* Patch "futex: Prevent overflow by strengthen input validation" has been added to the 3.18-stable tree
@ 2018-01-18 17:51 gregkh
0 siblings, 0 replies; only message in thread
From: gregkh @ 2018-01-18 17:51 UTC (permalink / raw)
To: lijinyue, gregkh, tglx; +Cc: stable, stable-commits
This is a note to let you know that I've just added the patch titled
futex: Prevent overflow by strengthen input validation
to the 3.18-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
futex-prevent-overflow-by-strengthen-input-validation.patch
and it can be found in the queue-3.18 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.
>From fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a Mon Sep 17 00:00:00 2001
From: Li Jinyue <lijinyue@huawei.com>
Date: Thu, 14 Dec 2017 17:04:54 +0800
Subject: futex: Prevent overflow by strengthen input validation
From: Li Jinyue <lijinyue@huawei.com>
commit fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a upstream.
UBSAN reports signed integer overflow in kernel/futex.c:
UBSAN: Undefined behaviour in kernel/futex.c:2041:18
signed integer overflow:
0 - -2147483648 cannot be represented in type 'int'
Add a sanity check to catch negative values of nr_wake and nr_requeue.
Signed-off-by: Li Jinyue <lijinyue@huawei.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: peterz@infradead.org
Cc: dvhart@infradead.org
Link: https://lkml.kernel.org/r/1513242294-31786-1-git-send-email-lijinyue@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/futex.c | 3 +++
1 file changed, 3 insertions(+)
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -1514,6 +1514,9 @@ static int futex_requeue(u32 __user *uad
struct futex_hash_bucket *hb1, *hb2;
struct futex_q *this, *next;
+ if (nr_wake < 0 || nr_requeue < 0)
+ return -EINVAL;
+
if (requeue_pi) {
/*
* Requeue PI only works on two distinct uaddrs. This
Patches currently in stable-queue which might be from lijinyue@huawei.com are
queue-3.18/futex-prevent-overflow-by-strengthen-input-validation.patch
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2018-01-18 17:56 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-01-18 17:51 Patch "futex: Prevent overflow by strengthen input validation" has been added to the 3.18-stable tree gregkh
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).