| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 15 Jul 2019 20:33:42 -0700 From: JingYi Hou <houjingyi647@...il.com> To: mingo@...hat.com, peterz@...radead.org Cc: linux-kernel@...r.kernel.org Subject: [PATCH] sched/core: fix double fetch in sched_copy_attr() In sched_copy_attr(), attr->size was fetched twice in get_user() and copy_from_user(). If change it between two fetches may cause security problems or unexpected behaivor. We can apply the same pattern used in perf_copy_attr(). That is, use value fetched first time to overwrite it after second fetch. Signed-off-by: JingYi Hou <houjingyi647@...il.com> --- kernel/sched/core.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kernel/sched/core.c b/kernel/sched/core.c index 2b037f195473..60088b907ef4 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -4945,6 +4945,8 @@ static int sched_copy_attr(struct sched_attr __user *uattr, struct sched_attr *a ret = copy_from_user(attr, uattr, size); if (ret) return -EFAULT; + + attr->size = size; if ((attr->sched_flags & SCHED_FLAG_UTIL_CLAMP) && size < SCHED_ATTR_SIZE_VER1) -- 2.20.1
Powered by blists - more mailing lists