git: ef4251e27148 - main - linux(4): Prevent an endless loop.
Dmitry Chagin
dchagin at FreeBSD.org
Tue Jul 20 11:41:03 UTC 2021
The branch main has been updated by dchagin:
URL: https://cgit.FreeBSD.org/src/commit/?id=ef4251e271486227f577494b8cc48623772a74ab
commit ef4251e271486227f577494b8cc48623772a74ab
Author: Dmitry Chagin <dchagin at FreeBSD.org>
AuthorDate: 2021-07-20 11:40:08 +0000
Commit: Dmitry Chagin <dchagin at FreeBSD.org>
CommitDate: 2021-07-20 11:40:08 +0000
linux(4): Prevent an endless loop.
In the futex_atomic_op() the encoded_op is a user-supplied parameter.
If the user specifies an incorrect value for this parameter paired with a valid
*uaddr parameter the caller will go into the endless loop. To prevent this check
futex_atomic_op() result and break the loop in case of ENOSYS.
MFC after: 2 weeks
---
sys/compat/linux/linux_futex.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/sys/compat/linux/linux_futex.c b/sys/compat/linux/linux_futex.c
index f69b13585022..a32542b16a8a 100644
--- a/sys/compat/linux/linux_futex.c
+++ b/sys/compat/linux/linux_futex.c
@@ -845,6 +845,8 @@ retry:
if (f2 != NULL)
futex_put(f2, NULL);
futex_put(f, NULL);
+ if (op_ret == -ENOSYS)
+ return (ENOSYS);
error = copyin(args->uaddr2, &val, sizeof(val));
if (error == 0)
goto retry;
More information about the dev-commits-src-main
mailing list