Date: Tue, 20 Jul 2021 11:41:02 GMT From: Dmitry Chagin <dchagin@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: ef4251e27148 - main - linux(4): Prevent an endless loop. Message-ID: <202107201141.16KBf2Ge090012@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by dchagin: URL: https://cgit.FreeBSD.org/src/commit/?id=ef4251e271486227f577494b8cc48623772a74ab commit ef4251e271486227f577494b8cc48623772a74ab Author: Dmitry Chagin <dchagin@FreeBSD.org> AuthorDate: 2021-07-20 11:40:08 +0000 Commit: Dmitry Chagin <dchagin@FreeBSD.org> CommitDate: 2021-07-20 11:40:08 +0000 linux(4): Prevent an endless loop. In the futex_atomic_op() the encoded_op is a user-supplied parameter. If the user specifies an incorrect value for this parameter paired with a valid *uaddr parameter the caller will go into the endless loop. To prevent this check futex_atomic_op() result and break the loop in case of ENOSYS. MFC after: 2 weeks --- sys/compat/linux/linux_futex.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sys/compat/linux/linux_futex.c b/sys/compat/linux/linux_futex.c index f69b13585022..a32542b16a8a 100644 --- a/sys/compat/linux/linux_futex.c +++ b/sys/compat/linux/linux_futex.c @@ -845,6 +845,8 @@ retry: if (f2 != NULL) futex_put(f2, NULL); futex_put(f, NULL); + if (op_ret == -ENOSYS) + return (ENOSYS); error = copyin(args->uaddr2, &val, sizeof(val)); if (error == 0) goto retry;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202107201141.16KBf2Ge090012>