ACK/cmnt: [PATCH 1/1] arm: fix handling of F_OFD_... in oabi_fcntl64()
Stefan Bader
stefan.bader at canonical.com
Fri Jun 9 15:15:50 UTC 2017
On 09.06.2017 16:30, Brad Figg wrote:
> From: Al Viro <viro at zeniv.linux.org.uk>
>
> CVE-2015-8966
>
> Cc: stable at vger.kernel.org # 3.15+
> Reviewed-by: Jeff Layton <jeff.layton at primarydata.com>
> Signed-off-by: Al Viro <viro at zeniv.linux.org.uk>
> (backported from commit 76cc404bfdc0d419c720de4daaf2584542734f42 upstream)
> Signed-off-by: Brad Figg <brad.figg at canonical.com>
Though a bit weird that the stable tag said 3.15+ (Trusty is 3.13). Still it
appears applicable.
Acked-by: Stefan Bader <stefan.bader at canonical.com>
> ---
> arch/arm/kernel/sys_oabi-compat.c | 71 ++++++++++++++++++++-------------------
> 1 file changed, 36 insertions(+), 35 deletions(-)
>
> diff --git a/arch/arm/kernel/sys_oabi-compat.c b/arch/arm/kernel/sys_oabi-compat.c
> index 3e94811..20a6f3a 100644
> --- a/arch/arm/kernel/sys_oabi-compat.c
> +++ b/arch/arm/kernel/sys_oabi-compat.c
> @@ -193,52 +193,53 @@ struct oabi_flock64 {
> pid_t l_pid;
> } __attribute__ ((packed,aligned(4)));
>
> -asmlinkage long sys_oabi_fcntl64(unsigned int fd, unsigned int cmd,
> +static long do_locks(unsigned int fd, unsigned int cmd,
> unsigned long arg)
> {
> - struct oabi_flock64 user;
> struct flock64 kernel;
> - mm_segment_t fs = USER_DS; /* initialized to kill a warning */
> - unsigned long local_arg = arg;
> - int ret;
> + struct oabi_flock64 user;
> + mm_segment_t fs;
> + long ret;
>
> - switch (cmd) {
> - case F_GETLK64:
> - case F_SETLK64:
> - case F_SETLKW64:
> - if (copy_from_user(&user, (struct oabi_flock64 __user *)arg,
> - sizeof(user)))
> - return -EFAULT;
> - kernel.l_type = user.l_type;
> - kernel.l_whence = user.l_whence;
> - kernel.l_start = user.l_start;
> - kernel.l_len = user.l_len;
> - kernel.l_pid = user.l_pid;
> - local_arg = (unsigned long)&kernel;
> - fs = get_fs();
> - set_fs(KERNEL_DS);
> - }
> + if (copy_from_user(&user, (struct oabi_flock64 __user *)arg,
> + sizeof(user)))
> + return -EFAULT;
> + kernel.l_type = user.l_type;
> + kernel.l_whence = user.l_whence;
> + kernel.l_start = user.l_start;
> + kernel.l_len = user.l_len;
> + kernel.l_pid = user.l_pid;
>
> - ret = sys_fcntl64(fd, cmd, local_arg);
> + fs = get_fs();
> + set_fs(KERNEL_DS);
> + ret = sys_fcntl64(fd, cmd, (unsigned long)&kernel);
> + set_fs(fs);
>
> + if (!ret && (cmd == F_GETLK64 || cmd == F_OFD_GETLK)) {
> + user.l_type = kernel.l_type;
> + user.l_whence = kernel.l_whence;
> + user.l_start = kernel.l_start;
> + user.l_len = kernel.l_len;
> + user.l_pid = kernel.l_pid;
> + if (copy_to_user((struct oabi_flock64 __user *)arg,
> + &user, sizeof(user)))
> + ret = -EFAULT;
> + }
> + return ret;
> +}
> +
> +asmlinkage long sys_oabi_fcntl64(unsigned int fd, unsigned int cmd,
> + unsigned long arg)
> +{
> switch (cmd) {
> case F_GETLK64:
> - if (!ret) {
> - user.l_type = kernel.l_type;
> - user.l_whence = kernel.l_whence;
> - user.l_start = kernel.l_start;
> - user.l_len = kernel.l_len;
> - user.l_pid = kernel.l_pid;
> - if (copy_to_user((struct oabi_flock64 __user *)arg,
> - &user, sizeof(user)))
> - ret = -EFAULT;
> - }
> case F_SETLK64:
> case F_SETLKW64:
> - set_fs(fs);
> - }
> + return do_locks(fd, cmd, arg);
>
> - return ret;
> + default:
> + return sys_fcntl64(fd, cmd, arg);
> + }
> }
>
> struct oabi_epoll_event {
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20170609/57c65808/attachment.sig>
More information about the kernel-team
mailing list