lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 5 Feb 2014 15:02:37 -0500 From: Paul Gortmaker <paul.gortmaker@...driver.com> To: <stable@...r.kernel.org>, <linux-kernel@...r.kernel.org> CC: Darren Hart <dvhart@...ux.intel.com>, Dave Jones <davej@...hat.com>, Dan Carpenter <dan.carpenter@...cle.com>, Thomas Gleixner <tglx@...utronix.de>, Paul Gortmaker <paul.gortmaker@...driver.com> Subject: [v2.6.34-stable 202/213] futex: Test for pi_mutex on fault in futex_wait_requeue_pi() From: Darren Hart <dvhart@...ux.intel.com> ------------------- This is a commit scheduled for the next v2.6.34 longterm release. http://git.kernel.org/?p=linux/kernel/git/paulg/longterm-queue-2.6.34.git If you see a problem with using this for longterm, please comment. ------------------- commit b6070a8d9853eda010a549fa9a09eb8d7269b929 upstream. If fixup_pi_state_owner() faults, pi_mutex may be NULL. Test for pi_mutex != NULL before testing the owner against current and possibly unlocking it. Signed-off-by: Darren Hart <dvhart@...ux.intel.com> Cc: Dave Jones <davej@...hat.com> Cc: Dan Carpenter <dan.carpenter@...cle.com> Link: http://lkml.kernel.org/r/dc59890338fc413606f04e5c5b131530734dae3d.1342809673.git.dvhart@linux.intel.com Signed-off-by: Thomas Gleixner <tglx@...utronix.de> Signed-off-by: Paul Gortmaker <paul.gortmaker@...driver.com> --- kernel/futex.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/futex.c b/kernel/futex.c index d4e7f0ea1f94..0e8043833223 100644 --- a/kernel/futex.c +++ b/kernel/futex.c @@ -2348,7 +2348,7 @@ static int futex_wait_requeue_pi(u32 __user *uaddr, int fshared, * fault, unlock the rt_mutex and return the fault to userspace. */ if (ret == -EFAULT) { - if (rt_mutex_owner(pi_mutex) == current) + if (pi_mutex && rt_mutex_owner(pi_mutex) == current) rt_mutex_unlock(pi_mutex); } else if (ret == -EINTR) { /* -- 1.8.5.2 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists