linux(4): Prevent an endless loop.

In the futex_atomic_op() the encoded_op is a user-supplied parameter. If the user specifies an incorrect value for this parameter paired with a valid *uaddr parameter the caller will go into the endless loop. To prevent this check futex_atomic_op() result and break the loop in case of ENOSYS. MFC after: 2 weeks
2021-07-20 14:40:08 +03:00 · 2021-07-20 14:40:08 +03:00 · ef4251e271
commit ef4251e271
parent 80b8d6b144
1 changed files with 2 additions and 0 deletions
--- a/sys/compat/linux/linux_futex.c
+++ b/sys/compat/linux/linux_futex.c
@ -845,6 +845,8 @@ retry:
 		if (f2 != NULL)
 			futex_put(f2, NULL);
 		futex_put(f, NULL);
+		if (op_ret == -ENOSYS)
+			return (ENOSYS);
 		error = copyin(args->uaddr2, &val, sizeof(val));
 		if (error == 0)
 			goto retry;