ACK: [Oneiric CVE 3/3] wake_up_process() should be never used to wakeup a TASK_STOPPED/TRACED task
Colin Ian King
colin.king at canonical.com
Tue Feb 19 16:28:03 UTC 2013
On 19/02/13 14:18, Luis Henriques wrote:
> From: Oleg Nesterov <oleg at redhat.com>
>
> CVE-2013-0871
>
> wake_up_process() should never wakeup a TASK_STOPPED/TRACED task.
> Change it to use TASK_NORMAL and add the WARN_ON().
>
> TASK_ALL has no other users, probably can be killed.
>
> Signed-off-by: Oleg Nesterov <oleg at redhat.com>
> Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
> (backported from commit 9067ac85d533651b98c2ff903182a20cbb361fcb)
>
> Conflicts:
> kernel/sched/core.c
>
> Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
> ---
> kernel/sched.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/kernel/sched.c b/kernel/sched.c
> index a46fabe..3ca4a92 100644
> --- a/kernel/sched.c
> +++ b/kernel/sched.c
> @@ -2778,7 +2778,8 @@ out:
> */
> int wake_up_process(struct task_struct *p)
> {
> - return try_to_wake_up(p, TASK_ALL, 0);
> + WARN_ON(task_is_stopped_or_traced(p));
> + return try_to_wake_up(p, TASK_NORMAL, 0);
> }
> EXPORT_SYMBOL(wake_up_process);
>
>
Acked-by: Colin Ian King <colin.king at canonical.com>
More information about the kernel-team
mailing list