diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2017-09-29 19:43:15 +0200 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2017-09-29 19:43:15 +0200 |
commit | 6c85501f2fabcfc4fc6ed976543d252c4eaf4be9 (patch) | |
tree | 7ae62970c63295669f955f60b78dbada3e564d30 /block/mq-deadline.c | |
parent | fix a typo in put_compat_shm_info() (diff) | |
download | linux-6c85501f2fabcfc4fc6ed976543d252c4eaf4be9.tar.xz linux-6c85501f2fabcfc4fc6ed976543d252c4eaf4be9.zip |
fix infoleak in waitid(2)
kernel_waitid() can return a PID, an error or 0. rusage is filled in the first
case and waitid(2) rusage should've been copied out exactly in that case, *not*
whenever kernel_waitid() has not returned an error. Compat variant shares that
braino; none of kernel_wait4() callers do, so the below ought to fix it.
Reported-and-tested-by: Alexander Potapenko <glider@google.com>
Fixes: ce72a16fa705 ("wait4(2)/waitid(2): separate copying rusage to userland")
Cc: stable@vger.kernel.org # v4.13
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'block/mq-deadline.c')
0 files changed, 0 insertions, 0 deletions