git: ef4251e27148 - main - linux(4): Prevent an endless loop.

Dmitry Chagin Tue, 20 Jul 2021 04:41:27 -0700

The branch main has been updated by dchagin:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=ef4251e271486227f577494b8cc48623772a74ab


commit ef4251e271486227f577494b8cc48623772a74ab
Author:     Dmitry Chagin <dcha...@freebsd.org>
AuthorDate: 2021-07-20 11:40:08 +0000
Commit:     Dmitry Chagin <dcha...@freebsd.org>
CommitDate: 2021-07-20 11:40:08 +0000

    linux(4): Prevent an endless loop.
    
    In the futex_atomic_op() the encoded_op is a user-supplied parameter.
    If the user specifies an incorrect value for this parameter paired with a 
valid
    *uaddr parameter the caller will go into the endless loop. To prevent this 
check
    futex_atomic_op() result and break the loop in case of ENOSYS.
    
    MFC after:              2 weeks
---
 sys/compat/linux/linux_futex.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sys/compat/linux/linux_futex.c b/sys/compat/linux/linux_futex.c
index f69b13585022..a32542b16a8a 100644
--- a/sys/compat/linux/linux_futex.c
+++ b/sys/compat/linux/linux_futex.c
@@ -845,6 +845,8 @@ retry:
                if (f2 != NULL)
                        futex_put(f2, NULL);
                futex_put(f, NULL);
+               if (op_ret == -ENOSYS)
+                       return (ENOSYS);
                error = copyin(args->uaddr2, &val, sizeof(val));
                if (error == 0)
                        goto retry;
_______________________________________________
dev-commits-src-main@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/dev-commits-src-main
To unsubscribe, send any mail to "dev-commits-src-main-unsubscr...@freebsd.org"

git: ef4251e27148 - main - linux(4): Prevent an endless loop.

Reply via email to