waitid(): Avoid unbalanced user_access_end() on access_ok() error

As pointed out by Linus and David, the earlier waitid() fix resulted in a (currently harmless) unbalanced user_access_end() call. This fixes it to just directly return EFAULT on access_ok() failure. Fixes: 96ca579a1ecc ("waitid(): Add missing access_ok() checks") Acked-by: David Daney <david.daney@cavium.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Kees Cook <keescook@chromium.org> 2017-10-20 10:36:05 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2017-10-20 15:32:54 -0400
commit: 1c9fec470b81ca5e89391c20a11ead31a1e9314b (patch)
tree: 9a63ad70ff0ae15e6809cc916dac18577b0c0285
parent: 9a27ded2195aaec2041ed2525ba7f373c60920c7 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/kernel/exit.c b/kernel/exit.c
index cf28528842bc..f6cad39f35df 100644
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -1611,7 +1611,7 @@ SYSCALL_DEFINE5(waitid, int, which, pid_t, upid, struct siginfo __user *,
                return err;
        if (!access_ok(VERIFY_WRITE, infop, sizeof(*infop)))
-                goto Efault;
+                return -EFAULT;
        user_access_begin();
        unsafe_put_user(signo, &infop->si_signo, Efault);
@@ -1739,7 +1739,7 @@ COMPAT_SYSCALL_DEFINE5(waitid,
                return err;
        if (!access_ok(VERIFY_WRITE, infop, sizeof(*infop)))
-                goto Efault;
+                return -EFAULT;
        user_access_begin();
        unsafe_put_user(signo, &infop->si_signo, Efault);
author	Kees Cook <keescook@chromium.org>	2017-10-20 10:36:05 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2017-10-20 15:32:54 -0400
commit	1c9fec470b81ca5e89391c20a11ead31a1e9314b (patch)
tree	9a63ad70ff0ae15e6809cc916dac18577b0c0285
parent	9a27ded2195aaec2041ed2525ba7f373c60920c7 (diff)

diff --git a/kernel/exit.c b/kernel/exit.c index cf28528842bc..f6cad39f35df 100644 --- a/kernel/exit.c +++ b/kernel/exit.c
@@ -1611,7 +1611,7 @@ SYSCALL_DEFINE5(waitid, int, which, pid_t, upid, struct siginfo __user *,
1611	return err;	1611	return err;
1612		1612
1613	if (!access_ok(VERIFY_WRITE, infop, sizeof(*infop)))	1613	if (!access_ok(VERIFY_WRITE, infop, sizeof(*infop)))
1614	goto Efault;	1614	return -EFAULT;
1615		1615
1616	user_access_begin();	1616	user_access_begin();
1617	unsafe_put_user(signo, &infop->si_signo, Efault);	1617	unsafe_put_user(signo, &infop->si_signo, Efault);
@@ -1739,7 +1739,7 @@ COMPAT_SYSCALL_DEFINE5(waitid,
1739	return err;	1739	return err;
1740		1740
1741	if (!access_ok(VERIFY_WRITE, infop, sizeof(*infop)))	1741	if (!access_ok(VERIFY_WRITE, infop, sizeof(*infop)))
1742	goto Efault;	1742	return -EFAULT;
1743		1743
1744	user_access_begin();	1744	user_access_begin();
1745	unsafe_put_user(signo, &infop->si_signo, Efault);	1745	unsafe_put_user(signo, &infop->si_signo, Efault);