From: Colin King <colin.king@canonical.com>
To: Christian Brauner <christian@brauner.io>,
Ingo Molnar <mingo@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Thomas Gleixner <tglx@linutronix.de>,
Andrew Morton <akpm@linux-foundation.org>,
Tejun Heo <tj@kernel.org>
Cc: kernel-janitors@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH][next] clone3: fix an unsigned args.cgroup comparison to less than zero
Date: Sat, 22 Feb 2020 00:15:13 +0000 [thread overview]
Message-ID: <20200222001513.43099-1-colin.king@canonical.com> (raw)
From: Colin Ian King <colin.king@canonical.com>
The less than zero comparison of args.cgroup is aways false because
args.cgroup is a u64 and can never be less than zero. I believe the
correct check is to cast args.cgroup to a s64 first to ensure an
invalid value is not copied to kargs->cgroup.
Addresses-Coverity: ("Unsigned compared against 0")
Fixes: ef2c41cf38a7 ("clone3: allow spawning processes into cgroups")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
kernel/fork.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/fork.c b/kernel/fork.c
index 67a5d691ffa8..98513a122dd1 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -2635,7 +2635,7 @@ noinline static int copy_clone_args_from_user(struct kernel_clone_args *kargs,
!valid_signal(args.exit_signal)))
return -EINVAL;
- if ((args.flags & CLONE_INTO_CGROUP) && args.cgroup < 0)
+ if ((args.flags & CLONE_INTO_CGROUP) && (s64)args.cgroup < 0)
return -EINVAL;
*kargs = (struct kernel_clone_args){
--
2.25.0
next reply other threads:[~2020-02-22 0:15 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-22 0:15 Colin King [this message]
2020-02-22 12:18 ` [PATCH][next] clone3: fix an unsigned args.cgroup comparison to less than zero Christian Brauner
2020-02-24 7:31 ` Dan Carpenter
2020-02-24 12:25 ` Christian Brauner
2020-02-24 12:37 ` Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200222001513.43099-1-colin.king@canonical.com \
--to=colin.king@canonical.com \
--cc=akpm@linux-foundation.org \
--cc=christian@brauner.io \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).