From owner-dev-commits-src-main@freebsd.org Tue Jul 20 11:41:03 2021 Return-Path: Delivered-To: dev-commits-src-main@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0F85066AC3C; Tue, 20 Jul 2021 11:41:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GTcH23v2Pz3PbQ; Tue, 20 Jul 2021 11:41:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 3AD0D1D32; Tue, 20 Jul 2021 11:41:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 16KBf2eF090013; Tue, 20 Jul 2021 11:41:02 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 16KBf2Ge090012; Tue, 20 Jul 2021 11:41:02 GMT (envelope-from git) Date: Tue, 20 Jul 2021 11:41:02 GMT Message-Id: <202107201141.16KBf2Ge090012@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Dmitry Chagin Subject: git: ef4251e27148 - main - linux(4): Prevent an endless loop. MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: dchagin X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: ef4251e271486227f577494b8cc48623772a74ab Auto-Submitted: auto-generated X-BeenThere: dev-commits-src-main@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for the main branch of the src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jul 2021 11:41:03 -0000 The branch main has been updated by dchagin: URL: https://cgit.FreeBSD.org/src/commit/?id=ef4251e271486227f577494b8cc48623772a74ab commit ef4251e271486227f577494b8cc48623772a74ab Author: Dmitry Chagin AuthorDate: 2021-07-20 11:40:08 +0000 Commit: Dmitry Chagin CommitDate: 2021-07-20 11:40:08 +0000 linux(4): Prevent an endless loop. In the futex_atomic_op() the encoded_op is a user-supplied parameter. If the user specifies an incorrect value for this parameter paired with a valid *uaddr parameter the caller will go into the endless loop. To prevent this check futex_atomic_op() result and break the loop in case of ENOSYS. MFC after: 2 weeks --- sys/compat/linux/linux_futex.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sys/compat/linux/linux_futex.c b/sys/compat/linux/linux_futex.c index f69b13585022..a32542b16a8a 100644 --- a/sys/compat/linux/linux_futex.c +++ b/sys/compat/linux/linux_futex.c @@ -845,6 +845,8 @@ retry: if (f2 != NULL) futex_put(f2, NULL); futex_put(f, NULL); + if (op_ret == -ENOSYS) + return (ENOSYS); error = copyin(args->uaddr2, &val, sizeof(val)); if (error == 0) goto retry;