

	put_task_struct(task);

out_no_task:

	retval = -ENOENT;

	if (!p)

		goto out_no_task;

	retval = -EACCES;

	if (lock_trace(p))

		goto out;

	retval = 0;

	fd = filp->f_pos;

	switch (fd) {

		case 0:

			if (filldir(dirent, ".", 1, 0, inode->i_ino, DT_DIR) < 0)

				goto out;

				goto out_unlock;

			filp->f_pos++;

		case 1:

			ino = parent_ino(dentry);

			if (filldir(dirent, "..", 2, 1, ino, DT_DIR) < 0)

				goto out;

				goto out_unlock;

			filp->f_pos++;

		default:

			files = get_files_struct(p);

			if (!files)

				goto out;

				goto out_unlock;

			rcu_read_lock();

			for (fd = filp->f_pos-2;

			     fd < files_fdtable(files)->max_fds;

			rcu_read_unlock();

			put_files_struct(files);

	}

out_unlock:

	unlock_trace(p);

out:

	put_task_struct(p);

out_no_task:

	ei->fd = fd;

	inode->i_mode = S_IFREG | S_IRUSR;

	inode->i_fop = &proc_fdinfo_file_operations;

	inode->i_op = &proc_fdinfo_link_inode_operations;

	d_set_d_op(dentry, &tid_fd_dentry_operations);

	d_add(dentry, inode);

	/* Close the race of the process dying before we return the dentry */