mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-10-01 01:35:54 -04:00
45 lines
1.5 KiB
Diff
45 lines
1.5 KiB
Diff
From 4efbc454ba68def5ef285b26ebfcfdb605b52755 Mon Sep 17 00:00:00 2001
|
|
From: Vegard Nossum <vegard.nossum@oracle.com>
|
|
Date: Sun, 16 Feb 2014 22:24:17 +0100
|
|
Subject: sched: Fix information leak in sys_sched_getattr()
|
|
|
|
We're copying the on-stack structure to userspace, but forgot to give
|
|
the right number of bytes to copy. This allows the calling process to
|
|
obtain up to PAGE_SIZE bytes from the stack (and possibly adjacent
|
|
kernel memory).
|
|
|
|
This fix copies only as much as we actually have on the stack
|
|
(attr->size defaults to the size of the struct) and leaves the rest of
|
|
the userspace-provided buffer untouched.
|
|
|
|
Found using kmemcheck + trinity.
|
|
|
|
Fixes: d50dde5a10f30 ("sched: Add new scheduler syscalls to support an extended scheduling parameters ABI")
|
|
Cc: Dario Faggioli <raistlin@linux.it>
|
|
Cc: Juri Lelli <juri.lelli@gmail.com>
|
|
Cc: Ingo Molnar <mingo@kernel.org>
|
|
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
|
|
Signed-off-by: Peter Zijlstra <peterz@infradead.org>
|
|
Link: http://lkml.kernel.org/r/1392585857-10725-1-git-send-email-vegard.nossum@oracle.com
|
|
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|
---
|
|
kernel/sched/core.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
|
|
index 33d030a..a6e7470 100644
|
|
--- a/kernel/sched/core.c
|
|
+++ b/kernel/sched/core.c
|
|
@@ -3786,7 +3786,7 @@ static int sched_read_attr(struct sched_attr __user *uattr,
|
|
attr->size = usize;
|
|
}
|
|
|
|
- ret = copy_to_user(uattr, attr, usize);
|
|
+ ret = copy_to_user(uattr, attr, attr->size);
|
|
if (ret)
|
|
return -EFAULT;
|
|
|
|
--
|
|
cgit v1.1
|
|
|