diff options
author | Thomas Gleixner <tglx@linutronix.de> | 2014-05-12 22:45:35 +0200 |
---|---|---|
committer | Thomas Gleixner <tglx@linutronix.de> | 2014-05-19 14:18:49 +0200 |
commit | f0d71b3dcb8332f7971b5f2363632573e6d9486a (patch) | |
tree | 115d8f0d90dfd28a97dcf8f9861151261e6d8848 /crypto | |
parent | futex: Add another early deadlock detection check (diff) | |
download | linux-f0d71b3dcb8332f7971b5f2363632573e6d9486a.tar.xz linux-f0d71b3dcb8332f7971b5f2363632573e6d9486a.zip |
futex: Prevent attaching to kernel threads
We happily allow userspace to declare a random kernel thread to be the
owner of a user space PI futex.
Found while analysing the fallout of Dave Jones syscall fuzzer.
We also should validate the thread group for private futexes and find
some fast way to validate whether the "alleged" owner has RW access on
the file which backs the SHM, but that's a separate issue.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Dave Jones <davej@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Darren Hart <darren@dvhart.com>
Cc: Davidlohr Bueso <davidlohr@hp.com>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Clark Williams <williams@redhat.com>
Cc: Paul McKenney <paulmck@linux.vnet.ibm.com>
Cc: Lai Jiangshan <laijs@cn.fujitsu.com>
Cc: Roland McGrath <roland@hack.frob.com>
Cc: Carlos ODonell <carlos@redhat.com>
Cc: Jakub Jelinek <jakub@redhat.com>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Link: http://lkml.kernel.org/r/20140512201701.194824402@linutronix.de
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Diffstat (limited to 'crypto')
0 files changed, 0 insertions, 0 deletions