diff options
Diffstat (limited to 'kernel/futex_compat.c')
| -rw-r--r-- | kernel/futex_compat.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/kernel/futex_compat.c b/kernel/futex_compat.c index a7934ac75e5b..5f9e689dc8f0 100644 --- a/kernel/futex_compat.c +++ b/kernel/futex_compat.c | |||
| @@ -153,10 +153,19 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr, | |||
| 153 | goto err_unlock; | 153 | goto err_unlock; |
| 154 | ret = -EPERM; | 154 | ret = -EPERM; |
| 155 | pcred = __task_cred(p); | 155 | pcred = __task_cred(p); |
| 156 | /* If victim is in different user_ns, then uids are not | ||
| 157 | comparable, so we must have CAP_SYS_PTRACE */ | ||
| 158 | if (cred->user->user_ns != pcred->user->user_ns) { | ||
| 159 | if (!ns_capable(pcred->user->user_ns, CAP_SYS_PTRACE)) | ||
| 160 | goto err_unlock; | ||
| 161 | goto ok; | ||
| 162 | } | ||
| 163 | /* If victim is in same user_ns, then uids are comparable */ | ||
| 156 | if (cred->euid != pcred->euid && | 164 | if (cred->euid != pcred->euid && |
| 157 | cred->euid != pcred->uid && | 165 | cred->euid != pcred->uid && |
| 158 | !capable(CAP_SYS_PTRACE)) | 166 | !ns_capable(pcred->user->user_ns, CAP_SYS_PTRACE)) |
| 159 | goto err_unlock; | 167 | goto err_unlock; |
| 168 | ok: | ||
| 160 | head = p->compat_robust_list; | 169 | head = p->compat_robust_list; |
| 161 | rcu_read_unlock(); | 170 | rcu_read_unlock(); |
| 162 | } | 171 | } |