[Lucid CVE 4/4] wake_up_process() should be never used to wakeup a TASK_STOPPED/TRACED task

Luis Henriques luis.henriques at canonical.com
Tue Feb 19 17:31:10 UTC 2013


From: Oleg Nesterov <oleg at redhat.com>

CVE-2013-0871

BugLink: http://bugs.launchpad.net/bugs/1129192

wake_up_process() should never wakeup a TASK_STOPPED/TRACED task.
Change it to use TASK_NORMAL and add the WARN_ON().

TASK_ALL has no other users, probably can be killed.

Signed-off-by: Oleg Nesterov <oleg at redhat.com>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
(backported from commit 9067ac85d533651b98c2ff903182a20cbb361fcb)

Conflicts:
	kernel/sched/core.c

Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
---
 kernel/sched.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/kernel/sched.c b/kernel/sched.c
index 90c998f..22289ea 100644
--- a/kernel/sched.c
+++ b/kernel/sched.c
@@ -2618,7 +2618,8 @@ out:
  */
 int wake_up_process(struct task_struct *p)
 {
-	return try_to_wake_up(p, TASK_ALL, 0);
+	WARN_ON(task_is_stopped_or_traced(p));
+	return try_to_wake_up(p, TASK_NORMAL, 0);
 }
 EXPORT_SYMBOL(wake_up_process);
 
-- 
1.8.1.2




More information about the kernel-team mailing list