Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

futex: Validate futex value against futex size

Ensure the futex value fits in the given futex size. Since this adds a
constraint to an existing syscall, it might possibly change behaviour.

Currently the value would be truncated to a u32 and any high bits
would get silently lost.

Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lore.kernel.org/r/20230921105247.828934099@noisy.programming.kicks-ass.net

+13
+10
kernel/futex/futex.h
··· 85 85 return true; 86 86 } 87 87 88 + static inline bool futex_validate_input(unsigned int flags, u64 val) 89 + { 90 + int bits = 8 * futex_size(flags); 91 + 92 + if (bits < 64 && (val >> bits)) 93 + return false; 94 + 95 + return true; 96 + } 97 + 88 98 #ifdef CONFIG_FAIL_FUTEX 89 99 extern bool should_fail_futex(bool fshared); 90 100 #else
+3
kernel/futex/syscalls.c
··· 209 209 if (!futex_flags_valid(flags)) 210 210 return -EINVAL; 211 211 212 + if (!futex_validate_input(flags, aux.val)) 213 + return -EINVAL; 214 + 212 215 futexv[i].w.flags = flags; 213 216 futexv[i].w.val = aux.val; 214 217 futexv[i].w.uaddr = aux.uaddr;