Date: Fri, 17 Jun 2022 19:37:11 GMT From: Dmitry Chagin <dchagin@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: acb45ac680f7 - stable/13 - linux(4): Prevent an endless loop. Message-ID: <202206171937.25HJbBTf013032@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by dchagin: URL: https://cgit.FreeBSD.org/src/commit/?id=acb45ac680f70ce5083d2275a6f40a8c116205ba commit acb45ac680f70ce5083d2275a6f40a8c116205ba Author: Dmitry Chagin <dchagin@FreeBSD.org> AuthorDate: 2021-07-20 11:40:08 +0000 Commit: Dmitry Chagin <dchagin@FreeBSD.org> CommitDate: 2022-06-17 19:33:12 +0000 linux(4): Prevent an endless loop. In the futex_atomic_op() the encoded_op is a user-supplied parameter. If the user specifies an incorrect value for this parameter paired with a valid *uaddr parameter the caller will go into the endless loop. To prevent this check futex_atomic_op() result and break the loop in case of ENOSYS. MFC after: 2 weeks (cherry picked from commit ef4251e271486227f577494b8cc48623772a74ab) --- sys/compat/linux/linux_futex.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sys/compat/linux/linux_futex.c b/sys/compat/linux/linux_futex.c index f69b13585022..a32542b16a8a 100644 --- a/sys/compat/linux/linux_futex.c +++ b/sys/compat/linux/linux_futex.c @@ -845,6 +845,8 @@ retry: if (f2 != NULL) futex_put(f2, NULL); futex_put(f, NULL); + if (op_ret == -ENOSYS) + return (ENOSYS); error = copyin(args->uaddr2, &val, sizeof(val)); if (error == 0) goto retry;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202206171937.25HJbBTf013032>