diff options
| author | Jan Kiszka <jan.kiszka@siemens.com> | 2012-05-10 09:04:36 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-05-10 11:58:33 -0400 |
| commit | b7dafa0ef3145c31d7753be0a08b3cbda51f0209 (patch) | |
| tree | 9beb3c3fcd8b5439ee24c0f3e1eb0c78e897fb2f /kernel/compat.c | |
| parent | 7ee94d97aafacf5a019b3578e0eae6daa2e2bcd5 (diff) | |
compat: Fix RT signal mask corruption via sigprocmask
compat_sys_sigprocmask reads a smaller signal mask from userspace than
sigprogmask accepts for setting. So the high word of blocked.sig[0]
will be cleared, releasing any potentially blocked RT signal.
This was discovered via userspace code that relies on get/setcontext.
glibc's i386 versions of those functions use sigprogmask instead of
rt_sigprogmask to save/restore signal mask and caused RT signal
unblocking this way.
As suggested by Linus, this replaces the sys_sigprocmask based compat
version with one that open-codes the required logic, including the merge
of the existing blocked set with the new one provided on SIG_SETMASK.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'kernel/compat.c')
| -rw-r--r-- | kernel/compat.c | 63 |
1 files changed, 46 insertions, 17 deletions
diff --git a/kernel/compat.c b/kernel/compat.c index 74ff8498809a..d2c67aa49ae6 100644 --- a/kernel/compat.c +++ b/kernel/compat.c | |||
| @@ -372,25 +372,54 @@ asmlinkage long compat_sys_sigpending(compat_old_sigset_t __user *set) | |||
| 372 | 372 | ||
| 373 | #ifdef __ARCH_WANT_SYS_SIGPROCMASK | 373 | #ifdef __ARCH_WANT_SYS_SIGPROCMASK |
| 374 | 374 | ||
| 375 | asmlinkage long compat_sys_sigprocmask(int how, compat_old_sigset_t __user *set, | 375 | /* |
| 376 | compat_old_sigset_t __user *oset) | 376 | * sys_sigprocmask SIG_SETMASK sets the first (compat) word of the |
| 377 | * blocked set of signals to the supplied signal set | ||
| 378 | */ | ||
| 379 | static inline void compat_sig_setmask(sigset_t *blocked, compat_sigset_word set) | ||
| 377 | { | 380 | { |
| 378 | old_sigset_t s; | 381 | memcpy(blocked->sig, &set, sizeof(set)); |
| 379 | long ret; | 382 | } |
| 380 | mm_segment_t old_fs; | ||
| 381 | 383 | ||
| 382 | if (set && get_user(s, set)) | 384 | asmlinkage long compat_sys_sigprocmask(int how, |
| 383 | return -EFAULT; | 385 | compat_old_sigset_t __user *nset, |
| 384 | old_fs = get_fs(); | 386 | compat_old_sigset_t __user *oset) |
| 385 | set_fs(KERNEL_DS); | 387 | { |
| 386 | ret = sys_sigprocmask(how, | 388 | old_sigset_t old_set, new_set; |
| 387 | set ? (old_sigset_t __user *) &s : NULL, | 389 | sigset_t new_blocked; |
| 388 | oset ? (old_sigset_t __user *) &s : NULL); | 390 | |
| 389 | set_fs(old_fs); | 391 | old_set = current->blocked.sig[0]; |
| 390 | if (ret == 0) | 392 | |
| 391 | if (oset) | 393 | if (nset) { |
| 392 | ret = put_user(s, oset); | 394 | if (get_user(new_set, nset)) |
| 393 | return ret; | 395 | return -EFAULT; |
| 396 | new_set &= ~(sigmask(SIGKILL) | sigmask(SIGSTOP)); | ||
| 397 | |||
| 398 | new_blocked = current->blocked; | ||
| 399 | |||
| 400 | switch (how) { | ||
| 401 | case SIG_BLOCK: | ||
| 402 | sigaddsetmask(&new_blocked, new_set); | ||
| 403 | break; | ||
| 404 | case SIG_UNBLOCK: | ||
| 405 | sigdelsetmask(&new_blocked, new_set); | ||
| 406 | break; | ||
| 407 | case SIG_SETMASK: | ||
| 408 | compat_sig_setmask(&new_blocked, new_set); | ||
| 409 | break; | ||
| 410 | default: | ||
| 411 | return -EINVAL; | ||
| 412 | } | ||
| 413 | |||
| 414 | set_current_blocked(&new_blocked); | ||
| 415 | } | ||
| 416 | |||
| 417 | if (oset) { | ||
| 418 | if (put_user(old_set, oset)) | ||
| 419 | return -EFAULT; | ||
| 420 | } | ||
| 421 | |||
| 422 | return 0; | ||
| 394 | } | 423 | } |
| 395 | 424 | ||
| 396 | #endif | 425 | #endif |