lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20230807123323.020870574@infradead.org>
Date:   Mon, 07 Aug 2023 14:18:47 +0200
From:   Peter Zijlstra <peterz@...radead.org>
To:     tglx@...utronix.de, axboe@...nel.dk
Cc:     linux-kernel@...r.kernel.org, peterz@...radead.org,
        mingo@...hat.com, dvhart@...radead.org, dave@...olabs.net,
        andrealmeid@...lia.com, Andrew Morton <akpm@...ux-foundation.org>,
        urezki@...il.com, hch@...radead.org, lstoakes@...il.com,
        Arnd Bergmann <arnd@...db.de>, linux-api@...r.kernel.org,
        linux-mm@...ck.org, linux-arch@...r.kernel.org,
        malteskarupke@....de
Subject: [PATCH  v2 04/14] futex: Validate futex value against futex size

Ensure the futex value fits in the given futex size. Since this adds a
constraint to an existing syscall, it might possibly change behaviour.

Currently the value would be truncated to a u32 and any high bits
would get silently lost.

Signed-off-by: Peter Zijlstra (Intel) <peterz@...radead.org>
Reviewed-by: Thomas Gleixner <tglx@...utronix.de>
---
 kernel/futex/futex.h    |   10 ++++++++++
 kernel/futex/syscalls.c |    3 +++
 2 files changed, 13 insertions(+)

--- a/kernel/futex/futex.h
+++ b/kernel/futex/futex.h
@@ -85,6 +85,16 @@ static inline unsigned int futex_size(un
 	return 1 << (flags & FLAGS_SIZE_MASK);
 }
 
+static inline bool futex_validate_input(unsigned int flags, u64 val)
+{
+	int bits = 8 * futex_size(flags);
+
+	if (bits < 64 && (val >> bits))
+		return false;
+
+	return true;
+}
+
 #ifdef CONFIG_FAIL_FUTEX
 extern bool should_fail_futex(bool fshared);
 #else
--- a/kernel/futex/syscalls.c
+++ b/kernel/futex/syscalls.c
@@ -209,6 +209,9 @@ static int futex_parse_waitv(struct fute
 		if (!futex_flags_valid(flags))
 			return -EINVAL;
 
+		if (!futex_validate_input(flags, aux.val))
+			return -EINVAL;
+
 		futexv[i].w.flags = flags;
 		futexv[i].w.val = aux.val;
 		futexv[i].w.uaddr = aux.uaddr;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ