* [PATCH] mm/mempolicy.c: fix error handling in set_mempolicy and mbind.
@ 2017-04-08 6:48 Chris Salls
2017-04-08 17:59 ` Linus Torvalds
0 siblings, 1 reply; 2+ messages in thread
From: Chris Salls @ 2017-04-08 6:48 UTC (permalink / raw)
To: linux-mm; +Cc: security, Chris Salls
In the case that compat_get_bitmap fails we do not want to copy the
bitmap to the user as it will contain uninitialized stack data and
leak sensitive data.
Signed-off-by: Chris Salls <salls@cs.ucsb.edu>
---
mm/mempolicy.c | 20 ++++++++------------
1 file changed, 8 insertions(+), 12 deletions(-)
diff --git a/mm/mempolicy.c b/mm/mempolicy.c
index 75b2745..37d0b33 100644
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -1529,7 +1529,6 @@ static int copy_nodes_to_user(unsigned long __user *mask, unsigned long maxnode,
COMPAT_SYSCALL_DEFINE3(set_mempolicy, int, mode, compat_ulong_t __user *, nmask,
compat_ulong_t, maxnode)
{
- long err = 0;
unsigned long __user *nm = NULL;
unsigned long nr_bits, alloc_size;
DECLARE_BITMAP(bm, MAX_NUMNODES);
@@ -1538,14 +1537,13 @@ static int copy_nodes_to_user(unsigned long __user *mask, unsigned long maxnode,
alloc_size = ALIGN(nr_bits, BITS_PER_LONG) / 8;
if (nmask) {
- err = compat_get_bitmap(bm, nmask, nr_bits);
+ if (compat_get_bitmap(bm, nmask, nr_bits))
+ return -EFAULT;
nm = compat_alloc_user_space(alloc_size);
- err |= copy_to_user(nm, bm, alloc_size);
+ if (copy_to_user(nm, bm, alloc_size))
+ return -EFAULT;
}
- if (err)
- return -EFAULT;
-
return sys_set_mempolicy(mode, nm, nr_bits+1);
}
@@ -1553,7 +1551,6 @@ static int copy_nodes_to_user(unsigned long __user *mask, unsigned long maxnode,
compat_ulong_t, mode, compat_ulong_t __user *, nmask,
compat_ulong_t, maxnode, compat_ulong_t, flags)
{
- long err = 0;
unsigned long __user *nm = NULL;
unsigned long nr_bits, alloc_size;
nodemask_t bm;
@@ -1562,14 +1559,13 @@ static int copy_nodes_to_user(unsigned long __user *mask, unsigned long maxnode,
alloc_size = ALIGN(nr_bits, BITS_PER_LONG) / 8;
if (nmask) {
- err = compat_get_bitmap(nodes_addr(bm), nmask, nr_bits);
+ if (compat_get_bitmap(nodes_addr(bm), nmask, nr_bits))
+ return -EFAULT;
nm = compat_alloc_user_space(alloc_size);
- err |= copy_to_user(nm, nodes_addr(bm), alloc_size);
+ if (copy_to_user(nm, nodes_addr(bm), alloc_size))
+ return -EFAULT;
}
- if (err)
- return -EFAULT;
-
return sys_mbind(start, len, mode, nm, nr_bits+1, flags);
}
--
1.9.1
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] mm/mempolicy.c: fix error handling in set_mempolicy and mbind.
2017-04-08 6:48 [PATCH] mm/mempolicy.c: fix error handling in set_mempolicy and mbind Chris Salls
@ 2017-04-08 17:59 ` Linus Torvalds
0 siblings, 0 replies; 2+ messages in thread
From: Linus Torvalds @ 2017-04-08 17:59 UTC (permalink / raw)
To: Chris Salls; +Cc: linux-mm, security
On Fri, Apr 7, 2017 at 11:48 PM, Chris Salls <salls@cs.ucsb.edu> wrote:
> In the case that compat_get_bitmap fails we do not want to copy the
> bitmap to the user as it will contain uninitialized stack data and
> leak sensitive data.
Ack, looks sane, applied.
Linus
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-04-08 17:59 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-04-08 6:48 [PATCH] mm/mempolicy.c: fix error handling in set_mempolicy and mbind Chris Salls
2017-04-08 17:59 ` Linus Torvalds
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.