aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/isdn/act2000
diff options
context:
space:
mode:
authorThomas Gleixner <tglx@linutronix.de>2014-06-03 12:27:06 +0000
committerPaul Kocialkowski <contact@paulk.fr>2014-07-17 16:51:38 +0200
commit8395f2ec35b7a744c8156e5b201e7cc6cb2da18a (patch)
tree9f4c393e5a4b7076688566f9bc2d812edde2b2c1 /drivers/isdn/act2000
parentec44a62d580ca863e13a5f650333a6c778eb8550 (diff)
downloadkernel_samsung_aries-8395f2ec35b7a744c8156e5b201e7cc6cb2da18a.zip
kernel_samsung_aries-8395f2ec35b7a744c8156e5b201e7cc6cb2da18a.tar.gz
kernel_samsung_aries-8395f2ec35b7a744c8156e5b201e7cc6cb2da18a.tar.bz2
futex: Validate atomic acquisition in futex_lock_pi_atomic()
commit b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270 upstream. We need to protect the atomic acquisition in the kernel against rogue user space which sets the user space futex to 0, so the kernel side acquisition succeeds while there is existing state in the kernel associated to the real owner. Verify whether the futex has waiters associated with kernel state. If it has, return -EINVAL. The state is corrupted already, so no point in cleaning it up. Subsequent calls will fail as well. Not our problem. [ tglx: Use futex_top_waiter() and explain why we do not need to try restoring the already corrupted user space state. ] Signed-off-by: Darren Hart <dvhart@linux.intel.com> Cc: Kees Cook <keescook@chromium.org> Cc: Will Drewry <wad@chromium.org> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/isdn/act2000')
0 files changed, 0 insertions, 0 deletions